Malware Analysis Report

2025-08-11 06:05

Sample ID 240222-wt6y9ade7t
Target Badlion Client Setup 4.0.1.exe
SHA256 20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67

Threat Level: Likely malicious

The file Badlion Client Setup 4.0.1.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery

Drops file in Drivers directory

Checks computer location settings

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Modifies registry class

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 18:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

144s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Drivers\etc\hosts C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
File opened for modification C:\Windows\System32\Drivers\etc\hosts C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\DefaultIcon C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell\open\command C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\DefaultIcon C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell\open C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{7101ECA6-F598-4363-A199-2323224730F0} C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\URL Protocol C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\shell\open\command C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669\URL Protocol C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\discord-418076578333851669 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{42E69D8D-E9FD-4272-906B-F36B9779C82E} C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c000000010000000400000000080000040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f19000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4468 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 4468 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 4468 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 4576 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4576 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4576 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4576 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4576 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4576 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3396 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5836 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5836 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5848 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5848 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 7740 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
PID 3396 wrote to memory of 6512 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3396 wrote to memory of 6512 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3396 wrote to memory of 6216 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe
PID 3396 wrote to memory of 6216 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe
PID 3396 wrote to memory of 6216 N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe
PID 6216 wrote to memory of 8152 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe C:\Windows\SysWOW64\cmd.exe
PID 6216 wrote to memory of 8152 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe"

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2636,4744703692671817781,8436408107368660864,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3204 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2636,4744703692671817781,8436408107368660864,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2636,4744703692671817781,8436408107368660864,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2636,4744703692671817781,8436408107368660864,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2644 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2636,4744703692671817781,8436408107368660864,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=4100 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x418 0x498

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.1.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe

"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe" --updated /S --force-run

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Badlion Client.exe" /fi "PID ne 6216" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 6216" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 6216" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "Badlion Client.exe" /fi "PID ne 6216" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --updated

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2444,17222176740158950406,6335683766017196259,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2444,17222176740158950406,6335683766017196259,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2868 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2444,17222176740158950406,6335683766017196259,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2444,17222176740158950406,6335683766017196259,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2444,17222176740158950406,6335683766017196259,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3740 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 82.192.122.92.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 launchermessenger.badlion.net udp
US 18.233.61.217:443 launchermessenger.badlion.net tcp
US 8.8.8.8:53 217.61.233.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.rollbar.com udp
DE 52.222.191.53:443 cdn.rollbar.com tcp
DE 52.222.191.53:443 cdn.rollbar.com tcp
US 8.8.8.8:53 owlmessenger.badlion.net udp
US 104.17.87.49:443 owlmessenger.badlion.net tcp
US 104.17.87.49:443 owlmessenger.badlion.net tcp
US 8.8.8.8:53 53.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 client-updates.badlion.net udp
US 104.17.87.49:443 client-updates.badlion.net tcp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 49.87.17.104.in-addr.arpa udp
US 104.17.87.49:443 client-updates.badlion.net udp
US 104.17.87.49:443 client-updates.badlion.net tcp
US 104.17.87.49:443 client-updates.badlion.net udp
US 8.8.8.8:53 api.rollbar.com udp
US 35.201.81.77:443 api.rollbar.com tcp
US 35.201.81.77:443 api.rollbar.com tcp
US 8.8.8.8:53 assets.badlion.net udp
US 104.17.87.49:443 assets.badlion.net tcp
US 8.8.8.8:53 77.81.201.35.in-addr.arpa udp
US 104.17.87.49:443 assets.badlion.net tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:53 65.179.17.96.in-addr.arpa udp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:53 launchermessenger.badlion.net udp
US 18.233.61.217:443 launchermessenger.badlion.net tcp
US 8.8.8.8:53 cdn.rollbar.com udp
DE 52.222.191.129:443 cdn.rollbar.com tcp
DE 52.222.191.129:443 cdn.rollbar.com tcp
US 8.8.8.8:53 owlmessenger.badlion.net udp
US 8.8.8.8:53 client-updates.badlion.net udp
US 104.17.87.49:443 client-updates.badlion.net tcp
US 8.8.8.8:53 129.191.222.52.in-addr.arpa udp
US 104.17.87.49:443 client-updates.badlion.net udp
US 8.8.8.8:53 java-updates.badlion.net udp
US 104.17.87.49:443 java-updates.badlion.net tcp
US 104.17.87.49:443 java-updates.badlion.net tcp
US 104.17.87.49:443 java-updates.badlion.net tcp
US 104.17.87.49:443 java-updates.badlion.net tcp
US 8.8.8.8:53 assets.badlion.net udp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net udp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 104.17.87.49:443 assets.badlion.net tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\nsDialogs.dll

MD5 466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 eb607467009074278e4bd50c7eab400e95ae48f7
SHA256 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
SHA512 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\lz4-java.license.txt

MD5 0ba5044c64ef53cb0189c9546081e228
SHA1 c8bc7df08db9dd3b39c2c2259a163a36cf2f6808
SHA256 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e
SHA512 a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\notoseriftc.font.license.txt

MD5 bec6f772ed2e38634da53c388c30437d
SHA1 43513d1f6a1329962106efc212457e1d6ef9e980
SHA256 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb
SHA512 de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6

C:\Users\Admin\AppData\Local\Programs\Badlion Client\api-ms-win-core-console-l1-1-0.dll

MD5 3463d82d90601b441cf024c92abe4acc
SHA1 eac8fdafccbc1beb17386552922770bfe12ec1eb
SHA256 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
SHA512 ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll

MD5 ac3c4cafa028297da5037781f1156220
SHA1 937c2b11c7fe4effc16e67af716563aee2419a0f
SHA256 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
SHA512 a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll

MD5 8c0531639f58f79b5b67b52edebb01bd
SHA1 866f3ca8819440e0ba67eb935e688509f86ce1e3
SHA256 a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
SHA512 d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll

MD5 72d542226f067dae07562fd093b0f5f0
SHA1 c0f7f85753bb351c51dd8e36ca2366a3b24c73ba
SHA256 e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6
SHA512 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll

MD5 3b620d81c727a8aba6dc6895af695d35
SHA1 21641bc6c802d0ada3121d14c2a8de4e708c74bc
SHA256 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0
SHA512 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll

MD5 285e3257c5a12d3384cd3f5a3ae941b2
SHA1 c05f6a72b73bc7ec8409ed42ccd947f501da0166
SHA256 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb
SHA512 f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll

MD5 4215700161720c767e725b1f7fc358ab
SHA1 6e31fa39775c1c6c60fe8869761c31148b0a8019
SHA256 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
SHA512 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 2a3c5cbe313f4105dce8a79f533e5959
SHA1 26e6768280c83217ccbe36f3a405381defec12b9
SHA256 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
SHA512 e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll

MD5 55902b92bbbca7a2d11a946297f583e6
SHA1 b6158f009d98a98ed2e56d377f9c4b6323b852fc
SHA256 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98
SHA512 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d6db1a6b5087a82e766fe7e9f818c135
SHA1 d786b2d8ab10edf0e893fcfbf52b03bceb15f53a
SHA256 f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d
SHA512 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll

MD5 2ca477f1799fc97d6bd05437bdfd0017
SHA1 31feb0b42e9237cddc5e47c3f4a076de86ca600e
SHA256 e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227
SHA512 c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll

MD5 d54e0da17090c6911db3fd0770faf91e
SHA1 5538096f53b4160ef2e91987d57d2da0ddb9b6ba
SHA256 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618
SHA512 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll

MD5 8fc176a3a6550f90e73d6da8445e8780
SHA1 5d249243678a789ce56037d0d1b36420d97dce06
SHA256 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467
SHA512 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 ef80685a812d9c252de35fc9b38bad11
SHA1 c641bf0f41d0617b25aa20d63b033236ad3133ac
SHA256 e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0
SHA512 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 27a8f9e71a2f2d134c55de62fad6cf0e
SHA1 b60944dbf9a50a166b71fbc58305c3d559c4157f
SHA256 a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d
SHA512 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll

MD5 ed69bc0f310c5ce427e25973a0a52c31
SHA1 0bd1683418c952490f6a791a044b5840f5dc90b5
SHA256 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01
SHA512 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll

MD5 46361d1f7b60b86f128f4e23c95cc3e6
SHA1 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994
SHA256 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310
SHA512 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 210b0178e7aca6b9444e2d10ac6ee054
SHA1 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3
SHA256 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906
SHA512 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d2eeb9f6789213bfda7fe6bcb2a1540a
SHA1 c330267c8abd56c04204deee9aabd566268daf97
SHA256 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971
SHA512 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll

MD5 7f8e52ff5a64d2d471413e288a591866
SHA1 cefad6219c916307e0bf7ef1382512c2cd4c2d5f
SHA256 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb
SHA512 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll

MD5 599025b219fb4f70b3f93eb0d4d12bb1
SHA1 c1ceab162231476cfa9aa35a54400f3d959369bb
SHA256 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8
SHA512 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll

MD5 8f469c5b261e003ed991f570aea8f29f
SHA1 848046907a02d605d53a31748d8dcca18d11259b
SHA256 ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6
SHA512 f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 f58fd490561921c154c31c05bbb63a3e
SHA1 d5f009e7cbb070b35ed81acd68710716bf971b7a
SHA256 bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff
SHA512 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll

MD5 e0b524ff31e7c651eee7d83b1c7cc2d5
SHA1 d29f001b843e452cae91a2d01ef338373fb24763
SHA256 b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6
SHA512 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll

MD5 89abe10555d85e9bd183fae2c37d7aaa
SHA1 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a
SHA256 d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2
SHA512 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll

MD5 66a41a8156a7f9cae4a7977cb8084fa7
SHA1 4c72b0d8c90daf993fa0371269af04703a81fe4d
SHA256 a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b
SHA512 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll

MD5 d2de2615f123ce2bed3332d505a99385
SHA1 9f2ea75348020d271222fff7984c8ef21aee460e
SHA256 da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9
SHA512 a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll

MD5 f2d0493794b45c6a2629fc9c5c80f832
SHA1 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8
SHA256 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507
SHA512 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 7dbc1ca1f1103cd971a67709d5203dbd
SHA1 717e689b96a5d029558e7cb663d5c7cda840b780
SHA256 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1
SHA512 ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll

MD5 514a74d1050e7bdcbb1f422fb571c351
SHA1 5a82976e2456fe3f215316a85301460c6af389d7
SHA256 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a
SHA512 f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll

MD5 21f5271a151394a654b2f1c44fc44049
SHA1 1d2f98700ee87fc747b230b908fea133b730bf0a
SHA256 a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822
SHA512 cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll

MD5 dedf6460cb6fc8229b3e889d1b32f75e
SHA1 f47e35654cb90ed4505ba49a92b2fdc661c0fe8a
SHA256 bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb
SHA512 b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 3e4803f97b89adbaa575b45aac0dd4b8
SHA1 d810ed1486f86494828a8cd96f774881a629b652
SHA256 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da
SHA512 b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll

MD5 3d2b4445b9fafaa0e13ae0e126be2669
SHA1 3b24c99469ef9a35bf720e711a0b022f2403be22
SHA256 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398
SHA512 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll

MD5 f862bd9516845b31973ba98e9f1288b3
SHA1 ada580fc93b4f5a86db92e1d612293ccc21c72f9
SHA256 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1
SHA512 bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll

MD5 88b5f9bc871438973ef12782e0c8d12f
SHA1 d327208b4f26c1c6f0e9df50ecb22a89b426465d
SHA256 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b
SHA512 d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll

MD5 dec83f473e43ee78e92a4b682a9a7904
SHA1 ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3
SHA256 a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b
SHA512 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6856722db8c9e3dbb7fc62938ad2cf1e
SHA1 6d1aa306d7793916adb30e9aac451b2e43516abe
SHA256 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086
SHA512 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll

MD5 90d42fdf308dfd771797dd41585d3baf
SHA1 daea1f05092de97ea558de14b4e112ad48b77726
SHA256 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe
SHA512 e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll

MD5 9975d1ae7b84b373d9095d757172ec08
SHA1 302edb92e0a6ee621379528fbef9dfcc249b9285
SHA256 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584
SHA512 fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\Badlion Client.exe

MD5 10c5e5dfa1362518c984fde816a6d84d
SHA1 428b05718075ae62c7775c433c64978cedb3b196
SHA256 ecefe3a04efb3957c337e8311af5587b6e0f2706050db07f1ce32b1dfb545d40
SHA512 7c2906003d0470936d2807f1603e8f9600fa562b1839bdc271fa93b1d7f8095ff43599697d7adc687ef3a75a7f3ddab6292016986a574d7e4ce4ec6cc5f490cd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\d3dcompiler_47.dll

MD5 a23c718375a5520c34a75aa758a51842
SHA1 a630761ef71d4502ba1869617bd9e04ed50b3f66
SHA256 06354aa758ce608235355c4be2866225b7c4b9acf47479973dfb885711aa4617
SHA512 828cd191d632d4a7e39af738455f14ed45ca05ef88cc320b86a065ea2eddc8f0c28450e94a894a3ab018345ad89f76c25a1e7e36e7360eace4d33ed6b56da20b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\discord-rpc.dll

MD5 5882c37b79bae47a0d090006564edb22
SHA1 ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48
SHA256 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b
SHA512 d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\concrt140.dll

MD5 14b7a99127ca18df05dd1f5be3ac0245
SHA1 991891bb1ea603a002941696697f48cfe52cf94b
SHA256 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995
SHA512 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\ffmpeg.dll

MD5 748e6ff37f7d2519f523653c319d340b
SHA1 e0675abf859d16a09c76a59937b9624c60be620c
SHA256 ee6be050ba0c0fe38fe8b8ff6e6ca2d3cc4e5cc97219c0b07722c704b5a5753b
SHA512 037f4bf6bda0745534da82f4b2da87210c89d60e1ab508724316c29958ed24e5a3534569bcd07d99cbc7f01aae3adb603c05b58e7e24e3fe2ea4c6169064e5ef

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\ffmpeg.exe

MD5 666d76b63a7490d6bc6ab48c41b29e7f
SHA1 ce907ba613b79cf3da3dd36cb6045f9077225230
SHA256 15bdb5898cf4b33493f26a331f941649c7a4671a6543c9105f66c8337997e50d
SHA512 6ee1b5fc97b7842528515c7977cd12a5d7a9ece51072591cccb3c355bdbca00b327b100420fdd0ef6883ef7dc86f247e2a459b3aa1a95efaa531e80db4dffb14

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libEGL.dll

MD5 1ed91477a02e0e2a64e5e9f26bcea438
SHA1 8058c2bd3342d8d882768188b1e5c45567a8dde9
SHA256 a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03
SHA512 c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libeay32.dll

MD5 fb252123bc25cf758853ed78ccabe45b
SHA1 b17ff2491303123a93045d4a9c20f43b8093b67c
SHA256 3237d7726ff82ae2f00550e7205816dd89f864c944dc9b98008e961db765cd5a
SHA512 bd47dd86e996693ec5cccacad537dee5a4d2e9146eb1493efb9effde6e95af3a516ba9059dc9b33101450107404e8f588feff30a5daf7c32cfab7ddde3673538

