Analysis Overview
SHA256
20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
Threat Level: Known bad
The file Badlion Client Setup 4.0.1.exe was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Drops file in Drivers directory
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Unsigned PE
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Program crash
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Kills process with taskkill
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 12:05
Signatures
Privateloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20231129-en
Max time kernel
1558s
Max time network
1561s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240221-en
Max time kernel
1563s
Max time network
1570s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-processthreads-l1-1-1.dll,#1
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1556s
Max time network
1570s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll,#1
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:50
Platform
win7-20240508-en
Max time kernel
1561s
Max time network
1571s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2972 wrote to memory of 1624 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2972 wrote to memory of 1624 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2972 wrote to memory of 1624 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-processenvironment-l1-1-0.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2972 -s 80
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240220-en
Max time kernel
1561s
Max time network
1563s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 220
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240221-en
Max time kernel
1566s
Max time network
1572s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240215-en
Max time kernel
1565s
Max time network
1570s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 220
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240221-en
Max time kernel
1799s
Max time network
1693s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6949758,0x7fef6949768,0x7fef6949778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1356,i,5562080028626298302,17927714373126404736,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_2228_FHMPWNFRKGTKFNTS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38b42948758f6743a553e33a5ce0dca1 |
| SHA1 | 4fccaba0f3285dca04e341b3a4585d4302e211fe |
| SHA256 | 630b7e58157695b7fe18eed69197a1d8fcd413f29e0e7be390fab49e3a46498d |
| SHA512 | ffcea5c1748788379caedd9ac0c37aae2a5a966abe212f6fdf5f9c352acac1d70323796efb5ff2ac0c23600804cdf7eb9e6a2eac9d1114a94cd38e9bdc9fc2b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4dc5eea20ef6caa7131c4cbd6d7f42d2 |
| SHA1 | 4d63c39ecddd76fc05478c9eba89e05790b02595 |
| SHA256 | 7a929a3ce34431e81512746c8e2a5c4b000f638ccabec038a66d6fe6e7679075 |
| SHA512 | ec4ce5e8dc0ade831790dc377b20ff1e157becf34d1105a58754273ccb93a440fd4d528fc15ab2261f079426763f70a4a72384f1d4e4fd76ee2bbb3862b57cac |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1563s
Max time network
1573s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-1-0.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:43
Platform
win7-20240508-en
Max time kernel
1561s
Max time network
1569s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-heap-l1-1-0.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:46
Platform
win7-20240215-en
Max time kernel
1563s
Max time network
1572s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1652 wrote to memory of 1608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1652 wrote to memory of 1608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1652 wrote to memory of 1608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-interlocked-l1-1-0.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1652 -s 80
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:49
Platform
win7-20240220-en
Max time kernel
1565s
Max time network
1573s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-memory-l1-1-0.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1564s
Max time network
1575s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240419-en
Max time kernel
1560s
Max time network
1572s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-0.dll,#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:48
Platform
win7-20240419-en
Max time kernel
1562s
Max time network
1573s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll,#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240221-en
Max time kernel
1558s
Max time network
1565s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-processthreads-l1-1-0.dll,#1
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240220-en
Max time kernel
1559s
Max time network
1562s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240220-en
Max time kernel
1559s
Max time network
1568s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe | N/A |
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2064 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1768 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1760,16425787240865697280,2347743643298192813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2648 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.2.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"
C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe" --updated /S --force-run
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 3548" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "Badlion Client.exe" /fi "PID ne 3548" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 3548" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "Badlion Client.exe" /fi "PID ne 3548" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | launchermessenger.badlion.net | udp |
| US | 54.86.71.117:443 | launchermessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | cdn.rollbar.com | udp |
| GB | 18.244.114.70:443 | cdn.rollbar.com | tcp |
| GB | 18.244.114.70:443 | cdn.rollbar.com | tcp |
| US | 8.8.8.8:53 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 8.8.8.8:53 | owlmessenger.badlion.net | udp |
| US | 104.16.147.116:443 | owlmessenger.badlion.net | tcp |
| US | 104.16.147.116:443 | owlmessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | assets.badlion.net | udp |
| US | 104.16.148.116:443 | assets.badlion.net | tcp |
| US | 104.16.148.116:443 | assets.badlion.net | tcp |
| US | 104.16.147.116:443 | assets.badlion.net | tcp |
| US | 104.16.147.116:443 | assets.badlion.net | udp |
| US | 8.8.8.8:53 | client-updates.badlion.net | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 104.16.148.116:443 | client-updates.badlion.net | tcp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 104.16.148.116:443 | client-updates.badlion.net | udp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
| SE | 23.34.233.106:80 | download.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BC4.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2CA1.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2DC0.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | d25465a87d060a97e298a784137449be |
| SHA1 | cf769c982ec20bc52a7bc1f3319a5fb5f748387f |
| SHA256 | 8e93f8a812ba135cef7111dc622a74251f41207a9940fb967943c23e3f6f7c5f |
| SHA512 | 404ac17766171d55c5dc89596752ec73ceaa360dd7082854ec53573b16e6e077b4e98c3da99de8217562528ba438f2eed49ede21e4bebde2d72287f8dc7904ee |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 53316bc0c42b9d65743709021f1d03c7 |
| SHA1 | 44cfe377bf7fedee2ce8f888cfacefd283e924e6 |
| SHA256 | 600d914eb6b9ffb387be5b7300ca138192a4e86c4679c9bff36bcf0364e74b36 |
| SHA512 | 9b390f6d7955413c8d63d02dff6988442cf78bbfb72e12f7deab56b190c1a7f455c5af3344ee5a1f7477d383c24e567af4fb7639ab6d9f014935418bf1cf00f6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | 62d5d73ee869a0a2654d8fd554aaf742 |
| SHA1 | be1d557c26633ffd5edcb5caf37b2a09f47c6667 |
| SHA256 | 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59 |
| SHA512 | 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 52a69811d3911242ccea74f86b62e50b |
| SHA1 | 05c8078b3ca1f1a902e56a459cc360293e5c0a49 |
| SHA256 | c62b91b391bf287ad0aeefc74b5f8b6548e1d0d9eb63487c9e5dc982585f228d |
| SHA512 | 6a4f9aa038605af0080aada6c8341815271f184f29c1498f17fd1e5074cb48160aa561f2d5cc0d30783b661cb6216643b3b50d8350adf3be2782a14ede1af782 |
memory/3688-1172-0x0000000076E30000-0x0000000076E31000-memory.dmp
