Malware Analysis Report

2024-12-08 03:02

Sample ID 240510-25jkzsfb4t
Target Badlion Client Setup 4.0.1.exe
SHA256 20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
Tags
discovery execution privateloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67

Threat Level: Known bad

The file Badlion Client Setup 4.0.1.exe was found to be: Known bad.

Malicious Activity Summary

discovery execution privateloader

Privateloader family

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Loads dropped DLL

Enumerates physical storage devices

Unsigned PE

Program crash

Command and Scripting Interpreter: PowerShell

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Modifies registry class

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 23:12

Signatures

Privateloader family

privateloader

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240220-en

Max time kernel

120s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

87s

Max time network

164s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-debug-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-debug-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-handle-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-handle-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-libraryloader-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-libraryloader-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240220-en

Max time kernel

117s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Signatures

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240508-en

Max time kernel

120s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1596 wrote to memory of 2308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1596 wrote to memory of 2308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1596 wrote to memory of 2308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2308 -ip 2308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240221-en

Max time kernel

133s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d078060130a3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000195acf40390921a41d9fe21b5ec310ae02c707ef94409b9c27498dfc10b9bb1b000000000e8000000002000020000000265f87706dbffb3e1a12a14f4a473424f4b963cae0f3518ceb30c1f27a27bbf42000000013653bc4e7d2745e736d6b875f80d74129ac42f627a2c0b0c568c6155026523f4000000030d701ac9f88329b6e71e965b17fe412316b91279fade2a819c280b90c650e59375cdd7b32ebc72ed308abf9de79dc517369419a76cbbfd48b4b6d4be59f6687 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000f72be37d9da9088882dff3150abf5de72d9325885cbb25e34d40701c35a223f4000000000e8000000002000020000000e970606808aa0001d1e12626452e66d09eddf7a42da8d8ee79a7d2e684da058c90000000743a638bb300165982c4ae52181b6f822ccf06d66ccd227a182828bbca8c025ffed63f7d24f239133f555c3d9e0c46e4eda8482d2178296fd0d122f4d89cbbb650e08120220b7e72c7d328ac5ad795f14e8d636e97928b551097019ef394f2a453d93af2de0b20f8f841f2d8f38a6efff5a6e381053f1cb79b9399a2c086d725b80b807e5a66938c4b05a0196abfc59940000000d75fc4d262eda6a6bb8bbd2c912b8b3c6cee94b847a480f5353274d6e9bd47963c2944687c470960c54cd6d6726675001b5bb6cb54ed6b46816d16f49a76e2c6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421544789" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C922531-0F23-11EF-92F7-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3998.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3AE8.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 134963ea6995ae68ecca7aa37e4a9b83
SHA1 7a88f8d1f958ddfe18a438f06a14b60354dfd167
SHA256 84c0be79c1f1c539743df546467278e6486049def72136cee444a464845e29e8
SHA512 cb4714bd0df0d0b6611149dc02a40c65b392ad31ae802a93c23a94482867d71c1632255005bbaf288b82f9975f9da0199e534b50b0e14eb45d50de0164c62696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 659964ea7a0cc84d4335184ad0d6a359
SHA1 43ea080d47d8ea01007f29cf834332bfc0c602b5
SHA256 4c6d002a4c00c9c861c6ca5ccea308c2da79e2498629a0affe4c20dd51a3b679
SHA512 591c65a7fb7d0564d3c4af6ee8ab0a402989d445897e7ad23fb03b207196a4dd762a056f2de9ab9059eb494a8e03183804ccfec31bb9789a947a2d10ac0f1c76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09ceee9f40dfaa260b309b854959b6ad
SHA1 18df14d7056ca4fd87b3bbbc7a45647362cb5842
SHA256 ee5d507e0801b9567f849a022121d6c1103625b5408e28598d9e58d7aba35b54
SHA512 01db87e27b909e83e4b0087634b9fbd45781edaf29f9e8e97db79bbb781b6b8293d8846bd6f107523aabdf08077117e92854d97014c739aa18057bdf095bd6b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baa116d88c7414456a9672fc779338ec
SHA1 c8fe5b1b5c53b932487be82de4ae4eb9e409459a
SHA256 47843ddb929b7ff494669400a67c177e26e8509b20a1e69e4c8fdd9f0bf8a3dd
SHA512 1a1cd1d2d367c34d5c3e11831b3f756b6fae5606e3e421ba08a5d3a8bef666f0c9aa07ef87f1a28ca095aa7b25be56e691dd64103784fabe244cb076d638b814

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50cd8dd8b58a9500b0e28c145b4b6c81
SHA1 03f2f64fa69331c383c01d446a41ce69708b13c6
SHA256 469f060569bebcae713563e1719230e61ab9ed1ce55813c6080853f5c5d48153
SHA512 9d08dc90fb4aa77b7711e72eb949cfe0dc69938df2b23d73e2b5713fb873174d187bd7fe30a6f512fb77b60209e25e5ca35116e136d55dca9b2ca69ab9c52013