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\icudtl.dat

MD5 05839899917a4ba9a7a5bc809f275663
SHA1 8fbfd061277b9b41b671d69caf4d714f8140d2e3
SHA256 fe3ca3ab71df8fd35d8f0a91d25833bd2dd2e25a2370bc7c12e4bd5a057004fa
SHA512 7f9cf36443782394d6b9e737b2ce7debfc652ce4a23cf34acc92f661034800817b19550f2ae67585d99c68dda7cee1315d3e018b5713babb588d53b2419c5b9c

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libGLESv2.dll

MD5 2f46088995c09a3846ffa3b8847a0d60
SHA1 03df46bf1435a0ad30cd6625f8c020ff9397f942
SHA256 1bd2693d306ce6333e83bb09fb40e10978e8acc40a20cf4e7ce66ddb2b70f140
SHA512 2a48b31c30c6db1692129f20b3d6ad7cd65e077a565d984408620547f734d452559a9a32ba43689f4654dc10b7063ae643844a57b747f7df8233395578c00bc3

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\vcruntime140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\vccorlib140.dll

MD5 3d8e0ebbb613cbe80320a61259d18514
SHA1 a69747866b33159ee14eecc9ac19a0ad1f1db4e5
SHA256 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6
SHA512 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\VMProtectSDK64.dll

MD5 6540242ff58d08c8849268cf305445b8
SHA1 ba0d0c8875ed96f137dcb28aeff873373b994eee
SHA256 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
SHA512 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\VMProtectSDK32.dll

MD5 7e25b184803368b32d8dd9599b739333
SHA1 cf0fee71175166a9091d9afb2c4472fb2149ff6d
SHA256 604f24089b65ffcb0f2bb6a39baca34ce4432215c3ccc88884104ad7282290b1
SHA512 3b0fdd1d32c521d4f5642c4f10cc24616c4123588e7fadee83aefd47784a978e4172cd67a8edb00751b0cd14bd3eedd58e200ae023c34e6b3f510d184100c3b0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\vk_swiftshader.dll

MD5 249a450d1539ace0fb09d2bf7a4346df
SHA1 65c843572baa44e6839d1fb93c9e27f04424efdc
SHA256 9162bd80c5e929d2851fe043879cf71497dd0a9192ac3bf6e2a811ce203de867
SHA512 905b9ddab5b872ea0d09697b9b549de72450329c6e87a21bf5446973cddaddbba3adacf20f4884bc39208e16eafc0ac464b7c19982501e05284ba0494a31cc5b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\zlib.dll

MD5 d48c270acab962aac5d222abee92c39f
SHA1 b23f9b747d859856fcad94652ebd07284fbd33c4
SHA256 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c
SHA512 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\col_resize.cur

MD5 23633a8dfa3548705f28c83ee9584d6d
SHA1 be5dd224d071d965bc0411206cadf9b33ddb384f
SHA256 d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0
SHA512 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\hand_grabbing.cur

MD5 8605cf2c21985f59d2480da72aebe3aa
SHA1 1b8137afa3dd66c23af9e40e75339d2f0174aff2
SHA256 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a
SHA512 fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\zoom_out.png

MD5 e1a004a51cb04c38f49184333a23379f
SHA1 5b54adccfebbfe4bb96502db5370c1ab830c829d
SHA256 e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814
SHA512 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\zoom_out.cur

MD5 48b46c3e0650d525e715cf9cfa6c67e5
SHA1 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a
SHA256 f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536
SHA512 e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\zoom_in.png

MD5 6a5fbd95c627afe076f43f9254dfe3ed
SHA1 f71cab57e9e80ba792f73f363056f6dede7c8bcd
SHA256 e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522
SHA512 cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\zoom_in.cur

MD5 77492cf358d8b12629399322926c93f2
SHA1 8291ac3dad4e4f33183ccdfad7b92b1594c760f9
SHA256 eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872
SHA512 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\row_resize.png

MD5 cd9d05d1ce7c942af1ab5e6eafd0a13c
SHA1 d3dc6b0df04e3c6bcf6166984e3738a7651284ff
SHA256 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f
SHA512 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\row_resize.cur

MD5 70618f41c70238453a7d876bac5ab501
SHA1 bbf033428d8cf562ac3347440848b1b3ed1b65a2
SHA256 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04
SHA512 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\move_drop.cur

MD5 63942f237ac6b11d62adf014d2cbdfbb
SHA1 f8b582c7d8edf28c2637d5f0f27f2586cc92bce8
SHA256 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e
SHA512 e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libs\disruptor-3.4.2.jar

MD5 6895a3c4f54cf92eef6530e9e2cd3c46
SHA1 e2543a63086b4189fbe418d05d56633bc1a815f7
SHA256 f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
SHA512 da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\autofriend.license.txt

MD5 318bceaa1151b1b6bffabad8dae01498
SHA1 c776fc09a2e25058149deb3bfa163c0053860a90
SHA256 ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88
SHA512 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\lunatriuscore.license.txt

MD5 ee99c1f26cd4e6a2bda84ac34b9ff861
SHA1 0327523304d63b6addb96ba18abb6c47a3fd684c
SHA256 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22
SHA512 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\licenses.txt

MD5 4a9c8bbed40470a9ffb7db1d63bbcb9c
SHA1 88a83ce9d6734d54139ee7cbfab63253cb73b415
SHA256 c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f
SHA512 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\licenses.dependencies.txt

MD5 2053245129c2910e9a1a854dcf69ece1
SHA1 294462e57e57fc416d28ef2ced053f97465e3fc1
SHA256 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943
SHA512 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\freetype.license.txt

MD5 02891d3fb5adadff2546b4279649112b
SHA1 1b299099e16ad96ebf53e67391685d9d0a51b368
SHA256 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b
SHA512 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\freetype-jni.license.txt

MD5 5db6495b17d58ad312a32e5791c61097
SHA1 428650191730f35163e8ec78a25126869b2ab1e2
SHA256 d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa
SHA512 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\flag-icon-css-license.txt

MD5 d0bc1323b617fbb4d3232b745ff45dfd
SHA1 5c11645d0455590741dacb68d3eb1d253a5ec106
SHA256 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225
SHA512 dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\notenoughupdates-repo.license.txt

MD5 3a5337edcf43176e258e1a5ed8baafd7
SHA1 fe2b722844bb6331deef47fc5192c1e742ab5caf
SHA256 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc
SHA512 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\openjdk.license.txt

MD5 8425bcbfbe27f7f8ec1e46e9f0ae0c99
SHA1 5898367b940826f516f625dbd78fb8957f3be986
SHA256 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b
SHA512 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\xxhash.license.txt

MD5 184732fe7ad572cca839560f13667eb6
SHA1 76fcece0f58b529b1ecde86e8bf8f8bb1c652519
SHA256 ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a
SHA512 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\tr.pak

MD5 a38eea92c514716b8ab019ab792bf541
SHA1 cae203c3ed63807d4f2d89333540556b5e92e161
SHA256 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd
SHA512 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\native-modules\launcher.node

MD5 ea0438f1b6d69ee6226d72b623a025f9
SHA1 55a65d6611e1602b19f500432d2c353adc94b7b2
SHA256 7ed470497fe9dbe4c2903459e9bf0d1941f84125fba6f423a3fd5160d0eb1a54
SHA512 3527b9a834278f07bd429e2c16aecc0b982f8ef25aba76891299106724c3d975af036d4d03a944be74e81ea68594dbfd9c97d9ab8328f9dd10a73f57e7052fd9

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\native-modules\freetype-jni.dll

MD5 42cdd9f96894812798bcde58a41530e8
SHA1 c6ca7240f84cab471c8ce595d5f0abb3d444ceed
SHA256 95791ba4c3f9634f5ddf3cd56c06ece4a1f711a4bc5b03dae962283623622a49
SHA512 8dbfcea0af94a81fb3962f4a829d3c8891d9e09c64fd7035578db7c6f9eeec6c506deca43b684cd0efff17b86d98fcfb94352fc9387737d9bf12b62942ce146f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources\app-update.yml

MD5 8d66155f0df4170c9304d509353ae353
SHA1 f71f83013f024571a2b3211d35318b322274c835
SHA256 a8d5b508260d7b730705fd748375b0b3cc04bd962d843f9c944ffb12c96c9f3c
SHA512 f45c3580d4b637d9ba5c88c54b3edc52a4b8734d64b5b3c8e0fb92c05dda0768c4e520b597be17ad5a7d4c19c2ad0b5d3050c8da4801dbc526ff3eefe5ea46fa

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\native-modules\badlion_js.dll

MD5 35d8545d1c2cb3653f30cebf8ba75359
SHA1 046ba0e906cd89e09d45094f5fb1c2f77e923cdc
SHA256 b12dec94ca49b0393bde346c6f4e11cc104a75b445a82c3c6eea86fa29932543
SHA512 502a55a697206ca6da3343c37da142736494facb5e7673ce746217de3be58f5e75f047250ab3193cc33ffbb586b67a8d8b0529b50153a83e5a3bd70f20081acf

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\native-modules\badlion_electron.dll

MD5 5769a2b9b60c2c6e1676a7924ca4350f
SHA1 970bf13e68bb1bdab28327c07782359379fcf8f9
SHA256 99b060154c64049bef38882d856947c8c4b460a794992739b415d7329bc8d2a1
SHA512 6db78f4c35e62336367bda10a74c1af0961e5c0abf7894c5ba2a51a53fa1d70908af91d857e60a659cf7e2c942c2ff5207a7c9cbf450acc8caaabd3e7b74d644

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources\debug-log4j2.xml

MD5 dd7150b869964d8a892cdd584948dc55
SHA1 f8053aba6ad32932509c37f9d06fff2af011ce52
SHA256 c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba
SHA512 a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab

C:\Users\Admin\AppData\Local\Programs\Badlion Client\swiftshader\libEGL.dll

MD5 e7c8cd0bc5305a7c3c2a2c1f689744e2
SHA1 de20c6420bd838e13867bb37256e1b25bf365942
SHA256 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9
SHA512 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 111150d22d4af8b6e3573180df3a5f60
SHA1 942ae173b9ec577d88ff2448b587a436579f26a6
SHA256 1195c025d3441acab899722cc42e6e71e3cecbbd935536c53ebbeac9d44ed7ae
SHA512 9b39ddc54bb902e02066e9b7e6772974903c0b0d1c6175d0c67c1554232b8e11a9363de0a436c658b160d89d73bdd1c6c22fe961647952bced657ac80d0cfecd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources\roots.pem

MD5 bec29e7471bdfd13632a88a0e1177a4e
SHA1 f06003491572f8c18b6c18f1857562562eb48032
SHA256 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e
SHA512 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources\elevate.exe

MD5 8f2b6a7fc4b1f254048322e6fad67aa4
SHA1 9a9a73b49ea18a1220f08e3002c1c67701393e0e
SHA256 8290b594a4164a1a41a4f9302ee2858a48cf6e2085c79dd7b2e9f4b4a2a967d7
SHA512 178af6f62ce8ed584280f7653167c8881aedce6319b25096c6d1bf30fe7bf8da77ee57b849626fc4a4606357ce17537ecd76cdea67edba5164a556c3603dbee3

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources\app.asar

MD5 9d9f05a780987d7378eba8a2adc7a4af
SHA1 e63c248d8f31c92ef45125b28c685f4cdb788a05
SHA256 ff0bb2b6426fa1b86c65e572043c65db3d463c46bceabac92c72e5da5d99fbc1
SHA512 83c0855ac799ffa3521e12042c65f2c758473cbe578e91092ccffc76148670883fdd71a94b0a4217d81f28af9321ee55f90e8b76bf39f77ec73907a791518ff1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\nb.pak

MD5 bc1983b1c86badb361fe07031a93fa48
SHA1 5bd14d7d7a335dd6457377fc0eaed07a56c369e6
SHA256 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d
SHA512 fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\id.pak

MD5 d0517c1bf9a89e06ed2b510b9408e578
SHA1 71494250010ed09b55f3879488d4566808a8398b
SHA256 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3
SHA512 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\xdelta.license.txt

MD5 b743e02a975dc959abb35bcda12cd4c1
SHA1 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c
SHA256 b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c
SHA512 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\tiny-process-library.txt

MD5 52607bf5b5dbb263092f9672eb5b0b1f
SHA1 ac2b9621c7b1649ccfbd31034ebdff57249802c2
SHA256 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5
SHA512 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\slim.license.txt

MD5 b9647dfe37ebff8112b7fb0204192de8
SHA1 ae084d7c34776826e0398e73eb827682852a4b54
SHA256 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499
SHA512 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\skyhelper-networth.license.txt

MD5 27fa1700231bee88a24cd306d673af97
SHA1 ccaf356f932ddceaa1c59756b2d72c5c21c89fb0
SHA256 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5
SHA512 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\skyblockaddons.license.txt

MD5 b5697125b9a58f980344d778c84eddc0
SHA1 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659
SHA256 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf
SHA512 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\rubik.font.license.txt

MD5 1a74d7f49b7531048b89d6ee3f49e1e1
SHA1 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5
SHA256 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141
SHA512 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\replaystudio.license.txt

MD5 faddac7574586fc2805a9b3f3365767a
SHA1 bb87c11cb254b9c7693c2e62c051a10596648ecc
SHA256 eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12
SHA512 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\quickplay.license.txt

MD5 c3e1cf1c2620ba0f75411f66deee382a
SHA1 37f7156c3c10e3c09169697bf2e42bb7fdab27ee
SHA256 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64
SHA512 cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\nativefiledialog.license.txt

MD5 292e3e89db90cb0fbffba767983a8f55
SHA1 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec
SHA256 c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3
SHA512 b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\nan.license.txt

MD5 895f9d80d77e26153e48525caeb23827
SHA1 3d7128bb4973afb706aa1f67493b537006d79937
SHA256 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1
SHA512 e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\mclib.license.txt

MD5 12873b817d4334eac6197edbc5956864
SHA1 20a910d495a276c23bc9b43faa7994338f51ce69
SHA256 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72
SHA512 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\ffmpeg.readme.txt

MD5 46efd225e4f70c87659ee3728c4cc352
SHA1 3772c422a0f862d32a0cdd082479e432051f17e6
SHA256 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544
SHA512 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\ffmpeg.license.txt

MD5 e62637ea8a114355b985fd86c9ffbd6e
SHA1 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3
SHA256 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809
SHA512 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\disruptor.txt

MD5 ae32a12a5be0d4878506f2c7927826c7
SHA1 ef0f419dca631ac1219e19af5b4a5a0875f68da5
SHA256 eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f
SHA512 a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\discord.license.txt

MD5 f8cba3d1a6a62d09224f131fd3054008
SHA1 661a941700833f7229cb17d206f1d25e23301a2d
SHA256 cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f
SHA512 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\chromium.license.txt