memory/3688-1140-0x0000000000060000-0x0000000000061000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bc37a191be574c74a4165c14b443031 |
| SHA1 | 5fd321c7b1f2cdb53c455671029bd9c5f685094b |
| SHA256 | 944363c65b5c67713c16e1a3668142146c98df5a1a770d26db7ad96f5be04326 |
| SHA512 | bca3d4573ce57a11f8d7acca35ef359fe472eebc5d814bd7510121d428198cdbd33cb90681190dafa4147da2a4f6e2b560ec91b9eeb9dc9b0382d51bed2ae9e8 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | d2da35e826a1e6af049f99048b4fb6ec |
| SHA1 | ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e |
| SHA256 | 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227 |
| SHA512 | d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 225b348b62b5e8dc511e6563eedcde7d |
| SHA1 | 2b8887c8153e7989634fdca9b99a8afb2c1f79c7 |
| SHA256 | 01cd6271d2c096ac75b95af02179bf0a577a7a0b8e8f3e488d7409ac01934e12 |
| SHA512 | a47d9c58bfcb13feb19b5e4d92976b1dbe3fa98340ae80e0c9839a0e62ae5b87c7a4ff71fdf67e6d76b45fc2cfa45a0d0698a4a743be39b932ddd26194a18bd6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-5256744368684ab8
| MD5 | ffb98039924220fb33837a443cdc5f51 |
| SHA1 | 4731fbc7a581df4e0abc248aebc158fb377213a1 |
| SHA256 | 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba |
| SHA512 | e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c036341c1a048a0e508e987df950da5d |
| SHA1 | 006865f217d679b5951d5337a5d743bd8983abce |
| SHA256 | c40eee02379c77d96d175463bb9b41deac854e13d9be6e1b4d871b59e905ec58 |
| SHA512 | 3b82c9b297e0ee0b12526f93011f06c92e9c70ad97ee1a6f3dabc70157df882dbd6446084b947e1ed94c389f6555608bf163b13b4680a0a362fff6a739e3a5cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 056114e009ec699f27eb7eac21334ae2 |
| SHA1 | 38323f16c027819ea7dbb30acae006c841a5ef5e |
| SHA256 | 11c13573cfbdf74ed8e5ecf303ac70d7c9370ec2dc702e23811729518466cd86 |
| SHA512 | 104a2fa7e9e3ec2978c66c768e4c14a9c97349b48d829a7e803e36930875b92e07c1a8e281956dd28358c2ace350eefd6b9728b9055b81e411e66aedc9bd701f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | dd88f8a3e762ff16a13c17f1304a68c3 |
| SHA1 | ede8ff2f6b44ddce80fbcff23026798528ea72c3 |
| SHA256 | 53585f7149422f8e6470123296119d0d3e9b662d442d8baf125e153aa70b8101 |
| SHA512 | 807362365878561b7ec9886985b6c85c92b2a8e97ccf941c0eaff2d15175d452b1da441b8243f4b32b3c36cc0ded83b0b166820ff84268bb6b98fb23dc163c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1462ecb6765fe9afdfc5e71cc6e84e60 |
| SHA1 | 9af226965b3d5e2b5f4458197e645a1edf99dd96 |
| SHA256 | 92946f7fc449c20a5a79afb1771c080ce6fa6f93e2c3507f9e3b88e13cef1c72 |
| SHA512 | 19539c6cc889b9e5a08877bba00a04eed17e891356450ec4a5e5c3cde35027aee402bc1a25a8a1289dd0e03e0e45a402bb66b69f2087b44ba914268b47e77e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1db780f858faab18da716539f2435227 |
| SHA1 | 3444a97dd2cad465ae2f1ca9eaed4b73134331c0 |
| SHA256 | 368e105c83c01045b7cc6e909626e2df5048fdb7c038466fc726bb2c643de2a4 |
| SHA512 | 6da7e873aaf4f33767698d2f109a28148416509a215e1d4b00f54d9b088b4a7957d77a6167f0c5e779e75c65a89db66af862b40999e71ab8b57e8c25f77eef8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27ab10d8168683d1f139c87da27e628f |
| SHA1 | 91efc6524b1b5af9c30ee7865859d8225bf2064b |
| SHA256 | 63b38d5e14f70e0d9e5568f87ef617833e43d15ace94318fcaacee13c1d17836 |
| SHA512 | 966d7ea31e733de3a4f4741b0915c30ca880173fddabfbfc789f8ffad4c73ef24cebdcd8da148cfa368e1c733803487ba7c52c05c6d12d173b4ab63bdd6ffc43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2197bcb234298c7f3d58e34fa69029a8 |
| SHA1 | 84ceba1881f67dc769b4c0b41cba016de3447a49 |
| SHA256 | ae3b1d7cd025f41098baa67b6eeaa85ff79ca7e10d0600258b6cf7afd6a540d9 |
| SHA512 | cec187030c684ccedaf1915f1a85c494e2a03c9e63990c91f59b3048b85588d83a6d169c43f7e11ba05a632697811514bb8b4c18fb4520443f1c5ef1a0bcabd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0514465c66d070c846ab1962b0d34db6 |
| SHA1 | 6dee2f9b6fb5e8b213de0ad86489e1681caedf38 |
| SHA256 | 9be929922a5ee98349eef6f5ff62d9564e8061f625600d05ccb035c6b827d334 |
| SHA512 | 31048224ec9a0ad980871c652efca1be7ed2cb30d2627e16dba19fafe06f27709e90ec33ed8044f3c97b981de6725ecdc63f8c081d4040fe50b6173a2685925f |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 35c685399da519fff1dd2da2eea03e4e |
| SHA1 | 52b473dc790ffe57ecb1261993040b54c6ef1654 |
| SHA256 | 1d252605d29d40ec2961ee4ccf18bce8854d7fbac71ec4d0d0012a0edbc60153 |
| SHA512 | 714aef66cfa54be304c3ef3f3086c07728ff7bdc38b8fe4115793a4544e874e43c90b9c9f4ca9a068111bdb6e64a84198ebce4800bd15114951b08675e5a18e9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\0c6a5e91-e7da-4fcc-a8b2-22ca935840fb.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\6998bcf3-996b-44aa-aa89-369f95da00dd.tmp
| MD5 | d7f843e6a28af50e926102d1a66bdea4 |
| SHA1 | 3ed8689b9f3551295ad650e9d5fe570103bf8811 |
| SHA256 | d5539b87d1ed08128e83c952789d9fa156283c16fd571d8c4b2d76f99c48887d |
| SHA512 | 2b2d11ee97f0d32323f328baf11bb99566e82013631dd30ced104967088d8b38f47492c5fca4a66c6d55fc67a2011bac725f98cfe0d1c4c88b75a0ec331c8c13 |
memory/3400-2339-0x000000001B6B0000-0x000000001B992000-memory.dmp
memory/3400-2340-0x0000000001ED0000-0x0000000001ED8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId
| MD5 | 1fb274f5c30282342936fe4f0af190b3 |
| SHA1 | 04ad50fe35101f35837cabdc4e08a8ce902f0f50 |
| SHA256 | a13d03d7a5a90a81eec69ca5d19e92f7f8c15c57096c46f6e36696036e211073 |
| SHA512 | fb67fb8029435de87fa887014382413ef571c568bfd3f2d6aaa73feba1ff2ec83607915d8ecd088679b0d6eab8494a413e5bd7b5512626b5cbd214de30853ec9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\en-US-9-0.bdic
| MD5 | a78ad14e77147e7de3647e61964c0335 |
| SHA1 | cecc3dd41f4cea0192b24300c71e1911bd4fce45 |
| SHA256 | 0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa |
| SHA512 | dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat
| MD5 | f6290118c4ede2f15bcb188c720a613b |
| SHA1 | 5e06b55d85c6a3af9b6383db755512b4ac6b2004 |
| SHA256 | 9ce6500ac068c39adf1578618f5b1a611d36093bc1e1fe5cdcea79fc9b3045c3 |
| SHA512 | 07ecdcbbef71c15528abbbac3ec62096ef4bc278123e404eaa8cf546dc291dcae0c04dca6e430545fccee74c51c54ae8ad5b3af81a2ecbb807d191b6c243fb76 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\LOG
| MD5 | 4402bb812a8a5f5515e8d8562579f2ce |
| SHA1 | 047cfd6976464586d202c8434532127c4023cac3 |
| SHA256 | 3f4105e3a0d7c129ba16bf5380aef2ea467d59694d86b9c56a9160addf7d8942 |
| SHA512 | 1647e14b52fe81b25104895a99867e7c63ffabaef8e5959a8e6a8560f18fcf0028a4e00e861532be8d8ed7ead585c0e9f7e77d51e382f2f266a105afac6359a0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log
| MD5 | 5a240e1bb8180e3aa0ac412e83dc0aa4 |
| SHA1 | d6f853c1125851b24fe643864b3a2d4f48d1b403 |
| SHA256 | 41e3709bbb4e17b8c1529cddff6178f472913af2a407ad9ff82a08db34a98d3b |
| SHA512 | 00648c2a459918922e146d198d502ad96903ed2a180a88a958df55f25cd85407563425b7494c2e62241d023208002a83828c4c463376af7ccc7cf215e885070e |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 6e90ff7b26ae8d2d6613d88f4d96fb08 |
| SHA1 | 9d7ce3767bea7b73bd8a79b0df87b4dd1cfde839 |
| SHA256 | a0a6ab9c94ca19a56cbed886529cef31db1a67e460229167612e3390fe43eb26 |
| SHA512 | f56d2c62b17db85343fe50706bc02eb1be21eb0aac2fe29f4fb0e98c02d0e72e9ab5e1ae4525417d341d8ec4a059a5eec11bcf1cb6cb71d510bcd06950664926 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\launcher\launcher-2024-05-09-12h-12m-20s.log
| MD5 | 34b468ddb2af1399ac0bb49f3082448e |
| SHA1 | 21a82a9cacfd4ab91495314f27f9737f41ed20d6 |
| SHA256 | d0a7a7fd353f71f9d3a983ad950969f1acf22add39daf5f656b493d3d02aae26 |
| SHA512 | 5942d6cb980065e0f356e266ab557805be917761ead0b2dfb0454fcb1c7021fdf2ec847bc16332bd637300653ed7ef82e697d71c6b531d5fba6c91196ad54df1 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\LOG
| MD5 | 77ba18b34b6a5b99c52187c3c5280e62 |
| SHA1 | 7969408a9b9c5c8454aea75513f08ef43503e2e0 |
| SHA256 | be203cdd6168bab31fb5935ccd7e0b1e1aca71caad1650d894eb357a7458a2c9 |
| SHA512 | 560ecadb688c084a5b07d536b8cefa3063ea9a70d2d41a9c7740a359ea7550e671040fb5d0306e16a021de06584b77c119341e996f2d029a7f7be27c635888c4 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local State
| MD5 | e4ff42c3330b5598f5271f99380fbfeb |
| SHA1 | bacbc8048aa7f005fb6d46573a1ff0747c3d84ac |
| SHA256 | cc95511320f9eab2976b3bf8db161c61b89551cce8d342cc8098d55bccd605d4 |
| SHA512 | 3bc475bae3d1827fbe7e8ce83a00549e84d90c894cdceb3aedb459628181dacf14222832dd0d21f943d18be20bccb524bad95c468c60ed10abb0a1802de3dc6b |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\index
| MD5 | eab0b63597996b16935181b2a46a7d6b |
| SHA1 | 4e842dd7671db1c04e8c431c6e8513537cd57af0 |
| SHA256 | e6d3b5dea0b91d7fe9e9e4bd6545de617ad66a2d40dedd1e3478004a95400b52 |