MD5 8694b4a605dcd105b40d081ad09f0f46
SHA1 6666d31977554cf9d1558cbc63c339e8b07e3c94
SHA256 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a
SHA512 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\cairo.font.license.txt

MD5 5a540f4d98fc81713b81aeadc530c6ed
SHA1 273c8a98fc1b2709cfce81d7f6960b63326e5485
SHA256 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727
SHA512 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\badlion.licenses.txt

MD5 a2ed77a24bd53e33a3fd458d99e9be0f
SHA1 07af4fb75f3122867c9e3255ad6d1e11fca88808
SHA256 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05
SHA512 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\autotip.license.txt

MD5 5b0b97f483331418e30c469af896d87b
SHA1 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae
SHA256 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442
SHA512 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\licenses\aperature.license.txt

MD5 1837a1eb671079c67ed2724719588c48
SHA1 ed2c02b395fdeb3b56d0d4258c677a1329e78e54
SHA256 ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6
SHA512 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libs\optifineinstallwrapper.jar

MD5 8967319339fd7ff2a67b3a9eab3e4b93
SHA1 03e69508f50bffba71390c367fbc5e8c00d07335
SHA256 f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0
SHA512 e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libs\lz4-java-1.7.1.jar

MD5 d56d86823662a663a4d614dd5e117eff
SHA1 c4d931ef8ad2c9c35d65b231a33e61428472d0da
SHA256 f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac
SHA512 ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libs\joml-jdk8-1.9.25.jar

MD5 9b868b921d0490b417bd594984b680b1
SHA1 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da
SHA256 fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28
SHA512 c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\libs\caffeine-2.8.8.jar

MD5 ddac1f8f76743255084022ac6f06b7cf
SHA1 298bb2108157513a39a1a52a686a1fe8b57cc973
SHA256 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73
SHA512 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\link_drop.cur

MD5 66e13793e687bdb92c09e0ae7964e194
SHA1 71019343b1747c19503e935aff3c7aba1fb70541
SHA256 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67
SHA512 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\invalid.cur

MD5 2f8b93325987b4eed575ffe251c67751
SHA1 ad1c4ee2358fc0f84d2ac2d17890822ff51ae725
SHA256 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf
SHA512 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\hand_grabbing.png

MD5 ddbc22bda750215abfc73d75e1105b17
SHA1 f8dc1196227d95b7630dc85a3543c6db853f65cf
SHA256 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee
SHA512 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\hand_grab.png

MD5 7be75a54023adbe7d6b48260e4e8d032
SHA1 81f20b4e0ca495e393748e0054d9ba12b6179196
SHA256 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e
SHA512 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\hand_grab.cur

MD5 3f37213b8c0a7374308b2ae99d4eefa2
SHA1 b72b9901b3fe6fc8693d67cc5e419e494afddbb8
SHA256 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0
SHA512 ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\copy_drop.cur

MD5 f92d1851a489b0af7ab807a2f07ebe16
SHA1 d97c9d7ab76993448f6240322140dd23c756b6c6
SHA256 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab
SHA512 b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\cursors\col_resize.png

MD5 0723c45d9f82b0e31a1fee26b9b4f53e
SHA1 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb
SHA256 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab
SHA512 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\vulkan-1.dll

MD5 9663210f63cbf7a8d6b36a95d93dd119
SHA1 0fc5c50984b2c9677b8ebce4d4518c1322ce4145
SHA256 de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88
SHA512 a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\ucrtbase.dll

MD5 cca4929ef8dd988d7221ef6ba398f1b5
SHA1 1d21e60e56a15038702dc18148be8cecee279890
SHA256 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3
SHA512 d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\ssleay32.dll

MD5 c87e22c79b0653a27e0f9e6b1a9ac8bc
SHA1 bd37e85bf38192614d2b8fb5048d7e9f38eb34ac
SHA256 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132
SHA512 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\resources.pak

MD5 24512938708d1c54f6a83295bcd9952d
SHA1 4fd2c5c7f0c204a40adf18beca8fe2a911d9ef53
SHA256 ad842ec81b9b73399bf0d30d0efe5d0e60856121bd04af04b916d0e4ac932245
SHA512 8a18ebb53cc168f6f10809fa4613e27c96675e3663579363a06a4e0e0e1d34af869ff1578489fddd375335120aafc497e4102460d938af45bab3098990f1d67d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\psapi.dll

MD5 80050af28eb0070a582b33470d20fc91
SHA1 bacf5fdb74ef5fbaf91d0475736d566ee3babc18
SHA256 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2
SHA512 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\msvcp140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

C:\Users\Admin\AppData\Local\Temp\nsu46DD.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 a388f6d1df7e707c4adb95a6c21f665d
SHA1 a29ce72fac1cc25309393810cdd87ddf51f7cdf3
SHA256 80ebcf9d00d5bae97b3d62e621be73aeb71d234621863e610c23ba543ef032a7
SHA512 2ae9c0bba4f27d6657c19ac1748168555bba8be1ce984dcb2504faf371cb0a0a1a7418f83c03caad4acde2c2484bd17b0d8626bd42b2a2a953523f12bbfc09b9

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 2fc7f6b0abd1af4988e30e58e8310291
SHA1 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6
SHA256 b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b
SHA512 cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

C:\Users\Admin\AppData\Local\Programs\Badlion Client\icudtl.dat

MD5 b88b6869dc22562ccbcf0d33f093c67b
SHA1 cea71e7ed35a688714c19fe6a5a0a87c94d8a42f
SHA256 4863edf725b4e5c78b72de9e8e89c1ad8a09e0bfb086349cdadf5d2a49e27ed8
SHA512 11bf4e23d7f9ab80cc201ab75e3d137e1cf85bfbf949076e771b8360be5aea6027606fbcae08a7e3c57f24da1b6fda6e9e1b0b60828291214cff26fe85ab8d53

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 4c8e8814698f84d1db7c42f63035ad81
SHA1 adafbf111eb08866b75c4af8f616b28720c5cfe2
SHA256 68b77ec05c5bb8549ed8f7f5fcb41fa859aa25960552cb8fbe85477aeea8f125
SHA512 49336b8550750890f525c1114822f4f5f9fb0118a07d2898d8e13502dc06e3fe8c9f343830147a664771c9c34b8131175ecdca0e8595f3d653dbf9ffb494080a

C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar

MD5 2b675b9d168116b46a501f57bdd28a6b
SHA1 b1825adbd59fde20337617b051b9b60d1cbeb5f8
SHA256 cf8a129d56f98bcaa182064895ed80426937a52838f548079871a3d214c072c7
SHA512 2fb5a884adec5cb4fe2ec333e22d1a9b5640ca19400bef8f267521b1086ded30a519491e5f6df714aa4fe08cad2aace132685c1e021be5cb2bfbb45b73f181e3

C:\Users\Admin\AppData\Local\Programs\Badlion Client\native-modules\launcher.node

MD5 c73bb7767d3d89165317253e1e021850
SHA1 44ce6da4fbf521d0d4d318480140ca6e45ffe66d
SHA256 f69d6559cf3b2b2508c0c189c380f371d37c3aed0f57a60598b8ce0a1bb03b66
SHA512 013346912c1b6d4fad94c1332441f4a47df65758f81cd557525ec95adc17a16d5b84ac012a71f365ecf11ff390d3d4adb9a1fe14cc9be1d3d455d73b49b1bfb5

C:\Users\Admin\AppData\Local\Programs\Badlion Client\native-modules\launcher.node

MD5 013a87115d8f1988c049dbb5ecb01c38
SHA1 d08ea24166921a1805855695cae85f98f2affa29
SHA256 c112ba602e9973fe4239bf7d3134d47826ef39223c77a69210f49911dd0bae4f
SHA512 3a453f21cdd3d8329974e905b0e0ef2268548d9170488a185754b06882c4131e0daf355424e4ca85b921e743f6610ff4de98e1ab9d4c798c5466c1f230c55314

C:\Users\Admin\AppData\Local\Programs\Badlion Client\native-modules\freetype-jni.dll

MD5 d6c77527cbef838d47e856cc2ea4de15
SHA1 d9f90badf502342b5f072eba39594d769f4a9773
SHA256 9231dcf609fcc98ca4d2d16b9191f981a175d72269782e7aacddebc0fde0bf34
SHA512 dc90eb79c286e6a7115211e494c935f412c4c8530c72c685400a99aa39222347b36558aee58317cf3492dfc6796cfe39c9f1d1c677c71eaff1ecc07ed7c98de6

C:\Users\Admin\AppData\Local\Programs\Badlion Client\native-modules\badlion_electron.dll

MD5 af6bb05fc6c98240f05213f0b08f29ac
SHA1 dd2b1753594a018f3f56d316313a60bd4c4e5697
SHA256 bd9c16d07d9598cbe064b08bbfaa3e81c3cd6a2e94ed5531354821514b1264c7
SHA512 d77e6cf2e020369a47ab1262c017f6d12e822e86650397354e8e4025d677595756b4e858f4762a68d1100e01c14f2e2ee262a6332eab4ce59a668f43a1c7e2cf

C:\Users\Admin\AppData\Local\Programs\Badlion Client\native-modules\badlion_js.dll

MD5 f31d17c72064b690d659f83c70180c20
SHA1 de3a80fa33ab53e6c058f765de6430cb77ae1b15
SHA256 e10764cc9b25cf8b5171a281c53638a3f907adb49c909f4832589b0093fc8ea9
SHA512 f1d3442cc3a2dfa88435014e2914f814bda24e0b325e561652426e41a7a428a9485d9feecacb5129034ba626f1f1c1aa908ed15353831aead55a0622393123d7

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 70adb836a58555a9ef9ddfb61d054fd4
SHA1 21d54b446065634e8bb6673aa796daa29235687b
SHA256 5bbfd9fe4b2fc3abcc14fd557a73258bf886153759e7cda24b4730ad64b1e1a1
SHA512 3a35614d510fe0eaab0f08cabfcee289eab25dfaf6ca02efff4df707aaa27106f5db70341d966beaf9e7f8fad698104b4a34b50f2f97788a18f1c4c858be5e08

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 3810236bf28b1a0c6c5f9e4f22e14b72
SHA1 10fb8371e0ec1cd62c268fcdb05bcb7ef96f38c9
SHA256 4471b42890fb70b3e2822966b6daa76ad6f82be141bba62ad4312048a946bad5
SHA512 265dc5c684d701f8f5f411def46ed3f8958e35c10fe5888101f57735b8ac2453608b2455886e695971313f7d541eaa27e7f1b41076ec5afc4b6abed44b85c0db

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 23a07e1689074930cf33d827d1bdf83d
SHA1 5410a135875b0e148fdb2fa52a960cb19206cc5d
SHA256 04380fd860d3a6d6d1def1b3e34430c6bd37a952c7929d91ef3d21d5245a4075
SHA512 d46e32d5be7025f8e5500a455faeb1b822145f76770f19350abfd0a3b6cc1671e92890b1a6a40216624883fdb9bf50228c3750bb7b00cac7821b23a9c2041242

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 1f76bb3ebd3de20cc0dfdd5ab06fc7ae
SHA1 6188282ba5bd56479159ea37f11f6e7e19de81fa
SHA256 2807f3a6653fe49597c3a17eb3826e1578d42cbf4c4403adda6645c6d85ca269
SHA512 c66efa931c75d9de47bd355c80387777a1c590114fb0da6668dd4fcd2cd2c2aefdd84e01ccfa1ef6733816c85454c21bb0138ae055e64dbb7977a4b8f3c19130

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 95e277045372213dfc7e74c539b2951f
SHA1 ef5c3947f568579b47259e597b02dd9adbc407c2
SHA256 30349546856f04e30b97eff948fe5bcdea32f819c1b9950adf297885cbcefeaa
SHA512 c389a7928bf0f1283346275d4340fdb2f8633625eca90fbc26b945ea9875918a834578b39622f4ba101a1000d780dc12a8defc482b287c1978be64d7be5fce8e

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 fa440de5e13e03d59b9fdab8ebc30185
SHA1 a2245c4d2b48c18b8491420196f024ff07f966d0
SHA256 e501dd658e32c7f1a492343f53d37e6488f8cf43df278bda39a2ceef7a662260
SHA512 1e6f7c0aa1cee2aea272b262971028ae3ba006af72f740f351060bbd6aced3f2442f2449e4573c78fe37b3caf4e290206bd8d19712a98918cd6ae873cc5854ef

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Windows\system32\drivers\etc\hosts

MD5 008fba141529811128b8cd5f52300f6e
SHA1 1a350b35d82cb4bd7a924b6840c36a678105f793
SHA256 ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84
SHA512 80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

C:\Users\Admin\AppData\Local\Programs\Badlion Client\libEGL.dll

MD5 ea2c36a3ed317c20c4a96214b036c53d
SHA1 27584e38507c70249b3bdeb4116ff397527984a6
SHA256 7da2fac598fd960c6e532987487a11a5a2a228ba607ad76510e910399219c134
SHA512 567e693c03975037463c81e5495e0e1c61703bc6a11157c1d22a4eb7d84f40875e95c249b3f0b52f0c7049b1a929b650e081d44f7fe92d2460d1307f5fc9b875

C:\Users\Admin\AppData\Local\Programs\Badlion Client\libegl.dll

MD5 d6e89d31cf5a03d9f3877108cd4280ee
SHA1 cae45ce5b2a7884ee3f8d32b867c1e05c1aeecdf
SHA256 c95e851a06e54a6fcc239734fc25799765885a6668be072368c09789f4bc13c0
SHA512 bcd7d34284fdc81b2a1d51fd9c3566b062a3f9cc6030ead283e519223adda2271392a8b240698e4c801e4e771a8f07a17b7e22cf889b197424e30c7b4074d58f

C:\Users\Admin\AppData\Local\Programs\Badlion Client\libGLESv2.dll

MD5 55dc171437c8a1c49d284c19dd7782ea
SHA1 c0e6ea6bfbf33b1bc76eb1fa5b0c05ee9b63cd79
SHA256 6a874eb2c8bf8553c93173892fc93ce36dfdfa4437aace2c6f5222a183d2df15
SHA512 86a8e1c59abac26f394b8128bc652616cacdb4cb89c2225f1bf549171fa46b0b0c30fbeae2c73bba420bf80b78afb052e3b1dbd238f4eb9d2dcba86da2596683

C:\Users\Admin\AppData\Local\Programs\Badlion Client\libglesv2.dll

MD5 67d6ba6931bb8ab197985cd5700f9586
SHA1 f8d82677f4e12ed508c4afa8463c799a5997d2cf
SHA256 490ce5d37ed250b2e48a2a2062fe2a916f56acd74ae5227bf880766d3d81d9cb
SHA512 c01c88cecd1a1da51fa10ff1b41b0ec4a6ea391e0b72d58c55376c2ffa9dc55b7f8d54f0364272fee5af0debe7775751e358233b0b7664dd85e9333291d2c7ac

C:\Users\Admin\AppData\Local\Programs\Badlion Client\d3dcompiler_47.dll

MD5 a7b707eefa1d1e28bc9d891980ad39e7
SHA1 abe1f7eee1a1c1d9876f1246fb7294755d2c6b17
SHA256 95ee25defb58dd790e0cbf917864ef4c71677ec2338a4c1933033967214ff6fe
SHA512 57d6735afed21216d5eed9b742498603a6e4e107d25c3b127817231a894c0245ab5c9a21c191a686c543d2d891828753cfac30e934e313ef05cdc5f631bb85a8

C:\Users\Admin\AppData\Local\Programs\Badlion Client\D3DCompiler_47.dll

MD5 f078a4582447f34ab471622189f5b153
SHA1 3f7a4df00db111766cace57ee3a805a084a178b0
SHA256 1f220d2a3936ab99cf47f24b96b0864413f154617d7b0fb5124fa73d7aaf4ade
SHA512 4f1970c23796741cdd58c37a4556925cc91c2a459da062c67815261ae4c3e62cbf6c5351357a43aa8a1a809c0a70eab2755f59686616222cae0b9bc09ad3105a

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 cb2f2893e61bc07a4e10d5417aab90c4
SHA1 36d700cf71d64d3b67bee86ee48a8a009d78ee54
SHA256 d7c482cf9437aa952314ee84c4c2b93506357c7c320f29a3617fc5bcf26dc70c
SHA512 c5b6cc2b8ac7ebc6c85a72250eb1f903dc7daf162dcb24c3ed13839c1baab22df19bdc38381948f09cef69d6add40484b6666e0929afd99eee82864fec0f2385

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 bb08e5c554d3efc5ab45a7d77ec88c14
SHA1 0e5f3bb1f6d4873262ad8053388f5ba6cef8897c
SHA256 a9df4270467763f6be82d13d8df21558396b1f44bd479b75714d30babc96505e
SHA512 7812b0d6c82c2315a2b48ab591c1dd55b081d55de4a48ad9205324eb8be04cb897a8314186cc8e3ecdc477154c08bff7dba8d8aa29d92e9077e2c71069ef6cf1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 e9b0c4f288d43ea1b137e3c975615fce
SHA1 486bcd9534799cd9dee6d044893dc226715f9600
SHA256 42172d68e9d511eb7c331d2540c522329a04259a03e630991318e58120ba3d45
SHA512 3687ee96c582b8745461a5e6cbe88724b4a9d7560329b893bbe0156b29a905ae572137b597b76d27d0da426fcda078c45f7a161812159de7d8af29424541622f

C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources.pak

MD5 493b7ec23464b1847f7abcf495979ab4
SHA1 0a774b1db8b58e4f2b62c5d1626025ff07906e23
SHA256 9a15e5ae88a922c7bb10fedc2c5494e7efa5a1723a49610d98e001fd7fcf144e
SHA512 072c1d7c17ac57839369f56e2e176ffb99316c11474031beb36b7dd262af511aad8bff11eba5601e6439fffa5077b440fc93df1b14a0785be025aa19db0a1014

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 62d5d73ee869a0a2654d8fd554aaf742
SHA1 be1d557c26633ffd5edcb5caf37b2a09f47c6667
SHA256 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59
SHA512 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-862636119185140b

MD5 d2da35e826a1e6af049f99048b4fb6ec
SHA1 ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e
SHA256 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227
SHA512 d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 3223dd7ee844492c3045b49fbeb3e479
SHA1 5f52579a39b5975da63be819788ebcf3dd866fb4
SHA256 91d300ef32742d52376c6f1a4c28b324172eecf374b9ed7df43ff3c7a5e56b13
SHA512 b45093b081fd5b64e8ad2aef466c4ccfd6d700feb786485b6efffdf3345ae8bff5cef455ed6630056a834a7ece8c7f4440e93a5c616ed1dba3ddccda9f72987d

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 bde00bc04c87b464a910ae0c03874ebe
SHA1 710b0b358782dfcd86e2205add6b6c45a89be652
SHA256 01baec16bb2f8117c67f585cd5b0fc3b960b544267844bb83cc8994cc95e9b20
SHA512 e6677e390a6cd160f501ef1d78921ee0fcac59e05d8d1729dd84ba6d8b79943ded6a85906df5179af6dea23477882a256c6120b40447273ad7547f3fa2195ba7

memory/7740-3740-0x00007FFCFDD20000-0x00007FFCFDD21000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Badlion Client\ffmpeg.dll

MD5 07a42b68ebd6e95caf6955ad26ed5524
SHA1 5276e5c154e7ad87ac58a76b59cad36b806f48ac
SHA256 b22d3a6b033f732a274089c3e539bdddbd6196a5ed2075ce25939ec340b9d173
SHA512 3e2e0314a307436c0cc32ce0e463a95437b5b245440d3d6cb1e27a0640b2c2790452d4cee5eb4fcf6e0b4da5687e740fdd4028b0ff433fd62b970e74da283381

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\installer.exe

MD5 84071fbdaa28e8b0aa43066a97415ea1
SHA1 0cbc24af7f61640f24f2863edf9a43286b780c8c
SHA256 3f2e34b1d248a8c90c5e4e1e230d3ece1eb0477b45d082ef46fed1faddf405ea
SHA512 0ddd01043c0fec88d0c54bab504fac201036b9411ea43ef7c683f91c426c73ccfffbc1a4fd9107d9c565240e6fb35e6dfa2f8703ff4963b2f7ad75c2baaca45d

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 33d6ae7ddd74b4ee6b56177c0c993fff
SHA1 c286e2e6bd8ae09519de64958044394eb3b85c7e
SHA256 d918946d43f3af1543ac3a9115cc8a558c07c3c939dc97958c86a9f78a167220
SHA512 b3b23c8ea34996fd149bb900a86265f90053dd265a2560f6eaa604ca970724faa6d0c1028fb50e93c3dceb3dec722c8dcb1ee69599b991fe269dbfbdafdf37d9

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 8f32d2890d1992639ee775cff7850530
SHA1 df38f4221ee45e9453db3f958f92da6eb8bee95c
SHA256 8de8f8377ea4f78d87b0d9dfdb2a7603b5ab62af6d9eadf33d094eeb10666343
SHA512 c8931a49ed6e172208861ab9dd00ddd6569007a3883daf4a075bfe12b802a6554492ec6c9b2fb2b1248550bfb178f315b86bfa8c97fbb1ee1ae24cba0e34d583

C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences~RFe582e9d.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\67cfb53c-dd3e-426b-8438-3aeb9535537c.tmp

MD5 c59205cb5be1df4bd201ae97c1cd0f95
SHA1 e3050f319f7e82062c61406f66e8cbde0a672bd7
SHA256 1b42ca77170b70e927f579e23b0da8b850a695dd00339e07bbe4610a7e1974fe
SHA512 32faeaf622afaeabcbca1505817dda9852133368407bc8bcdcc2a339f6985e6faa40f9f8b527066c823a3a1a8fc08de71676a67e1a2e4c3957b6a5b6e8b51032

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kxjvovj2.jao.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6512-4029-0x00000221F2450000-0x00000221F2472000-memory.dmp

memory/6512-4039-0x00007FFCDDB30000-0x00007FFCDE5F1000-memory.dmp

memory/6512-4040-0x00000221F25D0000-0x00000221F25E0000-memory.dmp

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.1.0.exe

MD5 e20df3b6d3b33a578dc033b1165f1eae
SHA1 77eb7d875eb90ffdffc97c50d65151a0ce2fadd1
SHA256 d14a7504264b00454f8b2bc5c81a04d431a244692645e3cc0ec5ca5ac20543a0
SHA512 ca2e65148c0b16cd7d1af178d108675291972ffbc835797d9cedf3fd81123d4a4bf09f12b798f55f371a610380ebaeac56741f8a8194bc50c2ccabd08fe9f2e6

memory/6512-4041-0x00000221F29B0000-0x00000221F2B72000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_83FD583D6198B7A2A57B44D0AE1797F8

MD5 9d0ee0d20b71e8ead51eb6fa00fa9147
SHA1 db28352fcf455d0059348daab5f91041dbc9f4fd
SHA256 e11ff22b8062391cde7afc64980b7860308f67556e1de8e716c1e497d19f84b3
SHA512 c678471c9b65a9f944cf792b573bb0bd525f86ac3aac9af35be486e1dde64fe196d7ab668d44e9f14b8da403fc3f91f677ec23eb3691274c75b7a6818cbdc26e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_83FD583D6198B7A2A57B44D0AE1797F8

MD5 3640530caa1f5314b99a8ec1b78cccbd
SHA1 f48843a946dda0c65e63ceddb58bd5db733f6a7f
SHA256 ebc42e4760241cc7776072fd5ae1d7c1cd3ceafa4d515a2c6033b02e63c5b4a3
SHA512 3ae753ba561ba6d9844b089f6f9f7ebf14767acfe35d4317a9908a42780904d61034994338f1a639fdf071730f994277bcc3c06b1b7f34d2ad2f9cee28a4b9c0

memory/6512-4045-0x00000221F30B0000-0x00000221F35D8000-memory.dmp

memory/6512-4049-0x00007FFCDDB30000-0x00007FFCDE5F1000-memory.dmp

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.1.0.exe

MD5 0346708330e59e55c3f02ff4afa01c8b
SHA1 807bcbae81224e519eff5dcf84e5ba0899252861
SHA256 ca6a3c61981f09c748e5034b5f9b9810303f6d46c61f1a59b8dd7ac5a0031dfa
SHA512 94adc97592f35fe037af51bab0037b44ad039d05c6e73c6b692f1ecdc8173cc36830158142543457a435fc7b282c7f05699899ae77aa15325c76464e697c9e96

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies

MD5 f0e4bf40dfe2fb69fbb15b9083c0a002
SHA1 eca786b9cba3f4452d26b92ecf78f1abfb88f8e1
SHA256 84ffc16d4cbe2506552fa89b3509b51cd041399ed75d1b3f8e81f90e5a1c8a6f
SHA512 30320cf47a110376cc22155d4a2ad34e1c761c2546f4fddfbea4b614e0c174c44510bba8812cfa98ba6f81b4f8187487588b0deeecc3b6b00e95f4765ab92616

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 ffb98039924220fb33837a443cdc5f51
SHA1 4731fbc7a581df4e0abc248aebc158fb377213a1
SHA256 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba
SHA512 e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index

MD5 cbd0960929886605072236c0ecaca14d
SHA1 428b7bf7f9f9d4d5fbf82bb57066447b86c5d716
SHA256 aafc0579eef5f807fd57b233a870b7ab606640b94856f9ecd1326b0e8643595b
SHA512 769c58bab39ba4f1401014342161a6bb93bf5e7d7fcbfad0fcbefe6e4d37a7edc3a74fc6fef2107cf336e0600908d62fbf9a5bff8d312dbc9fff65cc54e72741

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId

MD5 6c9eaf2106fcfbc506d8a10abb1fad84
SHA1 f2fc59ecbbc09143f74b9e67672c9e1784871108
SHA256 5ebda9cdf522194f2e0a4abe81096c2a7307bd6232457a966a7fae68d2e99052
SHA512 ae990efb9bde315a2ba78769aec8877afed76b9794e79712aeae43f62f278452989dc6c78a5ef9b17fe98ecf0ee4484d97642d5ce9a6647b496da8c80a6de1d6

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\Badlion Client.exe

MD5 891b6af521cb95206f28715a8d5faa23
SHA1 5e3c8f0c2d22724397e7d24c4a49b62f1762c195
SHA256 4c354681a46fcfc96d52b6f1049199c80d4e1a7de13ebad34630de2baf12615e
SHA512 16a761bb922e7bac897c5773601f93ad6850d27b4c4301de3d2ee0e00f9ca51c721077f22108cfdef0673088b7f39a655cf225a4b64b2d4baeee75a1759872eb

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\ffmpeg.exe

MD5 6cb93c88b9b8691c177024f03c0ddd58
SHA1 5b14ee1ad79e3836d9626659b3acd76cc012c981
SHA256 85a99876cd9d0988d45c4ffc2ecbae26b2ec933bc3160a988c4927b3bde7f442
SHA512 4de565749a1297dc9d6735d8a751c47eaafec6327f80bcf5c5b435d61543053fe8890a439ab476861fef3a5eca9b9cd9acd26a3f360bb63636ff7f714b5f1288

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\native-modules\freetype-jni.dll

MD5 90f046761ba78f1353127bfb8cd2f90d
SHA1 a102385cee53c35cd19105c8ff92e445c9a2ffee
SHA256 6f7adb9328da39b0b88d321b6e4378d8d3072ee8402475e310bd7fb683dff53b
SHA512 445366b7a998ad736b626730d2db0e675550ddde21a94fd4465f813884cf7f7e1ce5cfdcce5182e830f6152b6e46a571a3b4a0a10c8592c5fe5b569ba3cf881a

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\native-modules\badlion_js.dll

MD5 f1ad04a983743bf9fc0f1bb32d322368
SHA1 9973d376b01615570b1c01e87e342e2c806b7c93
SHA256 f2fabef3154c92cdb6e84af5033fe3ec8c3570b1d59d3f0fce3bfe41e2b81240
SHA512 7ba6c43400ee0e46e68c6517b59c9a4ae7e8f91fb53adbf15a228092787391af29a63b4e86aff5d0505ed0f8a3bb3d2f105103385c7df104f7192634c4be531e

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\native-modules\badlion_electron.dll

MD5 416765e0d94724065d6e11b751444856
SHA1 2d90655e5488c812a280a67f3187227ae20e7421
SHA256 9af6e8096238da5a985ae25e4d315e3bd0b4367e2615c351ff03f03b686b01cf
SHA512 d57477eb9c5219c3737cbf77efe38759cb50011c51fe678103b2e83a86c0d938a352a079fea21a041a82fbbe4536ac007e8a1c1cac72cd374412475dad92e9aa

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\native-modules\launcher.node

MD5 7f1478bfa823bfcb55599cd2989dfee7
SHA1 264ebc8951f22c1d1d95fc982bd2075c93860b83
SHA256 e0b7956191ff59275c7f8a9fa7c8a2f8f0775ba272c875c8ccb32f98e06ad1c3
SHA512 b226702954a045e26455b978f9da6a2c4478c8f032c0699367944bb5171150a19fa8f877aeff9d7f4c990ac8a66fdf3f7987342d9358335c3a2de52632f137ec

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\resources\app.asar

MD5 ce487bbc670bf1f386e74038e17af21b
SHA1 1bdfa28a2779f866f6db62251b7cf24f1e0e3b35
SHA256 16b169728cee8c83067f55f9009d70f21b17e1d3f80a79f1608e05aa5f52b197
SHA512 9fb780e6d4f872caabdb5ba38c4a7f39871942b2bbbf18c67dd5f7eb25b29c364e2779936d8ee5e23f96cbfc962a0b198408d9d8389a9e388c7abcd3bcb81899