| SHA512 | 7b106b802dc6ca163475cc9205024c76f0d6f2de4ba1a0b42fec453c0b4484a153b8653287d70e61a17ee39cb1c454daa8314d3f4fab1ce9d214d3537b366411 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1
| MD5 | ad7baf597a3fe60c679616e5acd4e140 |
| SHA1 | 0077703630e46964ac318af227f03aff1ec028d7 |
| SHA256 | 7c6f76d01910884bf7a1266a2d208ddb03f38076b3787c0e5d0bf7684a7ab899 |
| SHA512 | e07397f2cb8e60c0980628a4b02b66eb323772fedf4438f753ea92d1980e58c2110c1acc6e3bd8aab15d42eeefd8e553e969186817a5275054c124cc9583e2a2 |
C:\Users\Admin\AppData\Roaming\Badlion Client\FontLookupTableCache\font_unique_name_table.pb
| MD5 | 5d6cc2e52416a5c83e28c6d60de90615 |
| SHA1 | b5460409df661341ac2ef71a7bbe8342be28ca0d |
| SHA256 | d56228a78e0a31e0fb28541d9dde2cf10913d3b7ef854bccb11a017af89f2607 |
| SHA512 | c486eb59ababbf71dcf12be4ae4fa9fbbea06be31cf0e9e143fda1434b64665caf8aadc013f29bc7e4e48147df87a4abbad183595c36d50ec21f32bd4568cc7b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies
| MD5 | b9ee75b6e293e9bf51498d4c29f6ea3a |
| SHA1 | 4c546cb278b06a4f1fe798ccb5b59169224e455d |
| SHA256 | dcb408efd8ea604a772143f69b04db5ff09cd61d86d4a0e1d60d88887377093f |
| SHA512 | b1e95b27dfe320180eed4b5c6cf8f3d58c66994f5e46b39c8114dedf352138208d26296286fc3c89781464a0a7e9d23ea372d8340eebc932225018e64c8f7a75 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\000003.log
| MD5 | 7e3bc92bea6fc75e378e85cb59274369 |
| SHA1 | d9692fb7c5b6024ae1fed1b70b9f650f6d6074a3 |
| SHA256 | 5eecd4a070a71ffef15fbbf8f497f269721770e4ad570b4d2f344531366291c8 |
| SHA512 | 1f3bd4f15d5b9989dd38ef9317dd2c0da34abb142bfac5366d60aebb2a83d55706988db9c6812598af38f66a5d0b6c95485c4196f5dabf05b7e31265ef8a2c21 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index
| MD5 | b740e332644495b5fc6291e0da73d679 |
| SHA1 | 70a605d0d185d9d7f825103a71b9cc5ed62fa9f5 |
| SHA256 | 766257ca231acde5670c1a5b32fa9fc5b0e651f33ee108d8e32f7ca43eef3a74 |
| SHA512 | 575b01b7f3a7518a258a007cd00682508cd92fe6b7b74fe82b439454c28b98b119d125ec4bf73fba06468dff28b57a2a97bef50f2869d57ca11ed6ab365d39a5 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\lz4-java.license.txt
| MD5 | 0ba5044c64ef53cb0189c9546081e228 |
| SHA1 | c8bc7df08db9dd3b39c2c2259a163a36cf2f6808 |
| SHA256 | 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e |
| SHA512 | a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\notoseriftc.font.license.txt
| MD5 | bec6f772ed2e38634da53c388c30437d |
| SHA1 | 43513d1f6a1329962106efc212457e1d6ef9e980 |
| SHA256 | 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb |
| SHA512 | de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-console-l1-1-0.dll
| MD5 | 3463d82d90601b441cf024c92abe4acc |
| SHA1 | eac8fdafccbc1beb17386552922770bfe12ec1eb |
| SHA256 | 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e |
| SHA512 | ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | ac3c4cafa028297da5037781f1156220 |
| SHA1 | 937c2b11c7fe4effc16e67af716563aee2419a0f |
| SHA256 | 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40 |
| SHA512 | a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 2a3c5cbe313f4105dce8a79f533e5959 |
| SHA1 | 26e6768280c83217ccbe36f3a405381defec12b9 |
| SHA256 | 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e |
| SHA512 | e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll
| MD5 | 72d542226f067dae07562fd093b0f5f0 |
| SHA1 | c0f7f85753bb351c51dd8e36ca2366a3b24c73ba |
| SHA256 | e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6 |
| SHA512 | 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll
| MD5 | 285e3257c5a12d3384cd3f5a3ae941b2 |
| SHA1 | c05f6a72b73bc7ec8409ed42ccd947f501da0166 |
| SHA256 | 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb |
| SHA512 | f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll
| MD5 | d54e0da17090c6911db3fd0770faf91e |
| SHA1 | 5538096f53b4160ef2e91987d57d2da0ddb9b6ba |
| SHA256 | 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618 |
| SHA512 | 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 55902b92bbbca7a2d11a946297f583e6 |
| SHA1 | b6158f009d98a98ed2e56d377f9c4b6323b852fc |
| SHA256 | 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98 |
| SHA512 | 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | d6db1a6b5087a82e766fe7e9f818c135 |
| SHA1 | d786b2d8ab10edf0e893fcfbf52b03bceb15f53a |
| SHA256 | f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d |
| SHA512 | 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 2ca477f1799fc97d6bd05437bdfd0017 |
| SHA1 | 31feb0b42e9237cddc5e47c3f4a076de86ca600e |
| SHA256 | e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227 |
| SHA512 | c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 8fc176a3a6550f90e73d6da8445e8780 |
| SHA1 | 5d249243678a789ce56037d0d1b36420d97dce06 |
| SHA256 | 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467 |
| SHA512 | 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | ef80685a812d9c252de35fc9b38bad11 |
| SHA1 | c641bf0f41d0617b25aa20d63b033236ad3133ac |
| SHA256 | e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0 |
| SHA512 | 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 27a8f9e71a2f2d134c55de62fad6cf0e |
| SHA1 | b60944dbf9a50a166b71fbc58305c3d559c4157f |
| SHA256 | a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d |
| SHA512 | 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 3b620d81c727a8aba6dc6895af695d35 |
| SHA1 | 21641bc6c802d0ada3121d14c2a8de4e708c74bc |
| SHA256 | 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0 |
| SHA512 | 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll
| MD5 | 4215700161720c767e725b1f7fc358ab |
| SHA1 | 6e31fa39775c1c6c60fe8869761c31148b0a8019 |
| SHA256 | 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a |
| SHA512 | 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 8c0531639f58f79b5b67b52edebb01bd |
| SHA1 | 866f3ca8819440e0ba67eb935e688509f86ce1e3 |
| SHA256 | a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956 |
| SHA512 | d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | ed69bc0f310c5ce427e25973a0a52c31 |
| SHA1 | 0bd1683418c952490f6a791a044b5840f5dc90b5 |
| SHA256 | 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01 |
| SHA512 | 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 46361d1f7b60b86f128f4e23c95cc3e6 |
| SHA1 | 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994 |
| SHA256 | 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310 |
| SHA512 | 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | d2eeb9f6789213bfda7fe6bcb2a1540a |
| SHA1 | c330267c8abd56c04204deee9aabd566268daf97 |
| SHA256 | 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971 |
| SHA512 | 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 210b0178e7aca6b9444e2d10ac6ee054 |
| SHA1 | 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3 |
| SHA256 | 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906 |
| SHA512 | 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll
| MD5 | 7f8e52ff5a64d2d471413e288a591866 |
| SHA1 | cefad6219c916307e0bf7ef1382512c2cd4c2d5f |
| SHA256 | 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb |
| SHA512 | 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 88b5f9bc871438973ef12782e0c8d12f |
| SHA1 | d327208b4f26c1c6f0e9df50ecb22a89b426465d |
| SHA256 | 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b |
| SHA512 | d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | dec83f473e43ee78e92a4b682a9a7904 |
| SHA1 | ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3 |
| SHA256 | a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b |
| SHA512 | 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6856722db8c9e3dbb7fc62938ad2cf1e |
| SHA1 | 6d1aa306d7793916adb30e9aac451b2e43516abe |
| SHA256 | 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086 |
| SHA512 | 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9975d1ae7b84b373d9095d757172ec08 |
| SHA1 | 302edb92e0a6ee621379528fbef9dfcc249b9285 |
| SHA256 | 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584 |
| SHA512 | fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll
| MD5 | f862bd9516845b31973ba98e9f1288b3 |
| SHA1 | ada580fc93b4f5a86db92e1d612293ccc21c72f9 |
| SHA256 | 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1 |
| SHA512 | bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 90d42fdf308dfd771797dd41585d3baf |
| SHA1 | daea1f05092de97ea558de14b4e112ad48b77726 |
| SHA256 | 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe |
| SHA512 | e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 3d2b4445b9fafaa0e13ae0e126be2669 |
| SHA1 | 3b24c99469ef9a35bf720e711a0b022f2403be22 |
| SHA256 | 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398 |
| SHA512 | 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 3e4803f97b89adbaa575b45aac0dd4b8 |
| SHA1 | d810ed1486f86494828a8cd96f774881a629b652 |
| SHA256 | 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da |
| SHA512 | b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 514a74d1050e7bdcbb1f422fb571c351 |
| SHA1 | 5a82976e2456fe3f215316a85301460c6af389d7 |
| SHA256 | 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a |
| SHA512 | f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 21f5271a151394a654b2f1c44fc44049 |
| SHA1 | 1d2f98700ee87fc747b230b908fea133b730bf0a |
| SHA256 | a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822 |
| SHA512 | cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | dedf6460cb6fc8229b3e889d1b32f75e |
| SHA1 | f47e35654cb90ed4505ba49a92b2fdc661c0fe8a |
| SHA256 | bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb |
| SHA512 | b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 7dbc1ca1f1103cd971a67709d5203dbd |
| SHA1 | 717e689b96a5d029558e7cb663d5c7cda840b780 |
| SHA256 | 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1 |
| SHA512 | ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 89abe10555d85e9bd183fae2c37d7aaa |
| SHA1 | 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a |
| SHA256 | d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2 |
| SHA512 | 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 66a41a8156a7f9cae4a7977cb8084fa7 |
| SHA1 | 4c72b0d8c90daf993fa0371269af04703a81fe4d |
| SHA256 | a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b |
| SHA512 | 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | d2de2615f123ce2bed3332d505a99385 |
| SHA1 | 9f2ea75348020d271222fff7984c8ef21aee460e |
| SHA256 | da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9 |
| SHA512 | a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll
| MD5 | e0b524ff31e7c651eee7d83b1c7cc2d5 |
| SHA1 | d29f001b843e452cae91a2d01ef338373fb24763 |
| SHA256 | b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6 |
| SHA512 | 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | f2d0493794b45c6a2629fc9c5c80f832 |
| SHA1 | 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8 |
| SHA256 | 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507 |
| SHA512 | 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | f58fd490561921c154c31c05bbb63a3e |
| SHA1 | d5f009e7cbb070b35ed81acd68710716bf971b7a |
| SHA256 | bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff |
| SHA512 | 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 8f469c5b261e003ed991f570aea8f29f |
| SHA1 | 848046907a02d605d53a31748d8dcca18d11259b |
| SHA256 | ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6 |
| SHA512 | f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 599025b219fb4f70b3f93eb0d4d12bb1 |
| SHA1 | c1ceab162231476cfa9aa35a54400f3d959369bb |
| SHA256 | 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8 |
| SHA512 | 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0fd0a948532d8c353c7227ae69ed7800 |
| SHA1 | c6679bfb70a212b6bc570cbdf3685946f8f9464c |
| SHA256 | 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf |
| SHA512 | 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\concrt140.dll
| MD5 | 14b7a99127ca18df05dd1f5be3ac0245 |
| SHA1 | 991891bb1ea603a002941696697f48cfe52cf94b |
| SHA256 | 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995 |
| SHA512 | 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\chrome_200_percent.pak
| MD5 | 1014a2ee8ee705c5a1a56cda9a8e72ee |
| SHA1 | 5492561fb293955f30e95a5f3413a14bca512c30 |
| SHA256 | ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57 |
| SHA512 | ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\ffmpeg.dll
| MD5 | 2fc7f6b0abd1af4988e30e58e8310291 |
| SHA1 | 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6 |
| SHA256 | b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b |
| SHA512 | cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\discord-rpc.dll
| MD5 | 5882c37b79bae47a0d090006564edb22 |
| SHA1 | ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48 |
| SHA256 | 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b |
| SHA512 | d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libEGL.dll
| MD5 | 1ed91477a02e0e2a64e5e9f26bcea438 |
| SHA1 | 8058c2bd3342d8d882768188b1e5c45567a8dde9 |
| SHA256 | a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03 |
| SHA512 | c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\vcruntime140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\VMProtectSDK64.dll
| MD5 | 6540242ff58d08c8849268cf305445b8 |
| SHA1 | ba0d0c8875ed96f137dcb28aeff873373b994eee |
| SHA256 | 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2 |
| SHA512 | 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\zlib.dll
| MD5 | d48c270acab962aac5d222abee92c39f |
| SHA1 | b23f9b747d859856fcad94652ebd07284fbd33c4 |
| SHA256 | 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c |
| SHA512 | 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\vulkan-1.dll
| MD5 | 9663210f63cbf7a8d6b36a95d93dd119 |
| SHA1 | 0fc5c50984b2c9677b8ebce4d4518c1322ce4145 |
| SHA256 | de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88 |
| SHA512 | a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\VMProtectSDK32.dll
| MD5 | 17011601817dd00866b681d4a0bd90f2 |
| SHA1 | d6ad7087f54182b47a9a6776fab90cb03e95f80c |
| SHA256 | 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927 |
| SHA512 | 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\vk_swiftshader.dll
| MD5 | 76d3589242fca16d76aff52910e72d7e |
| SHA1 | a88a7495f71b718e127bdfe09e7a279bf05bfceb |
| SHA256 | f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a |
| SHA512 | 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\vccorlib140.dll
| MD5 | 3d8e0ebbb613cbe80320a61259d18514 |
| SHA1 | a69747866b33159ee14eecc9ac19a0ad1f1db4e5 |
| SHA256 | 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6 |
| SHA512 | 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 89f5b9dc2c1eccfce7c3681b8066125f |
| SHA1 | 273175d93ae554da7f63a6475426a6515d0c8cd1 |
| SHA256 | 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91 |
| SHA512 | 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\row_resize.cur
| MD5 | 70618f41c70238453a7d876bac5ab501 |
| SHA1 | bbf033428d8cf562ac3347440848b1b3ed1b65a2 |
| SHA256 | 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04 |
| SHA512 | 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libs\lz4-java-1.7.1.jar
| MD5 | d56d86823662a663a4d614dd5e117eff |
| SHA1 | c4d931ef8ad2c9c35d65b231a33e61428472d0da |
| SHA256 | f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac |
| SHA512 | ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\chromium.license.txt
| MD5 | 8694b4a605dcd105b40d081ad09f0f46 |
| SHA1 | 6666d31977554cf9d1558cbc63c339e8b07e3c94 |
| SHA256 | 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a |
| SHA512 | 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\lunatriuscore.license.txt
| MD5 | ee99c1f26cd4e6a2bda84ac34b9ff861 |
| SHA1 | 0327523304d63b6addb96ba18abb6c47a3fd684c |
| SHA256 | 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22 |
| SHA512 | 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\da.pak
| MD5 | 42628b87e74b0a3a7cbce510f2ef674f |
| SHA1 | c9fc502eac895690f4bd0bd3cd47b72819bfc342 |
| SHA256 | 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5 |
| SHA512 | ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\sk.pak
| MD5 | 9ce4e3abe9d948f6a89759d0ab188dba |
| SHA1 | 447e5c8803d0284c69ffb990ac0060adf93f4d25 |
| SHA256 | 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2 |
| SHA512 | 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\native-modules\launcher.node
| MD5 | a2cb408235c0d92526e20b6432587d6e |
| SHA1 | aec2b9942857fdb1ff45c699f7e198a7cb72cc2f |
| SHA256 | ebaffc8d4fb76a02ff54f993cfa5d5e90c84e18b597621adbcc51fb165532a77 |
| SHA512 | c5a36201488c5356e4efb9bda73985af74edbad158e8faf79e683f4244a8bbe8516a52a5f273bfb3208b5fe16329cb6236c1c8efb64ca882d81258aa23b5f8ff |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\native-modules\freetype-jni.dll
| MD5 | f6e10c16e1b5a475bb168bb4b32f8b07 |
| SHA1 | 363c51396bcff7216f56bb299349d5151f118f20 |
| SHA256 | 234af7bd598f9104663f824cb65d8ff4a08c33e68173f166bbbb6498de091638 |