C:\Users\Admin\AppData\Local\Temp\nsl52C0.tmp\7z-out\resources\elevate.exe

MD5 57a2fa0f5746adf9d4247fe6dc14719b
SHA1 b5c3ec240e0a1fd014ee9877470772d405c90007
SHA256 2ed1815494d0b3d6dfc782cee0e780d591e50d6c9ddb81efa2d2709b5722fd6c
SHA512 d712df34eaaa76334823476161823d605b1ded2cd9a14f324f205027a09da3c04b6401b36e881d17de808c24b777db2f7be8a61bcb810ca6bb55fabc65de8a97

C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 00212587769bcd128bbb74eabd2fb6cc
SHA1 cf4344f732bec6ad32ac653cccc57d3c96ab1027
SHA256 9e1ab40e38f6bfcead725e495e934b2480f53fd7e942c5230ab4654195c58e74
SHA512 2cbe498e5864a96fd74de73b4d6260d08c7be3c675f1d55a95f38a28e11a18c592114c9379ec82b0c585609035da941c1b107c026d346e421554275458d78e84

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 8ab21d0d3f6e893f919586bd3bab81f8
SHA1 46b68c0b9619b2e3eb5af26ebb85e0002420b5ab
SHA256 6efaac46c1935cd280980cb4815782e5f2a4f2b5fadaacb081cb789eb4d42d38
SHA512 3ba1f0825c2b44dfc70ec06929dd29d187ca77f110de8eb0b0d88f23b460756554d33d0ed3b13a7630451c08a515de7e13b09ae5453ed8bdca9f15b4c4626e27

memory/7068-6534-0x00007FFCFDD20000-0x00007FFCFDD21000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 4135d0ee7a6d7e30561d927e238f0d42
SHA1 cfee2fa13eba113a59e484667b0b7d72492679a0
SHA256 df77eed0ac9f9b96c05f8c489e46d57d341762963d7f824dd63007e8f2dcc610
SHA512 52f26cfba87d7a441e55b8f978916699c2fb72d342e5976e18b59fce03a0ee67d3eec8a2a80b822347025d0e1d1675b28f7373f6abe354ed48c2fcbc467e2cd1

C:\Users\Admin\AppData\Roaming\0cb1f52d-8a59-4311-ae34-5aa1f1be2e16.tmp

MD5 accdf5252dc01647b5bd9a71beea3a79
SHA1 015404eb6501988172f35b2df0809635fa18588e
SHA256 a11e93d435393bd55f7b30f74976056b6aee9615bec49ff1c8a11e7d1ba0887a
SHA512 ff3a46d493c4e9d7a01e68dc5b790804d15f6f809655974fcafd8c6513dd0cb139aa323364ca563ce0e74975c9dac29678ae9f1c3f4898d2132e09c9c21725d8

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\bin\msvcr100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\deploy\messages_zh_HK.properties

MD5 4287d97616f708e0a258be0141504beb
SHA1 5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e
SHA256 479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7
SHA512 f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\amd64\jvm.cfg

MD5 3bc0c7371c924bf144af8516ba8ba720
SHA1 dcd2c34791a1e7c7d0866d00c014f566d983d860
SHA256 875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1
SHA512 eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfont.properties.ja

MD5 a38587427e422d55b012fa3e5c9436d2
SHA1 7bd1b81b39da78124be045507e0681e860921dbb
SHA256 d2c47de948033ed836b375ccd518cf55333fe11c4ced56bc1ce2ff62114cf546
SHA512 ea6ca975e9308ed2b3bbcce91ee61142dab0067ce8f17cb469929f6136e6b4a968bac838141d8b38866f9ef5e15e156400859cccc84fb114214e19556f0dc636

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\javaws.policy

MD5 e0c4ef8b210c0ddfee01126e1aca4280
SHA1 f1cc674f447045d668454996d5c3c188884762cd
SHA256 e5cd7f9fd43084674aa749bc8301f28de85eef6d01bd78828f72fa32377a3368
SHA512 4820074f15520ad099193b27a673499c31544a7279279efcb6131d53fe997438a96e1c5b386c233385004f7a2fbb775d4cde3c0272a196b54c0d8ee6ccef43df

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\sRGB.pf

MD5 1d3fda2edb4a89ab60a23c5f7c7d81dd
SHA1 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA256 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA512 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jvm.hprof.txt

MD5 ad91d69a4129d31d72fbe288ff967943
SHA1 cb510afcdbecea3538c3f841c0440194573dbb65
SHA256 235a50d958faedde808d071705a6d603f97611f568eec40d7444984b984a4b18
SHA512 600bee4676d26e2ce5b9171582540021509a4d7888c9c7badc14f0fad07007e4ce2b4c007a8eb15bd0d977722b8b34442012ea972ffbd72797475a56cdfd86ee

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.password.template

MD5 5dd28aaf5a06c946df7b223f33482fdf
SHA1 d09118d402ca3ba625b165ecace863466d7f4ce9
SHA256 24674176a4c0e5eefb9285691764ea06585d90bbdaf5bf40c4220de7ca3e3175
SHA512 13c6f37e969a5aece2b2f938fa8ebf6a72c0c173678a026e77c35871e4ae89404585fb1a3516ae2ca336fc47eab1f3dd2009123adba9c437cd76ba654401cbdf

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_de.properties

MD5 ff9cfee1acfcd927253a6e35673f1bb7
SHA1 957e6609a1af6d06a45a6f7b278be7625807b909
SHA256 e130fbd5fa378a380f46f42981f2c97bc152059c27120204ab4da47079d31513
SHA512 f42601092436d7af30ccd81126185232d9d643b195d3d4619aec451e3e2a60e33e6378e770dd1a4cdf7ab20cb749371665a992ca73d2842a7102f3fb34b6b9eb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.access

MD5 41b36d832be39a3cf0f3d7760e55fdcb
SHA1 e706e9be75604a13dfcc5a96b1720a544d76348b
SHA256 71a930cbe577cbabb4269650c98d227f739e0d4b9c0b44830dd3d52f5015be1f
SHA512 41e6b8639c1ceb3d09d2fdeeeba89ffa17c4ed8b1ad0df1e5ab46c4bf178688d5504dc5a3c854226f7da23dfa0edab0d035d6b56495829f43aaa2a7babec4273

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\logging.properties

MD5 0aa5d5efdb4f2b92bebbeb4160aa808b
SHA1 c6f1b311a4d0790af8c16c1ca9599d043ba99e90
SHA256 a3148336160ea7ef451052d1f435f7c9d96eeb738105ac730358edada5bd45a2
SHA512 a52c2b784cf0b01a2af3066f4bb8e7fd890a86cfd82359a22266341942a25333d4c63ba2c02aa43ade872357fc9c8bbc60d311b2af2ad2634d60377a2294afdd

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\flavormap.properties

MD5 b0ce9f297d3fec6325c0c784072908f1
SHA1 dd778a0e5417b9b97187215ffc66d4c14f95fef0
SHA256 6da00c1cbe02909dcd6a75da51d25dbf49bfd1d779c0b8e57b12e757229fc4a8
SHA512 4c774bcb9ade996569c86dd46b3bdb046771ad1bcf9aabb9db86854c83e18015cbe5df73da86ee98e26ba0393f548b1cc09de60bda4248eacc4fc833e23b8ab4

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_ja.properties

MD5 d830fc76bdd1975010ece4c5369dadf8
SHA1 d8cc3f54325142efa740026e2bc623afe6f3acb5
SHA256 11e886336ba51a9044ab1a87c60ceee34c29bb724e06a16968d31531a7001064
SHA512 7b867a50a811fbd7ffdad0b729ca4501e16386ee5c4940a4cf9a805767cc0d10f7e3bdfd6a60204d79292d778d93e3bd915368ac0e9453bbb1010adfd9655f0f

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\blacklist

MD5 3f5dc1d941e8356ccd04454ac0a7a7d2
SHA1 3698f9afd870c7959e2d8a0da0a97b4475554831
SHA256 c48d57d64ed98f8f174a4f6873f536ae03b41a63f67079d7c2f7140950a1c02e
SHA512 65319a4ef150884f7e67c6f96085a996c9b32dcf9a539c4eb7af77b1b46cdd90f1e83446f33da14467ea37d0628c9411323f5c3d3cefcf03cbdfa186eeb2bd3c

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\local_policy.jar

MD5 57aaaa3176dc28fc554ef0906d01041a
SHA1 238b8826e110f58acb2e1959773b0a577cd4d569
SHA256 b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7
SHA512 8704b5e3665f28d1a0bc2a063f4bc07ba3c7cd8611e06c0d636a91d5ea55f63e85c6d2ad49e5d8ece267d43ca3800b3cd09cf369841c94d30692eb715bb0098e

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\LICENSE

MD5 67cb88f6234b6a1f2320a23b197fa3f6
SHA1 877aceba17b28cfff3f5df664e03b319f23767a1
SHA256 263e21f4b43c118a8b4c07f1a8acb11cafc232886834433e34187f5663242360
SHA512 4d43e5edecab92cebd853204c941327dccbfd071a71f066c12f7fb2f1b2def59c37a15ce05c4fe06ec2ea296b8630c4e938254a8a92e149e4a0a82c4307d648f

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages.properties

MD5 2eb9117d147baa0578e4000da9b29e12
SHA1 3d297ecf3d280d4aa3d1423e885994495243f326
SHA256 b8d9c69ff7f4832a9b365d4a43cf66dff9847051752b13eedf024caa9c1ef46b
SHA512 c3f7730767941b3c8f6f53d4686e9f898d1907d978f6d1fa35ba02c3fcd8306335406a5f9abaa844f27f7afd9e548810becb9ec3e6b84888ea5eac57b6ed6fdb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\PYCC.pf

MD5 24b9dee2469f9cc8ec39d5bdb3901500
SHA1 4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144
SHA256 48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0
SHA512 d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\[email protected]

MD5 cb81fed291361d1dd745202659857b1b
SHA1 0ae4a5bda2a6d628fac51462390b503c99509fdc
SHA256 9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435
SHA512 4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf

MD5 630a6fa16c414f3de6110e46717aad53
SHA1 5d7ed564791c900a8786936930ba99385653139c
SHA256 0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923
SHA512 0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif

MD5 89cdf623e11aaf0407328fd3ada32c07
SHA1 ae813939f9a52e7b59927f531ce8757636ff8082
SHA256 13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d
SHA512 2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_zh_CN.properties

MD5 823d1f655440c3912dd1f965a23363fc
SHA1 50b941a38b9c5f565f893e1e0824f7619f51185c
SHA256 86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7
SHA512 1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\accessibility.properties

MD5 9e5e954bc0e625a69a0a430e80dcf724
SHA1 c29c1f37a2148b50a343db1a4aa9eb0512f80749
SHA256 a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e
SHA512 18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_it.properties

MD5 bf5e5310b2dcf8e8b3697b358ad4446d
SHA1 c746ac1f46f607fa8f971bea2b6853746a4fb28d
SHA256 cc9ad73957535011ee2376c23de2c2597f877aceba9173e822ee79aad3c4e9e6
SHA512 b6c61d38b0acc427b9b2f4c19dabd7eacbe8eea6b973fd31b3555c4c5b3ffaf1ca036b730359346f57223b44cce79e04a6d06bbc13c6f7dd26ed463776bb6dcc

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf

MD5 a387b65159c9887265babdef9ca8dae5
SHA1 7913274c2f73bafcf888f09ff60990b100214ede
SHA256 712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46
SHA512 359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\content-types.properties

MD5 95ae170d90764b3f5e68c72e8c518ddc
SHA1 1939b699d16a5db3e3f905466222099d7c29285a
SHA256 a2b31e9cbceab296a5e1cf056efd953ced23b888cd929b0bbe6eb6b53d2bf861
SHA512 87e970beac8141c757d622fc8b6d84fe173ea4b134afd8e2f979714c1110c3d92f3ce5f2b9dc74804dd37d13ab2a0edf0fca242f61cf8ed065ae81b7331f8816

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\GRAY.pf

MD5 1002f18fc4916f83e0fc7e33dcc1fa09
SHA1 27f93961d66b8230d0cdb8b166bc8b4153d5bc2d
SHA256 081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424
SHA512 334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_es.properties

MD5 72bdae07c5d619e5849a97acc6a1090f
SHA1 9fc8a7a29658ac23a30ab9d655117bb79d08dc3b
SHA256 821a3452ecb9f29bcec16c0b39fb668c2cc30c7f7283b34bfc5400040723892b
SHA512 67f0d1d60012b5598864b68612aa488af1b5876ff5f347cd98abcf1e3c0d267cf0354d5085bf12b0a09c6ef124fd0117cd16fcc032da2b195d45bab19740bb78

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfontj2d.properties

MD5 66b3e6770c291fe8cd3240ffbb00dc47
SHA1 88ce9d723a2d4a07fd2032a8b4a742fe323eec8f
SHA256 7ea6e05d3b8b51d03c3d6548e709c220541df0f1aee2e69b9101c9f051f7c17a
SHA512 d1b99aa011568affa415758c986b427588ae87fe5eb7fc52d519f7167ad46bbff8b62799f14d8dbc7c55deb6ff7259445d6e8882cc781d61206ed1b79b688745

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf

MD5 4d666869c97cdb9e1381a393ffe50a3a
SHA1 aa5c037865c563726ecd63d61ca26443589be425
SHA256 d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06
SHA512 1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 694a59efde0648f49fa448a46c4d8948
SHA1 4b3843cbd4f112a90d112a37957684c843d68e83
SHA256 485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198
SHA512 cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\default.jfc

MD5 23aa3364d2ad1a2fc01fe9632b3b657e
SHA1 aa73c9d419da1237450d85a8c14fe8473fc96a0d
SHA256 dc59d905640c4931f45b14d24a08757a3108597a07eaefc5317c52681797139d
SHA512 d882bcbc7eb8372758467c211c6b1d00ce76ecb3579bd6682ec84d63472b9164a9c9ba27d6b88e779c726d90c8c7bc364ccbe37dfd514c638f24fa79d6478e31

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\sound.properties

MD5 bb63293b1207cb8608c5fbe089a1b06d
SHA1 96a0fa723af939c22ae25b164771319d82bc033b
SHA256 633015ad63728dfe7a51bf26e55b766dd3e935f1fcccffa8054bf6e158ea89b2
SHA512 0042debe4a77da997a75a294a0c48d19aed258eeb3cd723fd305037df11f0a5073a92cc54967b8b541e1afc912f36481d0b0f68477b8156e52e15093722b7c32

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf

MD5 b75309b925371b38997df1b25c1ea508
SHA1 39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add
SHA256 f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde
SHA512 9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\bin\server\Xusage.txt

MD5 f4188deb5103b6d7015b2106938bfa23
SHA1 8e3781a080cd72fde8702eb6e02a05a23b4160f8
SHA256 bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763
SHA512 0be9a00a48cf8c7d210126591e61531899502e694a3c3ba7c3235295e80b1733b6f399cae58fb4f7bff2c934da7782d256bdf46793f814a5f25b7a811d0cb2e3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf

MD5 793ae1ab32085c8de36541bb6b30da7c
SHA1 1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7
SHA256 895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c
SHA512 a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.security