| SHA512 | 8044efc568f19e7e2392f0e8961a82c4a650534aceb9e0b91a64b6e38b24b495d2ff830aabe3efc59e05e0814184d92878d93ad49a65f8debb4f7bdaec0a91fa |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\native-modules\badlion_js.dll
| MD5 | ab83489339535b6fcbad1b70ddcade23 |
| SHA1 | 511d0cd7d8a1c153a774c919d8bb5b943a5fe009 |
| SHA256 | 2ae0528920d1c27337ecfed3719cb294dbdbcee1b6b1fb30aac1403272610d3a |
| SHA512 | 107c734f23c2eaf2214016e881f0d09ce2cd52f5ca24b376d05562cc4366352c3bc04d03fcea2c1fd9b507f3139f898cd33867ebbea11377f9a6ad5c124bd675 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | d9a5609d8da5bd558facf2617619ad2b |
| SHA1 | 9debb66a376549ee795e9c049b3a685245e0a4b8 |
| SHA256 | da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216 |
| SHA512 | b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e7c8cd0bc5305a7c3c2a2c1f689744e2 |
| SHA1 | de20c6420bd838e13867bb37256e1b25bf365942 |
| SHA256 | 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9 |
| SHA512 | 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0 |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources\roots.pem
| MD5 | bec29e7471bdfd13632a88a0e1177a4e |
| SHA1 | f06003491572f8c18b6c18f1857562562eb48032 |
| SHA256 | 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e |
| SHA512 | 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources\elevate.exe
| MD5 | 59b5872248146319a464c52af7f136a4 |
| SHA1 | d6ac14ce2d602fc3bb3970554b1eece84c3f913e |
| SHA256 | 50fae753983844e20b11f3a8033ec22fbe1168170c98045ea5c6134c8050828e |
| SHA512 | 1ddb200db06453593c9e3fa819c906db6405e3920f8c703f5871a2c65cb7b17f773a90aeffc3cc7d76567739ed985dd77752d6cb9928dc05a2f737f97b1f5502 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources\debug-log4j2.xml
| MD5 | dd7150b869964d8a892cdd584948dc55 |
| SHA1 | f8053aba6ad32932509c37f9d06fff2af011ce52 |
| SHA256 | c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba |
| SHA512 | a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources\app.asar
| MD5 | ff482968da25d2526453b2ce0230c73f |
| SHA1 | 932c1c3e772de162331fb4626827d8f9dcb799db |
| SHA256 | cc42e22451c3f348f04fd055e96721d36ff6d6b35b6b44d1cc4dfb35e5b17dc6 |
| SHA512 | e07cc5db3977d7c814f41dea66e21582764318bf99dd1484b0024a5060b4351b68864fc193cc4a8279ff07bc4f91ea80cbc240f7d36ee59b550175db38479e90 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources\app-update.yml
| MD5 | a85c6f31bef49be88b0a8846daf72dd1 |
| SHA1 | 1563fbe30087d902674e1e6d4ad5d2a94f559fb4 |
| SHA256 | 959ea658d5b7f99fc2e9c8e990f98081e019f5917316ab6c3e9e3e81e4d73c88 |
| SHA512 | 87f6436610c0519daa2580bb08d1a4ca5be5c0a803b4b9db4fd797bedacb28a78d52a9891e891b1c5efa7b09da470206506ce207b61be76025f7b99a34bdf2e3 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\native-modules\badlion_electron.dll
| MD5 | 77c88caf62ccf357470d630d9fa4dd7d |
| SHA1 | 1e04dfac643ab7284c529d60ab5be68be172d98e |
| SHA256 | 9bdd94dc645cb5044536dfbd3a5fc51535a63e32104895bc395b2dfdbc4962e7 |
| SHA512 | 74506a6a0ed1cb356a4342e5c06244023fa6712d1b4fda178d48c431e2aeb4098c5fd539c431cc859c6560340ffddfc9c2bfe3dca6a27956611ef3189755065e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\zh-TW.pak
| MD5 | 3d230011248333ed6cee72f667c8df45 |
| SHA1 | 4114f307a31516bb6309fa9fc2572722b8d93d24 |
| SHA256 | b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1 |
| SHA512 | 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\zh-CN.pak
| MD5 | 376ef5a6f076a9757f58d7b10526eb73 |
| SHA1 | 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e |
| SHA256 | f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6 |
| SHA512 | e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\vi.pak
| MD5 | a01c81f3bd56d52c205ce6742dfe52c7 |
| SHA1 | 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25 |
| SHA256 | 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f |
| SHA512 | e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\uk.pak
| MD5 | 6f2f1b073ccef426c7eb49362123f2d0 |
| SHA1 | 048921ad0cba17256e9838257d9f47969cdf6172 |
| SHA256 | 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f |
| SHA512 | cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\tr.pak
| MD5 | a38eea92c514716b8ab019ab792bf541 |
| SHA1 | cae203c3ed63807d4f2d89333540556b5e92e161 |
| SHA256 | 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd |
| SHA512 | 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\th.pak
| MD5 | 687a80e1cb637003c3e5f05d3f4b89b4 |
| SHA1 | 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6 |
| SHA256 | daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654 |
| SHA512 | 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\te.pak
| MD5 | b5e9289d02b4963d292bbb4210e9ab5d |
| SHA1 | 48382ab36b77cbec280833f587450270b5080a85 |
| SHA256 | 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9 |
| SHA512 | eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ta.pak
| MD5 | 7503d3994d48911a38370095f5c83ec8 |
| SHA1 | a98917d5de0cc237d226ad64792fc9840bec0a0a |
| SHA256 | 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33 |
| SHA512 | d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\sw.pak
| MD5 | 0dad65bd01e92ec4001c8377a3f6900a |
| SHA1 | 91353a816b6b1d0aa5bf5342b8f2bd430da57286 |
| SHA256 | 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892 |
| SHA512 | 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\sv.pak
| MD5 | 03154d7a3c69ec91714c799b86267a1d |
| SHA1 | 8671e9672002c58581488416f2320005140adedf |
| SHA256 | 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b |
| SHA512 | 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\sr.pak
| MD5 | b2555a29076995ccf01580f0f1b2f766 |
| SHA1 | 284ed665f078620afdd6c7d074a6f9e26dbef1dd |
| SHA256 | 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0 |
| SHA512 | a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\sl.pak
| MD5 | 7a75fa0fd3ddd471cdf9b15d3b3860ca |
| SHA1 | f07e3e136768501e69e76529011003bd45fcc0a4 |
| SHA256 | d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959 |
| SHA512 | e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ru.pak
| MD5 | 12836eeb93367830b3b88b404449a3e7 |
| SHA1 | 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c |
| SHA256 | f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf |
| SHA512 | 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ro.pak
| MD5 | 06a36fa95702b38e749568037634828e |
| SHA1 | 9c584a9b7a0446fbc44bf5fecab71ab1312a592f |
| SHA256 | 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b |
| SHA512 | 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\pt-PT.pak
| MD5 | 553594ab0e163c6375ebe75524095dec |
| SHA1 | 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5 |
| SHA256 | bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df |
| SHA512 | 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7f150a17a11d43e395f571dd23951d88 |
| SHA1 | f8b8d6f89f63d92f04156f2b44b36b6045fd3723 |
| SHA256 | 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9 |
| SHA512 | de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\pl.pak
| MD5 | 31200d5726b3d1cfbe9ac3bc7138a389 |
| SHA1 | e82f0300046e7cc9ffa13223c11cbb94d62c0dc6 |
| SHA256 | 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3 |
| SHA512 | 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\nl.pak
| MD5 | f1210067dc72e8c82444b2ad9a3f7897 |
| SHA1 | 3cf8c6fcb93a5f79fe6190aa0551d673887125da |
| SHA256 | d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9 |
| SHA512 | 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\nb.pak
| MD5 | bc1983b1c86badb361fe07031a93fa48 |
| SHA1 | 5bd14d7d7a335dd6457377fc0eaed07a56c369e6 |
| SHA256 | 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d |
| SHA512 | fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ms.pak
| MD5 | 53e8b7262db4c5b04ba5b39c07eddb32 |
| SHA1 | 9cb8946966547630cee42de04eb8604e6bb5af86 |
| SHA256 | 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a |
| SHA512 | c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\mr.pak
| MD5 | abcc39abc488cdbf73e44f53d74b15af |
| SHA1 | 982f12328342eddbacfbe45be577d839568c96e0 |
| SHA256 | 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54 |
| SHA512 | 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ml.pak
| MD5 | 7dabd95b96d90662432026c0a9ae1c22 |
| SHA1 | 49eb49428d642bd906aed9b0b69870a843326efd |
| SHA256 | 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5 |
| SHA512 | 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\lv.pak
| MD5 | e21a8a96d9f17e1f9e3ede2cb66eea9b |
| SHA1 | e3f456b5d238ce2095e7a51a4250fe26c361bfdc |
| SHA256 | 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090 |
| SHA512 | f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\lt.pak
| MD5 | 6e6993270327064cad2ff0784f20585a |
| SHA1 | 924a2ce4fffee99f29cbee875cd5abab2e814888 |
| SHA256 | 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434 |
| SHA512 | f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ko.pak
| MD5 | 95239fdef6e852df2d2e9d52dd99b622 |
| SHA1 | 360be5e62ac4573ee1a6bfa7effbe245c039862d |
| SHA256 | f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae |
| SHA512 | 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\kn.pak
| MD5 | acab21f3fafc58f1f42016f33d032158 |
| SHA1 | 682f11e3c282724093179c85a7df7d0992495cd4 |
| SHA256 | 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f |
| SHA512 | d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ja.pak
| MD5 | f8dcd5f1433d83464b44265449de812c |
| SHA1 | 47763205f105e19cadafdeb1cdec6f45001f2c58 |
| SHA256 | f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b |
| SHA512 | 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\it.pak
| MD5 | 812115ccf85cb84b2ea167a16e16587b |
| SHA1 | 317e50a1c4c7d8c46554822b43a81a0d8237dfd6 |
| SHA256 | 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37 |
| SHA512 | 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\id.pak
| MD5 | d0517c1bf9a89e06ed2b510b9408e578 |
| SHA1 | 71494250010ed09b55f3879488d4566808a8398b |
| SHA256 | 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3 |
| SHA512 | 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\hu.pak
| MD5 | 14d81146ec6e0ddf4b14fa7b2df372c3 |
| SHA1 | 9c77f0f0c959f2cb21e283b352176596a77992fd |
| SHA256 | 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568 |
| SHA512 | 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\hr.pak
| MD5 | 7bee03725ba9ace3cb2aaf64cf0c26a2 |
| SHA1 | 076f0ce744bad1cf242325d5b2378b501e069d38 |
| SHA256 | e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941 |
| SHA512 | 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\hi.pak
| MD5 | 361f04e0a4176ac478b7b7674779388c |
| SHA1 | 68b4e7a9a31e0f9450c856d073b8d03613ae9816 |
| SHA256 | 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c |
| SHA512 | 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\he.pak
| MD5 | 70de839caf5f0caeccc5a2b7dd438583 |
| SHA1 | aa4b932b2313bca859568d62e8c12f9249d7bb81 |
| SHA256 | 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479 |
| SHA512 | 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\gu.pak
| MD5 | 2e015f0ad58e22b8eaf60e4d727aa3a0 |
| SHA1 | dba0b894f32ad6507ea6a41917c0631f06f2c03e |
| SHA256 | 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c |
| SHA512 | 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\fr.pak
| MD5 | 9442fbfc2b150479f4836706313e42c2 |
| SHA1 | 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f |
| SHA256 | 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87 |
| SHA512 | 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\fil.pak
| MD5 | 919d0bae6d964906176cec8530c019ba |
| SHA1 | ab41e78a91314608ffa0cec927b4e001b3833e4a |
| SHA256 | 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa |
| SHA512 | 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\fi.pak
| MD5 | 4215d02d92e1be2e182197a0bb87ef29 |
| SHA1 | 005cc2d1ed5039fc34fc14270344ebc938760554 |
| SHA256 | 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb |
| SHA512 | b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\fa.pak
| MD5 | 00bc7a02631c7de396537ee08deeec7c |
| SHA1 | 063c897b59cd70955cee3ca27d8743a0989f0a86 |
| SHA256 | 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec |
| SHA512 | cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\et.pak
| MD5 | 7c8be63adae41cfa46a1a614de18e842 |
| SHA1 | eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4 |
| SHA256 | 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be |
| SHA512 | 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\es.pak
| MD5 | 2c8b6b9b30b62618c65237943c030e6a |
| SHA1 | 887717930c8d070f0ba965c8a215478653d3845f |
| SHA256 | 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4 |
| SHA512 | b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\es-419.pak
| MD5 | 7b45d7be08eed5dfee3d12f0b7e6111d |
| SHA1 | e14d2e0861d42bc31ea778237f77fd71c5dd32c8 |
| SHA256 | 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c |
| SHA512 | dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\en-US.pak
| MD5 | 214e2b52108bbde227209a00664d30a5 |
| SHA1 | e2ac97090a3935c8aa7aa466e87b67216284b150 |
| SHA256 | 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab |
| SHA512 | 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\en-GB.pak
| MD5 | dabd9d0434e128d6ae3feec3b2c2801e |
| SHA1 | d7a25ac86c15f5d4a3b3d4b713a5302c5b385498 |
| SHA256 | dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835 |
| SHA512 | 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\el.pak
| MD5 | 9d654962e91275c7538dabdb450a2f03 |
| SHA1 | 3121a84f1035d7b44e4597ebe4857137b7172da6 |
| SHA256 | 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27 |
| SHA512 | 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\de.pak
| MD5 | b48f5b846d1b32f8426255e8a03b4d20 |
| SHA1 | 77272097e67ba495d73e3d82e3100237a1664fcc |
| SHA256 | 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745 |
| SHA512 | 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\cs.pak
| MD5 | 6310a8e1c7e8ca3a1611d78b4d67845b |
| SHA1 | fa8cff4ec0b1cf3aca65e6745d9f31154dc48115 |
| SHA256 | 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e |
| SHA512 | 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ca.pak
| MD5 | 5c5c2e574c8d51a61d9e58547d89b0df |
| SHA1 | 268d6a348c22616432191ae55bb8c34e039feac7 |
| SHA256 | 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73 |
| SHA512 | e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\bn.pak
| MD5 | 5670d1c74a07e5e9bb3853307ea2cfd7 |
| SHA1 | 7cd7568d2bd4c64b8685bf17e3289afe923468b2 |
| SHA256 | 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a |
| SHA512 | 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\bg.pak
| MD5 | 7005e72419774fc1d78ba0718fca1b47 |
| SHA1 | bedcb1e0897a1a47a878bb820735d8e373a4b4f1 |
| SHA256 | 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d |
| SHA512 | 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\ar.pak
| MD5 | 5209516dee9d9ce64854b70da199108c |
| SHA1 | 5797e37da5909e47e03d323abf884b573adf0840 |
| SHA256 | 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246 |
| SHA512 | 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\locales\am.pak
| MD5 | 985be89267e0d559bffd4b66380e5e53 |
| SHA1 | fa33e9bbfff5a89dcc26f52634561e27c1cf0e05 |
| SHA256 | bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b |
| SHA512 | 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\xxhash.license.txt
| MD5 | 184732fe7ad572cca839560f13667eb6 |
| SHA1 | 76fcece0f58b529b1ecde86e8bf8f8bb1c652519 |
| SHA256 | ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a |
| SHA512 | 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\xdelta.license.txt
| MD5 | b743e02a975dc959abb35bcda12cd4c1 |
| SHA1 | 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c |
| SHA256 | b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c |
| SHA512 | 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\tiny-process-library.txt
| MD5 | 52607bf5b5dbb263092f9672eb5b0b1f |
| SHA1 | ac2b9621c7b1649ccfbd31034ebdff57249802c2 |
| SHA256 | 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5 |
| SHA512 | 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\slim.license.txt
| MD5 | b9647dfe37ebff8112b7fb0204192de8 |
| SHA1 | ae084d7c34776826e0398e73eb827682852a4b54 |
| SHA256 | 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499 |
| SHA512 | 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\skyhelper-networth.license.txt
| MD5 | 27fa1700231bee88a24cd306d673af97 |
| SHA1 | ccaf356f932ddceaa1c59756b2d72c5c21c89fb0 |
| SHA256 | 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5 |
| SHA512 | 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\skyblockaddons.license.txt
| MD5 | b5697125b9a58f980344d778c84eddc0 |
| SHA1 | 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659 |
| SHA256 | 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf |
| SHA512 | 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\rubik.font.license.txt
| MD5 | 1a74d7f49b7531048b89d6ee3f49e1e1 |