MD5 b7aba3dfea0468195be1256c959135e6
SHA1 8c30082493935efda5ba54489d8605199c976b29
SHA256 c50c923c2b0dc5a3c598671be2cd980f7f06e7254cce04a1fe498f6e17fce3ec
SHA512 c91e110a3f3fc74596d22ee9f59bfa952be75b1b87fdb0e7ca8f188671c8e1d22bf02bc0c0b9f1321ad4df0c8c8db6f660efbba513888686b5ba9f86d7c30b7d

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\CIEXYZ.pf

MD5 4127b8610a271cf779dde7fde1ab56ae
SHA1 c94843428fc6e1ecb95d17ba038617ddb47429f7
SHA256 54034a23e98bbea09e4fc5bdb868877eb7824da1b97f6571de7d66a7299dc58b
SHA512 cfa1c22bd0ca353373132f495479ea2b17a3b42c8813421fc468a3af3b6c3223a1b2d3f826fc3cd55c89f129a5fdb5ecf7b175dc7c42c499870c475298e1064b

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\calendars.properties

MD5 92ba2d87915e6f7f58d43344df07e1a6
SHA1 872bc54e53377aac7c7616196bcce1db6a3f0477
SHA256 68f0cf30429a42a6fe78b1de91970e5c78fd03d1599beb080c1c196d5c59e4c0
SHA512 a964e2ceb4d601faf28ecf13fb11777b70708c21cf9ea23721e462b6e911051108b8a42ebf6447fa49cb61d7fa2d79475f50ee791f1121616371e2b02fab71b6

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\management.properties

MD5 054e093240388f0322604619ef643f18
SHA1 6e110c2a5d813013e9c57700be8b0d17896e950c
SHA256 bf41d73eab0da8222fe24255e1bbf68327fb02b1a4f1e7a81b9c7b539033ffb2
SHA512 bd60c6271cdeffff4563e6e2cf97c176d86f160092d1ffcbe7eefe714ba75ddc5fb4e848a5fdbe7a1d1510720d92af6a176a76de2cc599f27e4beae8e692c5d3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif

MD5 cc8dd9ab7ddf6efa2f3b8bcfa31115c0
SHA1 1333f489ac0506d7dc98656a515feeb6e87e27f9
SHA256 12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338
SHA512 9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\profile.jfc

MD5 4350cbf99dca8cfcd1075fbbe2ff6c60
SHA1 37e6c871457dc5691a692c9577877d6846e43c6e
SHA256 9bcd76b6dca5ea258edaddd2cfdd0dd93e66e4d9352eda6752c82e0e87be5408
SHA512 1d397c2881de8aa8e77a503a83b7025010c953c8b56a2d8f7b53cee7b7d68451ce0527ecb775df52ecd1d5cf7912b67dc1186ce6a0990ac2d0fe3519321678e3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\hijrah-config-umalqura.properties

MD5 6e378235fb49f30c9580686ba8a787aa
SHA1 2fc76d9d615a35244133fc01ab7381ba49b0b149
SHA256 b4a0c0a98624c48a801d8ea071ec4a3d582826ac9637478814591bc6ea259d4a
SHA512 58558a1f8d9d3d6f0e21b1269313fd6ac9a80a93cc093a5e8cdec495855fcd2fc95a6b54fe59e714e89d9274654bb9c1cd887b3fb9d4b9d9c50e5c5983c571b8

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf

MD5 af0c5c24ef340aea5ccac002177e5c09
SHA1 b5c97f985639e19a3b712193ee48b55dda581fd1
SHA256 72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244
SHA512 6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf

MD5 c1397e8d6e6abcd727c71fca2132e218
SHA1 c144dcafe4faf2e79cfd74d8134a631f30234db1
SHA256 d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff
SHA512 da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\US_export_policy.jar

MD5 ee4ed9c75a1aaa04dfd192382c57900c
SHA1 7d69ea3b385bc067738520f1b5c549e1084be285
SHA256 90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870
SHA512 eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt

MD5 ea05cfe64caab3ac7c6ce79163faf3f1
SHA1 e7798b9f64d07b359e9efd3723c64c0842c3bd69
SHA256 8091d955ed8fcc8c87e83c9d582692662aeb79a5a87b431e92ddb187cb32f835
SHA512 836d99f3109d2a3538c8f94c7c66fc9e8584cb1e15d5a187325663109b6ee8624e0f7b257e54ec6b28d529518a59f5772f3a2b39dd99273862829565a36f5325

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf

MD5 a0c96aa334f1aeaa799773db3e6cba9c
SHA1 a5da2eb49448f461470387c939f0e69119310e0b
SHA256 fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2
SHA512 a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\cursors.properties

MD5 01b94c63bd5e6d094e84ff3ad640ffbf
SHA1 5570f355456250b1ec902375b0257584db2360ae
SHA256 52845deb58038b4375c30b75dd2053726872758c96597c7cc5d6cef11f42a2ba
SHA512 816be2271cf3ecf10ee40e24a288ce302b2810010bef76efc0ce5746591955921b70f19005335f485d61a7b216dcce0b06750831720dd426d07709154d5fac7a

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\meta-index

MD5 91aa6ea7320140f30379f758d626e59d
SHA1 3be2febe28723b1033ccdaa110eaf59bbd6d1f96
SHA256 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4
SHA512 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\snmp.acl.template

MD5 9d9ec1bb9e357bbfb72b077e4af5f63f
SHA1 6484b03dbe9687216429d3a6f916773c060e15ce
SHA256 8b02a29bc61b0f7203df7ca94140f80d2c6a1138064e0441dfd621cf243a0339
SHA512 5fe39bbfca806ce45871a6223d80fa731efaa5d31c3b97ee055ab77eaf3833342945f39e9858335d9dd358b4b7f984ffade741452e19b60b8e510aa74ac02c00

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\splash.gif

MD5 249053609eaf5b17ddd42149fc24c469
SHA1 20e7aec75f6d036d504277542e507eb7dc24aae8
SHA256 113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be
SHA512 9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\ext\meta-index

MD5 005faac2118450bfcd46ae414da5f0e5
SHA1 9f5c887e0505e1bb06bd1fc7975a3219709d061d
SHA256 f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8
SHA512 8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\README.txt

MD5 4bda1f1b04053dcfe66e87a77b307bb1
SHA1 b8b35584be24be3a8e1160f97b97b2226b38fa7d
SHA256 fd475b1619675b9fb3f5cd11d448b97eddee8d1f6ddcca13ded8bc6e0caa9cf3
SHA512 997cee676018076e9e4e94d61ec94d5b69b148b3152a0148e70d0be959533a13ad0bc1e8b43268f91db08b881bf5050a6d5c157d456597260a2b332a48068980

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_fr.properties

MD5 ffe3cc16616314296c3262b0a0e093cd
SHA1 198dd1c6e6707c10ae74a1c42e8a91c429598f3b
SHA256 3941736bef6a8e53d002b6b67ece4793c2f3f34bcc1ecb271684eb3f73fc4103
SHA512 cd3a9329f405ca14e11cdbb74d467b31a31530cbf00537b16fb23aebc6c07eb268e9624fdbc997aa0cf4852dac288e1d011e2fc392d71e25dbdf52e359ba9d4e

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\tzmappings

MD5 b8dd8953b143685b5e91abeb13ff24f0
SHA1 b5ceb39061fce39bb9d7a0176049a6e2600c419c
SHA256 3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272
SHA512 c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.policy

MD5 ec90fd04c2890584a16eb24664050c2a
SHA1 c7fe062eac95909ec6a5ea93f42dda5e023ad82c
SHA256 ced51e3926e6b0cfec8ecab3b15d296fdcfae4d32046224814aaab5fd0fed9c0
SHA512 8da494925b3b5aae69a30a8b5f9732e64edbae39c968229d112185e349c410a0f5d1b281a4e44718e0120e910820b15ca878b2ed1cf905dfc6595f1ba34b85d3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf

MD5 5dd099908b722236aa0c0047c56e5af2
SHA1 92b79fefc35e96190250c602a8fed85276b32a95
SHA256 53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee
SHA512 440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\java.sql\LICENSE

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.internal.vm.compiler\ASSEMBLY_EXCEPTION

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.zipfs\ADDITIONAL_LICENSE_INFO

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\conf\security\policy\unlimited\default_US_export.policy

MD5 1a08ffdf0bc871296c8d698fb22f542a
SHA1 f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA512 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Analysis: behavioral7

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

131s

Max time network

131s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 224

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

150s

Max time network

145s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak\ = "pak_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 d8d8aedca043ed321700c77b5d2adfc0
SHA1 fec96818f45b59064cb18299606caa02bb8b12ba
SHA256 ee9eb1f8c1fdf4506e65288e19973d3da202c794bf67d93992b750f8fe32a4d0
SHA512 681eacc26b26da7623c478df967e5c46fe0eec89f818e0744b506a49d9fd1af0bffb2c2cd11f12f7faf5d1da4b6dcbec2d724abcd2f4fe062ba6d095a3a260e2

Analysis: behavioral14

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

147s

Max time network

154s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1076 wrote to memory of 2864 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1076 wrote to memory of 2864 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 49.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 56.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win10v2004-20240221-en

Max time kernel

149s

Max time network

177s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 64.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 75.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

143s

Max time network

157s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.cur

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 53.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 65.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win10v2004-20240221-en

Max time kernel

126s

Max time network

170s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\link_drop.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\link_drop.cur

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 227.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 48.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 60.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

145s

Max time network

157s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\row_resize.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\row_resize.cur

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 49.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

142s

Max time network

132s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 224

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240221-en

Max time kernel

120s

Max time network

137s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\copy_drop.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\copy_drop.cur

Network

N/A

Files

memory/2488-21-0x0000000002370000-0x0000000002371000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

134s

Max time network

165s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\copy_drop.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\copy_drop.cur

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 105.104.123.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240215-en

Max time kernel

122s

Max time network

132s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\hand_grab.png

Signatures

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\hand_grab.png

Network

N/A

Files

memory/1844-0-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1844-1-0x0000000000230000-0x0000000000231000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240221-en

Max time kernel

118s

Max time network

133s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\hand_grabbing.png

Signatures

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\hand_grabbing.png

Network

N/A

Files

memory/2740-0-0x0000000001B40000-0x0000000001B41000-memory.dmp

memory/2740-1-0x0000000001B40000-0x0000000001B41000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

117s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4784 wrote to memory of 3984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4784 wrote to memory of 3984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4784 wrote to memory of 3984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3984 -ip 3984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 612

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 78.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 64.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

146s

Max time network

160s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 53.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win10v2004-20240221-en

Max time kernel

131s

Max time network

168s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1764 wrote to memory of 1364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1764 wrote to memory of 1364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1764 wrote to memory of 1364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1364 -ip 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 56.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

122s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 224

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

141s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3644 wrote to memory of 3436 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3644 wrote to memory of 3436 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3644 wrote to memory of 3436 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3436 -ip 3436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 67.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

141s

Max time network

160s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4976 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4976 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4976 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4420 -ip 4420

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 46.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

93s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2172 wrote to memory of 4160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2172 wrote to memory of 4160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2172 wrote to memory of 4160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4160 -ip 4160

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 67.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 53.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240221-en

Max time kernel

121s

Max time network

131s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

118s

Max time network

134s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.png

Signatures

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.png

Network

N/A

Files

memory/2100-0-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

memory/2100-1-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240220-en

Max time kernel

123s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

134s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 228

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

144s

Max time network

169s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.png

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.png

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

120s

Max time network

156s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\hand_grab.png

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\hand_grab.png

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 73.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win10v2004-20240221-en

Max time kernel

138s

Max time network

161s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\hand_grabbing.png

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\hand_grabbing.png

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240221-en

Max time kernel

117s

Max time network

137s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\row_resize.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\row_resize.cur

Network

N/A

Files

memory/2600-21-0x0000000002230000-0x0000000002231000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

122s

Max time network

127s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1508 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1508 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1508 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

147s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Signatures

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:80 download.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\nsDialogs.dll

MD5 466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 eb607467009074278e4bd50c7eab400e95ae48f7
SHA256 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
SHA512 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\lz4-java.license.txt

MD5 0ba5044c64ef53cb0189c9546081e228
SHA1 c8bc7df08db9dd3b39c2c2259a163a36cf2f6808
SHA256 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e
SHA512 a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\notoseriftc.font.license.txt

MD5 bec6f772ed2e38634da53c388c30437d
SHA1 43513d1f6a1329962106efc212457e1d6ef9e980
SHA256 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb
SHA512 de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-console-l1-1-0.dll

MD5 3463d82d90601b441cf024c92abe4acc
SHA1 eac8fdafccbc1beb17386552922770bfe12ec1eb
SHA256 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
SHA512 ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll

MD5 ac3c4cafa028297da5037781f1156220
SHA1 937c2b11c7fe4effc16e67af716563aee2419a0f
SHA256 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
SHA512 a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll

MD5 8c0531639f58f79b5b67b52edebb01bd
SHA1 866f3ca8819440e0ba67eb935e688509f86ce1e3
SHA256 a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
SHA512 d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 2a3c5cbe313f4105dce8a79f533e5959
SHA1 26e6768280c83217ccbe36f3a405381defec12b9
SHA256 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
SHA512 e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll

MD5 72d542226f067dae07562fd093b0f5f0
SHA1 c0f7f85753bb351c51dd8e36ca2366a3b24c73ba
SHA256 e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6
SHA512 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll

MD5 285e3257c5a12d3384cd3f5a3ae941b2
SHA1 c05f6a72b73bc7ec8409ed42ccd947f501da0166
SHA256 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb
SHA512 f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll

MD5 4215700161720c767e725b1f7fc358ab
SHA1 6e31fa39775c1c6c60fe8869761c31148b0a8019
SHA256 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
SHA512 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll

MD5 3b620d81c727a8aba6dc6895af695d35
SHA1 21641bc6c802d0ada3121d14c2a8de4e708c74bc
SHA256 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0
SHA512 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll

MD5 d54e0da17090c6911db3fd0770faf91e
SHA1 5538096f53b4160ef2e91987d57d2da0ddb9b6ba
SHA256 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618
SHA512 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 ef80685a812d9c252de35fc9b38bad11
SHA1 c641bf0f41d0617b25aa20d63b033236ad3133ac
SHA256 e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0
SHA512 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 27a8f9e71a2f2d134c55de62fad6cf0e
SHA1 b60944dbf9a50a166b71fbc58305c3d559c4157f
SHA256 a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d
SHA512 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll

MD5 8fc176a3a6550f90e73d6da8445e8780
SHA1 5d249243678a789ce56037d0d1b36420d97dce06
SHA256 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467
SHA512 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll

MD5 55902b92bbbca7a2d11a946297f583e6
SHA1 b6158f009d98a98ed2e56d377f9c4b6323b852fc
SHA256 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98
SHA512 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d6db1a6b5087a82e766fe7e9f818c135
SHA1 d786b2d8ab10edf0e893fcfbf52b03bceb15f53a
SHA256 f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d
SHA512 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll

MD5 2ca477f1799fc97d6bd05437bdfd0017
SHA1 31feb0b42e9237cddc5e47c3f4a076de86ca600e
SHA256 e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227
SHA512 c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll

MD5 ed69bc0f310c5ce427e25973a0a52c31
SHA1 0bd1683418c952490f6a791a044b5840f5dc90b5
SHA256 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01
SHA512 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll

MD5 46361d1f7b60b86f128f4e23c95cc3e6
SHA1 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994
SHA256 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310
SHA512 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d2eeb9f6789213bfda7fe6bcb2a1540a
SHA1 c330267c8abd56c04204deee9aabd566268daf97
SHA256 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971
SHA512 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll

MD5 599025b219fb4f70b3f93eb0d4d12bb1
SHA1 c1ceab162231476cfa9aa35a54400f3d959369bb
SHA256 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8
SHA512 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll

MD5 7f8e52ff5a64d2d471413e288a591866
SHA1 cefad6219c916307e0bf7ef1382512c2cd4c2d5f
SHA256 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb
SHA512 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 210b0178e7aca6b9444e2d10ac6ee054
SHA1 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3
SHA256 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906
SHA512 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll

MD5 8f469c5b261e003ed991f570aea8f29f
SHA1 848046907a02d605d53a31748d8dcca18d11259b
SHA256 ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6
SHA512 f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 f58fd490561921c154c31c05bbb63a3e
SHA1 d5f009e7cbb070b35ed81acd68710716bf971b7a
SHA256 bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff
SHA512 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll

MD5 f2d0493794b45c6a2629fc9c5c80f832
SHA1 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8
SHA256 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507
SHA512 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll

MD5 e0b524ff31e7c651eee7d83b1c7cc2d5
SHA1 d29f001b843e452cae91a2d01ef338373fb24763
SHA256 b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6
SHA512 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll

MD5 66a41a8156a7f9cae4a7977cb8084fa7
SHA1 4c72b0d8c90daf993fa0371269af04703a81fe4d
SHA256 a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b
SHA512 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll

MD5 d2de2615f123ce2bed3332d505a99385
SHA1 9f2ea75348020d271222fff7984c8ef21aee460e
SHA256 da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9
SHA512 a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll

MD5 89abe10555d85e9bd183fae2c37d7aaa
SHA1 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a
SHA256 d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2
SHA512 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll

MD5 dedf6460cb6fc8229b3e889d1b32f75e
SHA1 f47e35654cb90ed4505ba49a92b2fdc661c0fe8a
SHA256 bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb
SHA512 b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 7dbc1ca1f1103cd971a67709d5203dbd
SHA1 717e689b96a5d029558e7cb663d5c7cda840b780
SHA256 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1
SHA512 ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll

MD5 3d2b4445b9fafaa0e13ae0e126be2669
SHA1 3b24c99469ef9a35bf720e711a0b022f2403be22
SHA256 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398
SHA512 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 3e4803f97b89adbaa575b45aac0dd4b8
SHA1 d810ed1486f86494828a8cd96f774881a629b652
SHA256 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da
SHA512 b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll

MD5 514a74d1050e7bdcbb1f422fb571c351
SHA1 5a82976e2456fe3f215316a85301460c6af389d7
SHA256 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a
SHA512 f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll

MD5 21f5271a151394a654b2f1c44fc44049
SHA1 1d2f98700ee87fc747b230b908fea133b730bf0a
SHA256 a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822
SHA512 cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll

MD5 90d42fdf308dfd771797dd41585d3baf
SHA1 daea1f05092de97ea558de14b4e112ad48b77726
SHA256 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe
SHA512 e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6856722db8c9e3dbb7fc62938ad2cf1e
SHA1 6d1aa306d7793916adb30e9aac451b2e43516abe
SHA256 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086
SHA512 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll

MD5 88b5f9bc871438973ef12782e0c8d12f
SHA1 d327208b4f26c1c6f0e9df50ecb22a89b426465d
SHA256 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b
SHA512 d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll

MD5 dec83f473e43ee78e92a4b682a9a7904
SHA1 ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3
SHA256 a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b
SHA512 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll

MD5 9975d1ae7b84b373d9095d757172ec08
SHA1 302edb92e0a6ee621379528fbef9dfcc249b9285
SHA256 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584
SHA512 fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll

MD5 f862bd9516845b31973ba98e9f1288b3
SHA1 ada580fc93b4f5a86db92e1d612293ccc21c72f9
SHA256 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1
SHA512 bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\Badlion Client.exe

MD5 96cca1ea8b8b49b107f8302bd04eff01
SHA1 90e7d5864cacf9bf0969f31adc7d8684d89dc721
SHA256 d6ec31699b65bf3e11a381c0eb8388667ef98ee672d86168add59f3b78e93f97
SHA512 757d764668b4538fda3c0b6e14641ecb5b8a7741d26c3bcf2e5a778f18f809b4290c9097e93b3eac284e8bb62889561611b1684bf3f7f762ea03b61c6bed7911

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\concrt140.dll

MD5 14b7a99127ca18df05dd1f5be3ac0245
SHA1 991891bb1ea603a002941696697f48cfe52cf94b
SHA256 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995
SHA512 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\ffmpeg.dll

MD5 400e61d31dead1434bace5c10819b48a
SHA1 4c7984e7db4564a6cb3510eb0097b716025b8646
SHA256 54df020fd9e96997fdc9ecee13e148de9183d1b3327dbacdd68cdb9b151761a4
SHA512 72b8678c2f31ee11c1ea754473e7d02c7649e3b36b599938c50f62144c73ca283339ce07f799889d2a6adc3337afabf1c2ae4edd823f3a165e8525a80a6ebcd5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\discord-rpc.dll

MD5 5882c37b79bae47a0d090006564edb22
SHA1 ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48
SHA256 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b
SHA512 d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\d3dcompiler_47.dll

MD5 b83c26724a7b7325b2064abfddac695c
SHA1 30f7b005572115a7d7560a3d79dafde38d69f075
SHA256 a9fe21fff31b3fe9fcf629082497c03587133e6d607cd2eb939eb7dc276e3010
SHA512 bffb4a8b77562256cd3808922c7bcd8f83840f81436ec826ad3a4668d2d41e7ef76191c32d2e49206717ed3d948b6756a8ff81d981d86f100d230d444ba5a051

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\ffmpeg.exe

MD5 128cb112ba454ae42fc7bebca70fa0fa
SHA1 7204b3c1737bb0954351ba4e3e3616ab0e8694a3
SHA256 fdbd61c64635b67b5e1fcb5a99fb04f998e92e3ed47e2ce546eccb26628cafba
SHA512 1566a17ae4dac04145a2b33bb64d74af8a6ccebd02f6dc3718d392dc3482c06ff26e68ac9aff6fdc2b6fd9328b7949fb8a3a0dfaeead70147cf4da8a92561c84

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libeay32.dll

MD5 e1cf2e1b6b3a5dc8215b112ad6cb0710
SHA1 25070b245c5a88b259a51d5cce7ffbb24d53626a
SHA256 43f3b4b61c70d50f819aba632e6251f353303204dfa7d072388d57a1d773c7f0
SHA512 3e44de7a243666fc11382e95c8cb3fd3d3acbfeca7af85db34914186ad05f7edc287b990a19338b4146fa2b84f46c01adf4adf33edb43b59e5b28deaf0f8aace

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libEGL.dll

MD5 1ed91477a02e0e2a64e5e9f26bcea438
SHA1 8058c2bd3342d8d882768188b1e5c45567a8dde9
SHA256 a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03
SHA512 c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\icudtl.dat

MD5 e5b0059eb819d295dad73db3fbaaaf69
SHA1 8d58e547e3bf5a7664356be143be8ae3715224e0
SHA256 30ba2041780ff432891cef8b4b4a1b64f3ce0db53329de1e6606bd3e12b8e875
SHA512 4ac102b686da86cfbf47d4966077300e2d6f19f02683ccf5ee78f9f7654b45198e75dc8233dea5382f136aa8bff150ebc99079ac3796738087a69bcb6b7ebfb4

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libGLESv2.dll

MD5 48c30f8738d0520e547a2f17350e15f8
SHA1 ce7e4ef387a0a49e7898362f1e57b320152f15d9
SHA256 cb6901c9e810ddee3f655c6084246b95c89883fb159052aa8590ff7e312a9ecf
SHA512 eb67a77d5250082bb7319b5aa347798034e1ba87b56c75d5e117ed48100f0ea3ee5e47fdefc5ab7eb1a63676b9fbc7b576219f68ac148443b5441d9db44a3b52

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\ucrtbase.dll

MD5 1c5593e7ccec5ba236cf0fbc4175dc84
SHA1 2a93732b26427480a060ccb8c2e7a260aed0f796
SHA256 3aacbb43adb667610ae624f02af096d8b61faf2ee2585ed0c4c5b6d2c360cda7
SHA512 cb2bc83b5d9a4b6ef8325b93754ba03d275479180875b63cd8637b118a7f81a3d4c4d5e37be89ea0bf66ce2c9618612a4a567e70aefff324082a2db6123bafb3

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\vcruntime140.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\VMProtectSDK32.dll

MD5 17011601817dd00866b681d4a0bd90f2
SHA1 d6ad7087f54182b47a9a6776fab90cb03e95f80c
SHA256 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927
SHA512 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\zlib.dll

MD5 d48c270acab962aac5d222abee92c39f
SHA1 b23f9b747d859856fcad94652ebd07284fbd33c4
SHA256 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c
SHA512 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\vulkan-1.dll

MD5 9663210f63cbf7a8d6b36a95d93dd119
SHA1 0fc5c50984b2c9677b8ebce4d4518c1322ce4145
SHA256 de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88
SHA512 a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\VMProtectSDK64.dll

MD5 6540242ff58d08c8849268cf305445b8
SHA1 ba0d0c8875ed96f137dcb28aeff873373b994eee
SHA256 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
SHA512 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\vk_swiftshader.dll

MD5 3f1dc8ba58b5533aef98512d72cd928d
SHA1 8a5308f6194362fe089523433a6c758465e3afc9
SHA256 1edaf1b016e20ab3aabb4f902b6050392c5ca0f0853f10d82f1ee39bc23877de
SHA512 66637872c38231a13d7c904aa4747d11dc0c82eb8c89da3bd46567a89de5a25a988a46100cf85eec7cf44efba3f491ddf044f122f42ad1c090b610ed51d016b8

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\vccorlib140.dll

MD5 3d8e0ebbb613cbe80320a61259d18514
SHA1 a69747866b33159ee14eecc9ac19a0ad1f1db4e5
SHA256 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6
SHA512 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\hand_grab.png

MD5 7be75a54023adbe7d6b48260e4e8d032
SHA1 81f20b4e0ca495e393748e0054d9ba12b6179196
SHA256 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e
SHA512 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\zoom_out.cur

MD5 48b46c3e0650d525e715cf9cfa6c67e5
SHA1 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a
SHA256 f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536
SHA512 e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\autofriend.license.txt

MD5 318bceaa1151b1b6bffabad8dae01498
SHA1 c776fc09a2e25058149deb3bfa163c0053860a90
SHA256 ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88
SHA512 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\flag-icon-css-license.txt

MD5 d0bc1323b617fbb4d3232b745ff45dfd
SHA1 5c11645d0455590741dacb68d3eb1d253a5ec106
SHA256 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225
SHA512 dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\notenoughupdates-repo.license.txt

MD5 3a5337edcf43176e258e1a5ed8baafd7
SHA1 fe2b722844bb6331deef47fc5192c1e742ab5caf
SHA256 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc
SHA512 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\rubik.font.license.txt

MD5 1a74d7f49b7531048b89d6ee3f49e1e1
SHA1 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5
SHA256 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141
SHA512 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\id.pak

MD5 3f97ea5926942c97932bf598c0321b96
SHA1 844fe4d4734677d166e9ed443844a94b712e6535
SHA256 feb6513eff10b15bb807853c42b4645d1cc34f001b63cd0b08c648d1c58f1ff7
SHA512 b0fec2137899872f63873387da52b8b4ab863279b7988059e6e0eaa4c60ee3973fdb518ba7954cff2a7a261e7568f7e50c95fe8eb8bd0b61600abeb3e6f6fb2c

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\nb.pak

MD5 02d7fcb96bf6e7ce3db9eaa7bc65bf74
SHA1 6543ffda9b49c825c34b43c0939e60a7867fc5c1
SHA256 329f5c7678d0050f7e3f2166199adc3074ea55fd47a7a6c1e99a359d6be70258
SHA512 e53f12184d992644914e51fd290934bcdaadcb02d2b66fbc24d6c0bc5e23e6779a04e565d646f7a14e57f9539976b6439a885454eb3bf8f7f2e380465e9b5663

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\tr.pak

MD5 36fab3d9331a1f15eadef6d005da3270
SHA1 d3cf2c26ca1a96343aad87c6cdac3e134044742d
SHA256 eedd5a3b5ce81b0347f538fbc6e537c9c99c27264b4265c2ac4a6448b5adb852
SHA512 c7a5c692a05d9ad838be435ad881ae15835c70646acccdf8dfbe89c5ea42c9cf1043bddc70e836c4ea4930bc8f4ad699ec1f2f9f3a90b5f7d42c58e28dea9a9d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\native-modules\badlion_electron.dll

MD5 84ff65c55482cb5f159524f1ca5a5c49
SHA1 b62d786597d5245758910f19604a7e4f32530175
SHA256 af184412c97f9d89b2b936183766e07f906fa6a5abffbc07c8e37cc54979c984
SHA512 906ea7f5330a6e36f078e6850becaa6642a4c4a98ab33ba3a02a5af607db8fa09f8cb09accfad44f07e8add43510575c4f53638eae9201d2b49d76fadbe2fc97

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources\app.asar

MD5 b51dfb16bebf2d231ffd39744e31ddd2
SHA1 606c606229e3c369829a0695150f93e2f755de95
SHA256 7bee76709b420b096b716b09e9973a22a5fe5fd457fb6d342d6c6c4cb21a78bf
SHA512 8846095836b914d3d717def3f18c1c1b0ec370629883d752da86a9b703f5e385ee2515bef76d0bdb65fc5a5fa6aaabd1227e6964ce7597662ded14653c2c652d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\swiftshader\libEGL.dll

MD5 e7c8cd0bc5305a7c3c2a2c1f689744e2
SHA1 de20c6420bd838e13867bb37256e1b25bf365942
SHA256 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9
SHA512 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 68b31376bedaa7bad1c9762f5ca09270
SHA1 b962ce62b60e1cdbc67cde68967dc4625cc8bc4e
SHA256 b8c4934c7232db4316fc6f475746a2ada90cbac6b6787b9c0209b0761e863340
SHA512 b38c14184fef692bd586bdeddaf095fd710b89be9a41e87c37f0112e84bd1549f080235a44d866e832d3a81df750281dc97bc1e829e040982cb3e30c2bd66d06