| SHA1 | 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5 |
| SHA256 | 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141 |
| SHA512 | 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\replaystudio.license.txt
| MD5 | faddac7574586fc2805a9b3f3365767a |
| SHA1 | bb87c11cb254b9c7693c2e62c051a10596648ecc |
| SHA256 | eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12 |
| SHA512 | 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\quickplay.license.txt
| MD5 | c3e1cf1c2620ba0f75411f66deee382a |
| SHA1 | 37f7156c3c10e3c09169697bf2e42bb7fdab27ee |
| SHA256 | 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64 |
| SHA512 | cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\openjdk.license.txt
| MD5 | 8425bcbfbe27f7f8ec1e46e9f0ae0c99 |
| SHA1 | 5898367b940826f516f625dbd78fb8957f3be986 |
| SHA256 | 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b |
| SHA512 | 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\notenoughupdates-repo.license.txt
| MD5 | 3a5337edcf43176e258e1a5ed8baafd7 |
| SHA1 | fe2b722844bb6331deef47fc5192c1e742ab5caf |
| SHA256 | 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc |
| SHA512 | 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\nativefiledialog.license.txt
| MD5 | 292e3e89db90cb0fbffba767983a8f55 |
| SHA1 | 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec |
| SHA256 | c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3 |
| SHA512 | b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\nan.license.txt
| MD5 | 895f9d80d77e26153e48525caeb23827 |
| SHA1 | 3d7128bb4973afb706aa1f67493b537006d79937 |
| SHA256 | 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1 |
| SHA512 | e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\mclib.license.txt
| MD5 | 12873b817d4334eac6197edbc5956864 |
| SHA1 | 20a910d495a276c23bc9b43faa7994338f51ce69 |
| SHA256 | 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72 |
| SHA512 | 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\licenses.txt
| MD5 | 4a9c8bbed40470a9ffb7db1d63bbcb9c |
| SHA1 | 88a83ce9d6734d54139ee7cbfab63253cb73b415 |
| SHA256 | c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f |
| SHA512 | 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\licenses.dependencies.txt
| MD5 | 2053245129c2910e9a1a854dcf69ece1 |
| SHA1 | 294462e57e57fc416d28ef2ced053f97465e3fc1 |
| SHA256 | 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943 |
| SHA512 | 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\freetype.license.txt
| MD5 | 02891d3fb5adadff2546b4279649112b |
| SHA1 | 1b299099e16ad96ebf53e67391685d9d0a51b368 |
| SHA256 | 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b |
| SHA512 | 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\freetype-jni.license.txt
| MD5 | 5db6495b17d58ad312a32e5791c61097 |
| SHA1 | 428650191730f35163e8ec78a25126869b2ab1e2 |
| SHA256 | d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa |
| SHA512 | 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\flag-icon-css-license.txt
| MD5 | d0bc1323b617fbb4d3232b745ff45dfd |
| SHA1 | 5c11645d0455590741dacb68d3eb1d253a5ec106 |
| SHA256 | 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225 |
| SHA512 | dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\ffmpeg.readme.txt
| MD5 | 46efd225e4f70c87659ee3728c4cc352 |
| SHA1 | 3772c422a0f862d32a0cdd082479e432051f17e6 |
| SHA256 | 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544 |
| SHA512 | 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\ffmpeg.license.txt
| MD5 | e62637ea8a114355b985fd86c9ffbd6e |
| SHA1 | 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3 |
| SHA256 | 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809 |
| SHA512 | 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\disruptor.txt
| MD5 | ae32a12a5be0d4878506f2c7927826c7 |
| SHA1 | ef0f419dca631ac1219e19af5b4a5a0875f68da5 |
| SHA256 | eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f |
| SHA512 | a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\discord.license.txt
| MD5 | f8cba3d1a6a62d09224f131fd3054008 |
| SHA1 | 661a941700833f7229cb17d206f1d25e23301a2d |
| SHA256 | cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f |
| SHA512 | 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\cairo.font.license.txt
| MD5 | 5a540f4d98fc81713b81aeadc530c6ed |
| SHA1 | 273c8a98fc1b2709cfce81d7f6960b63326e5485 |
| SHA256 | 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727 |
| SHA512 | 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\badlion.licenses.txt
| MD5 | a2ed77a24bd53e33a3fd458d99e9be0f |
| SHA1 | 07af4fb75f3122867c9e3255ad6d1e11fca88808 |
| SHA256 | 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05 |
| SHA512 | 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\autotip.license.txt
| MD5 | 5b0b97f483331418e30c469af896d87b |
| SHA1 | 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae |
| SHA256 | 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442 |
| SHA512 | 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\autofriend.license.txt
| MD5 | 318bceaa1151b1b6bffabad8dae01498 |
| SHA1 | c776fc09a2e25058149deb3bfa163c0053860a90 |
| SHA256 | ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88 |
| SHA512 | 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\licenses\aperature.license.txt
| MD5 | 1837a1eb671079c67ed2724719588c48 |
| SHA1 | ed2c02b395fdeb3b56d0d4258c677a1329e78e54 |
| SHA256 | ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6 |
| SHA512 | 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libs\optifineinstallwrapper.jar
| MD5 | 8967319339fd7ff2a67b3a9eab3e4b93 |
| SHA1 | 03e69508f50bffba71390c367fbc5e8c00d07335 |
| SHA256 | f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0 |
| SHA512 | e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libs\joml-jdk8-1.9.25.jar
| MD5 | 9b868b921d0490b417bd594984b680b1 |
| SHA1 | 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da |
| SHA256 | fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28 |
| SHA512 | c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libs\disruptor-3.4.2.jar
| MD5 | 6895a3c4f54cf92eef6530e9e2cd3c46 |
| SHA1 | e2543a63086b4189fbe418d05d56633bc1a815f7 |
| SHA256 | f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0 |
| SHA512 | da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libs\caffeine-2.8.8.jar
| MD5 | ddac1f8f76743255084022ac6f06b7cf |
| SHA1 | 298bb2108157513a39a1a52a686a1fe8b57cc973 |
| SHA256 | 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73 |
| SHA512 | 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\zoom_out.png
| MD5 | e1a004a51cb04c38f49184333a23379f |
| SHA1 | 5b54adccfebbfe4bb96502db5370c1ab830c829d |
| SHA256 | e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814 |
| SHA512 | 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\zoom_out.cur
| MD5 | 48b46c3e0650d525e715cf9cfa6c67e5 |
| SHA1 | 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a |
| SHA256 | f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536 |
| SHA512 | e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\zoom_in.png
| MD5 | 6a5fbd95c627afe076f43f9254dfe3ed |
| SHA1 | f71cab57e9e80ba792f73f363056f6dede7c8bcd |
| SHA256 | e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522 |
| SHA512 | cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\zoom_in.cur
| MD5 | 77492cf358d8b12629399322926c93f2 |
| SHA1 | 8291ac3dad4e4f33183ccdfad7b92b1594c760f9 |
| SHA256 | eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872 |
| SHA512 | 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\row_resize.png
| MD5 | cd9d05d1ce7c942af1ab5e6eafd0a13c |
| SHA1 | d3dc6b0df04e3c6bcf6166984e3738a7651284ff |
| SHA256 | 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f |
| SHA512 | 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\move_drop.cur
| MD5 | 63942f237ac6b11d62adf014d2cbdfbb |
| SHA1 | f8b582c7d8edf28c2637d5f0f27f2586cc92bce8 |
| SHA256 | 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e |
| SHA512 | e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\link_drop.cur
| MD5 | 66e13793e687bdb92c09e0ae7964e194 |
| SHA1 | 71019343b1747c19503e935aff3c7aba1fb70541 |
| SHA256 | 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67 |
| SHA512 | 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\invalid.cur
| MD5 | 2f8b93325987b4eed575ffe251c67751 |
| SHA1 | ad1c4ee2358fc0f84d2ac2d17890822ff51ae725 |
| SHA256 | 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf |
| SHA512 | 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\hand_grabbing.png