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 cea2285e2adc6889b8ce5559a19e48d9
SHA1 1c8017f796aae13914aa500858f615bb33a84b47
SHA256 94123dce4be74638497d505d5c1169699966070c774ef41e92a21c31bc1ffc62
SHA512 1135540a5861be2ead6d089099e3fbfdaa6954ee01609fe1358be5b3ce87883c1ecd6b86eb377a7843529b5cc6ef905d89c6cb453b312039dd54bb24fb4f1a16

\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 8f32d2890d1992639ee775cff7850530
SHA1 df38f4221ee45e9453db3f958f92da6eb8bee95c
SHA256 8de8f8377ea4f78d87b0d9dfdb2a7603b5ab62af6d9eadf33d094eeb10666343
SHA512 c8931a49ed6e172208861ab9dd00ddd6569007a3883daf4a075bfe12b802a6554492ec6c9b2fb2b1248550bfb178f315b86bfa8c97fbb1ee1ae24cba0e34d583

\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 9fbb440de606de41bca3c48ef0ca301a
SHA1 ee801b880d2cb1969b0cc5688f5f72d97d6437cd
SHA256 15a176d1304ed70bc913b03882ae3b23e70e39e89265ff6efc4d8b6664b2d1d4
SHA512 2149a29af11f0e0bfb95bb2490aec76011e725d2444467fd44401353b0a73e84fbd33eed721e0b7284a1f436a2daf4825658a52b052ea35d522688a0b86f3a8c

\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

MD5 580f9cfe77b8147a7945591570f4de07
SHA1 84f2ce4054b89c3485aa0219327a7fe00a4571aa
SHA256 abe3230fcbee067a4b51b2e29a2c6d7179e6e0e42c36959c89e8fb11f1176159
SHA512 bb4040e2124d931ce4327897d33b5ad71af5cbc5b4894f4d88f5165f5c8f694798d70ebb7a7c3ed03a1fd2b331921d8df0e3c5038ba5a714da4bf90ffa5ef620

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources\roots.pem

MD5 bec29e7471bdfd13632a88a0e1177a4e
SHA1 f06003491572f8c18b6c18f1857562562eb48032
SHA256 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e
SHA512 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources\elevate.exe

MD5 8f2b6a7fc4b1f254048322e6fad67aa4
SHA1 9a9a73b49ea18a1220f08e3002c1c67701393e0e
SHA256 8290b594a4164a1a41a4f9302ee2858a48cf6e2085c79dd7b2e9f4b4a2a967d7
SHA512 178af6f62ce8ed584280f7653167c8881aedce6319b25096c6d1bf30fe7bf8da77ee57b849626fc4a4606357ce17537ecd76cdea67edba5164a556c3603dbee3

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources\debug-log4j2.xml

MD5 dd7150b869964d8a892cdd584948dc55
SHA1 f8053aba6ad32932509c37f9d06fff2af011ce52
SHA256 c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba
SHA512 a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources\app-update.yml

MD5 8d66155f0df4170c9304d509353ae353
SHA1 f71f83013f024571a2b3211d35318b322274c835
SHA256 a8d5b508260d7b730705fd748375b0b3cc04bd962d843f9c944ffb12c96c9f3c
SHA512 f45c3580d4b637d9ba5c88c54b3edc52a4b8734d64b5b3c8e0fb92c05dda0768c4e520b597be17ad5a7d4c19c2ad0b5d3050c8da4801dbc526ff3eefe5ea46fa

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\native-modules\launcher.node

MD5 706b987d1d65ad8323a4cc3368896983
SHA1 5a9b02a10b5b663bd97a535b891e395793d6a6ad
SHA256 64d92a5d79a694114d93cadf61b23f347d4e1c7eb060b01225a8e633c849ff1c
SHA512 a3794dacfe38a85a562e926ed74c9bc5276f617622ec8bcb625a1551a24673b4fbca3807cb99f4878f9c600b3fe0fcb1f19cec4d1c268f9add5733931051c194

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\native-modules\freetype-jni.dll

MD5 f0b7ea43897cad185ebf5a6576fb4de1
SHA1 cb74ff21139b868d7f98ead04796b038377a82db
SHA256 6a102244e788c42bde749b9b547c1f99b8f27d9bf0bd3b4078fcf0ea5005fe54
SHA512 eb76a1a4a6fd268eb60075a4247ae7b3ccec9417e78bf88a5ce36587fda18a2090df599af26049859d0fa5da1f4495b03af0124f8249216903d69810fa8eb01c

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\native-modules\badlion_js.dll

MD5 4bb4efb1b323c7ff0543888412279008
SHA1 ec481c8f27aac6e1dd7e6387d1b2be6409422e25
SHA256 422cedc417bfcd34969db283213bde74813ae3a6efa0cb3b62925d543c11e6a2
SHA512 4f73f8e5a9e0096a4f627368f68a5d145bca79a6f0620aebfc63f3a5011c0a6db4aa9cd76cd2eba4dfe782f89043f958d9700ac65ede25b4d5e6b09371e7d5e9

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\NSISdl.dll

MD5 ba2cc9634ebed71cea697a31144af802
SHA1 8221c522b24f4808f66a476381db3e6455eab5c3
SHA256 9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba
SHA512 dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\xxhash.license.txt

MD5 184732fe7ad572cca839560f13667eb6
SHA1 76fcece0f58b529b1ecde86e8bf8f8bb1c652519
SHA256 ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a
SHA512 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\xdelta.license.txt

MD5 b743e02a975dc959abb35bcda12cd4c1
SHA1 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c
SHA256 b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c
SHA512 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\tiny-process-library.txt

MD5 52607bf5b5dbb263092f9672eb5b0b1f
SHA1 ac2b9621c7b1649ccfbd31034ebdff57249802c2
SHA256 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5
SHA512 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\slim.license.txt

MD5 b9647dfe37ebff8112b7fb0204192de8
SHA1 ae084d7c34776826e0398e73eb827682852a4b54
SHA256 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499
SHA512 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\skyhelper-networth.license.txt

MD5 27fa1700231bee88a24cd306d673af97
SHA1 ccaf356f932ddceaa1c59756b2d72c5c21c89fb0
SHA256 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5
SHA512 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\skyblockaddons.license.txt

MD5 b5697125b9a58f980344d778c84eddc0
SHA1 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659
SHA256 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf
SHA512 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\replaystudio.license.txt

MD5 faddac7574586fc2805a9b3f3365767a
SHA1 bb87c11cb254b9c7693c2e62c051a10596648ecc
SHA256 eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12
SHA512 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\quickplay.license.txt

MD5 c3e1cf1c2620ba0f75411f66deee382a
SHA1 37f7156c3c10e3c09169697bf2e42bb7fdab27ee
SHA256 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64
SHA512 cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\openjdk.license.txt

MD5 8425bcbfbe27f7f8ec1e46e9f0ae0c99
SHA1 5898367b940826f516f625dbd78fb8957f3be986
SHA256 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b
SHA512 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\nativefiledialog.license.txt

MD5 292e3e89db90cb0fbffba767983a8f55
SHA1 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec
SHA256 c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3
SHA512 b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\nan.license.txt

MD5 895f9d80d77e26153e48525caeb23827
SHA1 3d7128bb4973afb706aa1f67493b537006d79937
SHA256 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1
SHA512 e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\mclib.license.txt

MD5 12873b817d4334eac6197edbc5956864
SHA1 20a910d495a276c23bc9b43faa7994338f51ce69
SHA256 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72
SHA512 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\lunatriuscore.license.txt

MD5 ee99c1f26cd4e6a2bda84ac34b9ff861
SHA1 0327523304d63b6addb96ba18abb6c47a3fd684c
SHA256 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22
SHA512 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\licenses.txt

MD5 4a9c8bbed40470a9ffb7db1d63bbcb9c
SHA1 88a83ce9d6734d54139ee7cbfab63253cb73b415
SHA256 c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f
SHA512 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\licenses.dependencies.txt

MD5 2053245129c2910e9a1a854dcf69ece1
SHA1 294462e57e57fc416d28ef2ced053f97465e3fc1
SHA256 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943
SHA512 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\freetype.license.txt

MD5 02891d3fb5adadff2546b4279649112b
SHA1 1b299099e16ad96ebf53e67391685d9d0a51b368
SHA256 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b
SHA512 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\freetype-jni.license.txt

MD5 5db6495b17d58ad312a32e5791c61097
SHA1 428650191730f35163e8ec78a25126869b2ab1e2
SHA256 d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa
SHA512 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\ffmpeg.readme.txt

MD5 46efd225e4f70c87659ee3728c4cc352
SHA1 3772c422a0f862d32a0cdd082479e432051f17e6
SHA256 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544
SHA512 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\ffmpeg.license.txt

MD5 e62637ea8a114355b985fd86c9ffbd6e
SHA1 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3
SHA256 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809
SHA512 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\disruptor.txt

MD5 ae32a12a5be0d4878506f2c7927826c7
SHA1 ef0f419dca631ac1219e19af5b4a5a0875f68da5
SHA256 eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f
SHA512 a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\discord.license.txt

MD5 f8cba3d1a6a62d09224f131fd3054008
SHA1 661a941700833f7229cb17d206f1d25e23301a2d
SHA256 cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f
SHA512 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\chromium.license.txt

MD5 8694b4a605dcd105b40d081ad09f0f46
SHA1 6666d31977554cf9d1558cbc63c339e8b07e3c94
SHA256 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a
SHA512 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\cairo.font.license.txt

MD5 5a540f4d98fc81713b81aeadc530c6ed
SHA1 273c8a98fc1b2709cfce81d7f6960b63326e5485
SHA256 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727
SHA512 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\badlion.licenses.txt

MD5 a2ed77a24bd53e33a3fd458d99e9be0f
SHA1 07af4fb75f3122867c9e3255ad6d1e11fca88808
SHA256 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05
SHA512 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\autotip.license.txt

MD5 5b0b97f483331418e30c469af896d87b
SHA1 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae
SHA256 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442
SHA512 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\licenses\aperature.license.txt

MD5 1837a1eb671079c67ed2724719588c48
SHA1 ed2c02b395fdeb3b56d0d4258c677a1329e78e54
SHA256 ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6
SHA512 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libs\optifineinstallwrapper.jar

MD5 8967319339fd7ff2a67b3a9eab3e4b93
SHA1 03e69508f50bffba71390c367fbc5e8c00d07335
SHA256 f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0
SHA512 e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libs\lz4-java-1.7.1.jar

MD5 d56d86823662a663a4d614dd5e117eff
SHA1 c4d931ef8ad2c9c35d65b231a33e61428472d0da
SHA256 f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac
SHA512 ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libs\joml-jdk8-1.9.25.jar

MD5 9b868b921d0490b417bd594984b680b1
SHA1 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da
SHA256 fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28
SHA512 c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libs\disruptor-3.4.2.jar

MD5 6895a3c4f54cf92eef6530e9e2cd3c46
SHA1 e2543a63086b4189fbe418d05d56633bc1a815f7
SHA256 f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
SHA512 da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\libs\caffeine-2.8.8.jar

MD5 ddac1f8f76743255084022ac6f06b7cf
SHA1 298bb2108157513a39a1a52a686a1fe8b57cc973
SHA256 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73
SHA512 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\zoom_out.png

MD5 e1a004a51cb04c38f49184333a23379f
SHA1 5b54adccfebbfe4bb96502db5370c1ab830c829d
SHA256 e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814
SHA512 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\zoom_in.png

MD5 6a5fbd95c627afe076f43f9254dfe3ed
SHA1 f71cab57e9e80ba792f73f363056f6dede7c8bcd
SHA256 e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522
SHA512 cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\zoom_in.cur

MD5 77492cf358d8b12629399322926c93f2
SHA1 8291ac3dad4e4f33183ccdfad7b92b1594c760f9
SHA256 eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872
SHA512 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\row_resize.png

MD5 cd9d05d1ce7c942af1ab5e6eafd0a13c
SHA1 d3dc6b0df04e3c6bcf6166984e3738a7651284ff
SHA256 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f
SHA512 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\row_resize.cur

MD5 70618f41c70238453a7d876bac5ab501
SHA1 bbf033428d8cf562ac3347440848b1b3ed1b65a2
SHA256 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04
SHA512 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\move_drop.cur

MD5 63942f237ac6b11d62adf014d2cbdfbb
SHA1 f8b582c7d8edf28c2637d5f0f27f2586cc92bce8
SHA256 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e
SHA512 e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\link_drop.cur

MD5 66e13793e687bdb92c09e0ae7964e194
SHA1 71019343b1747c19503e935aff3c7aba1fb70541
SHA256 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67
SHA512 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\invalid.cur

MD5 2f8b93325987b4eed575ffe251c67751
SHA1 ad1c4ee2358fc0f84d2ac2d17890822ff51ae725
SHA256 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf
SHA512 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\hand_grabbing.png

MD5 ddbc22bda750215abfc73d75e1105b17
SHA1 f8dc1196227d95b7630dc85a3543c6db853f65cf
SHA256 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee
SHA512 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\hand_grabbing.cur

MD5 8605cf2c21985f59d2480da72aebe3aa
SHA1 1b8137afa3dd66c23af9e40e75339d2f0174aff2
SHA256 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a
SHA512 fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\hand_grab.cur

MD5 3f37213b8c0a7374308b2ae99d4eefa2
SHA1 b72b9901b3fe6fc8693d67cc5e419e494afddbb8
SHA256 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0
SHA512 ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\copy_drop.cur

MD5 f92d1851a489b0af7ab807a2f07ebe16
SHA1 d97c9d7ab76993448f6240322140dd23c756b6c6
SHA256 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab
SHA512 b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\col_resize.png

MD5 0723c45d9f82b0e31a1fee26b9b4f53e
SHA1 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb
SHA256 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab
SHA512 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\cursors\col_resize.cur

MD5 23633a8dfa3548705f28c83ee9584d6d
SHA1 be5dd224d071d965bc0411206cadf9b33ddb384f
SHA256 d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0
SHA512 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\ssleay32.dll

MD5 c87e22c79b0653a27e0f9e6b1a9ac8bc
SHA1 bd37e85bf38192614d2b8fb5048d7e9f38eb34ac
SHA256 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132
SHA512 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\resources.pak

MD5 f616d69f6e582582930d06c5c18f0f70
SHA1 fde8e2653f2a5317492105bcabeb3565faaf74de
SHA256 bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855
SHA512 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\psapi.dll

MD5 80050af28eb0070a582b33470d20fc91
SHA1 bacf5fdb74ef5fbaf91d0475736d566ee3babc18
SHA256 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2
SHA512 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\msvcp140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

C:\Users\Admin\AppData\Local\Temp\nso5FDD.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

Analysis: behavioral19

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:27

Platform

win7-20240221-en

Max time kernel

117s

Max time network

125s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\col_resize.cur

Network

N/A

Files

memory/1628-21-0x00000000024B0000-0x00000000024B1000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-02-22 18:13

Reported

2024-02-22 18:28

Platform

win7-20240221-en

Max time kernel

118s

Max time network

136s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\link_drop.cur

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\cursors\link_drop.cur

Network

N/A

Files

memory/2180-21-0x0000000002270000-0x0000000002271000-memory.dmp