| MD5 | ddbc22bda750215abfc73d75e1105b17 |
| SHA1 | f8dc1196227d95b7630dc85a3543c6db853f65cf |
| SHA256 | 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee |
| SHA512 | 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\hand_grabbing.cur
| MD5 | 8605cf2c21985f59d2480da72aebe3aa |
| SHA1 | 1b8137afa3dd66c23af9e40e75339d2f0174aff2 |
| SHA256 | 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a |
| SHA512 | fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\hand_grab.png
| MD5 | 7be75a54023adbe7d6b48260e4e8d032 |
| SHA1 | 81f20b4e0ca495e393748e0054d9ba12b6179196 |
| SHA256 | 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e |
| SHA512 | 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\hand_grab.cur
| MD5 | 3f37213b8c0a7374308b2ae99d4eefa2 |
| SHA1 | b72b9901b3fe6fc8693d67cc5e419e494afddbb8 |
| SHA256 | 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0 |
| SHA512 | ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\copy_drop.cur
| MD5 | f92d1851a489b0af7ab807a2f07ebe16 |
| SHA1 | d97c9d7ab76993448f6240322140dd23c756b6c6 |
| SHA256 | 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab |
| SHA512 | b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\col_resize.png
| MD5 | 0723c45d9f82b0e31a1fee26b9b4f53e |
| SHA1 | 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb |
| SHA256 | 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab |
| SHA512 | 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\cursors\col_resize.cur
| MD5 | 23633a8dfa3548705f28c83ee9584d6d |
| SHA1 | be5dd224d071d965bc0411206cadf9b33ddb384f |
| SHA256 | d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0 |
| SHA512 | 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\ucrtbase.dll
| MD5 | cca4929ef8dd988d7221ef6ba398f1b5 |
| SHA1 | 1d21e60e56a15038702dc18148be8cecee279890 |
| SHA256 | 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3 |
| SHA512 | d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\ssleay32.dll
| MD5 | c87e22c79b0653a27e0f9e6b1a9ac8bc |
| SHA1 | bd37e85bf38192614d2b8fb5048d7e9f38eb34ac |
| SHA256 | 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132 |
| SHA512 | 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\snapshot_blob.bin
| MD5 | dbe18c25f68d40444ea576a68e78a12e |
| SHA1 | 44453e3fa8400cbe6bb674adaaad4ea09dab0e14 |
| SHA256 | c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c |
| SHA512 | 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\resources.pak
| MD5 | f616d69f6e582582930d06c5c18f0f70 |
| SHA1 | fde8e2653f2a5317492105bcabeb3565faaf74de |
| SHA256 | bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855 |
| SHA512 | 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\psapi.dll
| MD5 | 80050af28eb0070a582b33470d20fc91 |
| SHA1 | bacf5fdb74ef5fbaf91d0475736d566ee3babc18 |
| SHA256 | 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2 |
| SHA512 | 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\msvcp140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\LICENSES.chromium.html
| MD5 | 27206d29e7a2d80ee16f7f02ee89fb0f |
| SHA1 | 3cf857751158907166f87ed03f74b40621e883ef |
| SHA256 | 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab |
| SHA512 | 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libGLESv2.dll
| MD5 | 640a515fcd8e5d5a332c1d40c47700b0 |
| SHA1 | 0128c9d499deb7866f3d7aae0adab69d9a8f768f |
| SHA256 | 927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1 |
| SHA512 | 792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27 |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\libeay32.dll
| MD5 | 4b8269a6ec04ec8ac23904eaaee075bd |
| SHA1 | 7e58e27dfd38de0d77eb729824f10c6aa5a0b8c6 |
| SHA256 | 3c3d0df094235029e561a7813aa5835b25a8bb7b38dd77ef8acbd335f6db0485 |
| SHA512 | 82a303b1e5adb8ffaa86c99fd63c533841bc9e3237ea3478584411dd92d60ea573ef063758747ff0497d58dfb085e014be1b234b5902face23a29e842b095d1b |
C:\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\7z-out\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
\Users\Admin\AppData\Local\Temp\nsoDB43.tmp\NSISdl.dll
| MD5 | ba2cc9634ebed71cea697a31144af802 |
| SHA1 | 8221c522b24f4808f66a476381db3e6455eab5c3 |
| SHA256 | 9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba |
| SHA512 | dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f |
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1562s
Max time network
1573s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll,#1
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1565s
Max time network
1576s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-handle-l1-1-0.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240419-en
Max time kernel
1565s
Max time network
1577s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2396 wrote to memory of 752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240215-en
Max time kernel
1560s
Max time network
1568s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1756 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1756 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1756 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-debug-l1-1-0.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1756 -s 80
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:47
Platform
win7-20240221-en
Max time kernel
1800s
Max time network
1819s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-libraryloader-l1-1-0.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:43
Platform
win7-20240221-en
Max time kernel
1561s
Max time network
1578s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 228
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240221-en
Max time kernel
1565s
Max time network
1578s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240508-en
Max time kernel
1561s
Max time network
1564s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:51
Platform
win7-20240221-en
Max time kernel
1801s
Max time network
1820s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2300 wrote to memory of 2172 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2300 wrote to memory of 2172 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2300 wrote to memory of 2172 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-namedpipe-l1-1-0.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2300 -s 84
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:52
Platform
win7-20240508-en
Max time kernel
1560s
Max time network
1572s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-profile-l1-1-0.dll,#1
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 13:04
Platform
win7-20240508-en
Max time kernel
1558s
Max time network
1562s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 1276 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2168 wrote to memory of 1276 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2168 wrote to memory of 1276 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2168 wrote to memory of 1276 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Badlion Client.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\$R0\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
| MD5 | 4cfd92511db115fa72488a152dce8a47 |
| SHA1 | 7481ef5dd22127422e745a18ec01b2f2b815de70 |
| SHA256 | 262f78be6b0bbea47532a230de739bdd3512aa442a5f81cadc35c8c9427647d2 |
| SHA512 | 5f9fa7cc85dda65cbfe6a65201ec71253ec75b51fc50afbdf24fbb41df13bc26247aa418ba41741dcf8aaa68fd36d222a5b1b446ea09452334b3f314b31407ee |
\Users\Admin\AppData\Local\Temp\nsy2C9D.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsy2C9D.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsy2C9D.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsy2C9D.tmp\nsDialogs.dll
| MD5 | 466179e1c8ee8a1ff5e4427dbb6c4a01 |
| SHA1 | eb607467009074278e4bd50c7eab400e95ae48f7 |
| SHA256 | 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172 |
| SHA512 | 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20231129-en
Max time kernel
1561s
Max time network
1568s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsy2943.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsy2943.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsy2943.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20231129-en
Max time kernel
1559s
Max time network
1563s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-09 12:03
Reported
2024-05-09 12:42
Platform
win7-20240508-en
Max time kernel
1560s
Max time network
1571s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#1