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47b0ac1e60d77aec39f2e546a59d9aa
SHA1 2c34309126e65235721e9c3612bb033a5e0df8f5
SHA256 7ffbdf8a77394f1172a799b44f9817b85ffd58e97f0cf0ba6de35d5b193977b7
SHA512 3deb44ef42798cd702b1fb64a274667cdb9c8f6505cc2230a4ff3bdfe1c9c902c3b178138482a9a7304a684435d4066bb8d08dfac97f43b3454bb8a21dc653b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ada55db2846fe8faca484fa8be2373f
SHA1 08ab09dec41ce87253654cbd00b81a31e0e61816
SHA256 82494778a5c2215314c1172ac1322f22aef29b2d18346fd70bc20f997609b3ad
SHA512 f5f75dcfb42a8d075c0cc397f518ee57fd0980c8f730d05d0994d9d27225fd382c62216cc948bab13798336c95416a96091db5e41cf37ebf52a68d05fcbd2fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f23f482cb4da9b5f7ac8fa0a145293bf
SHA1 d23283d95d9966c03053290188f123d76fd0068a
SHA256 99c0ac9e468cf8ed3be1a3c60bfeb6aa9155d93fe1c2620f1f275d10ce3f85fb
SHA512 1d1b6006cc09609dd99471140999afa2197fc0828d112558cb2b0d13f60f67b64df4dbf908a2f1df5e2b093beaeee084d9f287e9308ad52b6c46460782bf61aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc453e578e7ffc872604104e9fe31ad
SHA1 47d68e7fffd0bc00399a76475542df156ffedd25
SHA256 fff87ce2897591f6d547e1e2fc86b4ceebf751dd0b5f099ff233fee9061ed3e0
SHA512 46de63d038a791448d141681948f292ba4c64ae4b687f3c2ff700e09f6297d6e8876bd0fc3a7b6f6bbc69e6f84ada47e0a21b4140fbe6897e3f88d41d2cbf3ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b20f110f5f1ec17bfa36b13dd84e53
SHA1 f5b9c9c36fde02e382952549be5e8aa653a69cb8
SHA256 d697d9f38c3ad8112b115606a83f5edc66ab1cdd1fef99a29d558a75937d9e29
SHA512 846bcee8b84dde8da34f490dad2e9b11f795bcf3b648358f56cdfaeebce5f6af2e1d897f4b7b7a3a8f369d4dbad323542256dbfb2b066360e176104e1c2a2a6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 829dd1fd12b2b1d1954f1aa00bbc00c9
SHA1 549c0451ab6787f1a8760a0d87121e1a93bf5b5e
SHA256 50b282e80baa466d4c1500558b3295f7299f368612d9050c8e32ae4d9a09e29b
SHA512 467f912106530d52e374da0b2e60d23eed6d6505eeb18db78f5f8c743d31f2f319ea004e8614cd85c85c02aca7428ed35b65e363d3ee2ff0b7eeb1e1eccce12a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 297ad6cb7e1947a4b065b645641af491
SHA1 72ac5218dbdd062d717d5166f43ae7061850910f
SHA256 8019446eb3f69f2e62d819190b7161921ec83597b33aef7854215a3ca88fbebd
SHA512 6bdbf52b3d6d57bc864353271afd6d5b8ac2c64a021ae255ee7380a7f738403a4e042d9a92b14f932bf46e267b322e699e5e5a5612b6f655df291cbe9c49afab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51e335e91243cb2eb6133a57180ecc9f
SHA1 264bd0f760bf6c335152f59dc4b43da8bfd216a7
SHA256 ee35143830859405a59bee8bc4c4f66b4811d6d76d8acaffef68ef223014afa2
SHA512 fece1d18494109cc99c0f69618ceac76b902b9610591205daeb3f6a285216ecdbca504807de3cdfa2d70e631bb7ec73e74a5f4508781506c3ff0d1940c2d9b86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 671ded980ccaa423557039e2666a5801
SHA1 b953b38ab4f15bfe96dddd6370911991d195b6b0
SHA256 632b538a2a59364cecd3375ab2705ec572c057ebc6fcce3d45ce041b04516614
SHA512 22e4045b1432dd78baf217e3e2c3af7e68cd0fa3dd45bb31f3bad760ea8ee2c9df7421c80374f75323aae72b79bb895747abac32919b253cc6437959ace3d914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed14955e284cfa2866fd18b4e2633cf1
SHA1 738b2560807954fbcfafc5ffe85f93658b094af3
SHA256 1e13c3fad802197d02d0cecb83fd70f90fbcd33dddb1b6bd74c8bb6f2542ed6e
SHA512 42a520210e7bbacd7952b5b639016076d33ffe40d2b16d972ee56c9bb1f0cad7869fff151377c0dd6aa19b98df9d205c45707d54513615f5ea6740eb4efd188f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11c407ee9902b45225bd0e8213cd5ad9
SHA1 c086fa539e3421527ce5e4b2caf271dd088c4969
SHA256 3e24ff133595c25200165fb0db7f9d413608f89d89afed1d9cbc4f2edd6e5b83
SHA512 724288f9bfcaf3fd40bc2bac1e9ba5be268100be77e88c5de4f3795851da5ed9293efe01011bf475e75b5d43f964a4c293aae0c88f35f2c8ed179715d4278f54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7a9252bb29add8d292714a2aa730c5
SHA1 2dbf9c59b362ab25975a4d8b0e07665023f2cd14
SHA256 fd0d2a635a5983aab5d852828feecc25a4af24842f91117dec7dd5428fc966d1
SHA512 c43dafb587d7bf069e75b874aa10a39ae523e4749fe44a0f4a1a6a7d48c6198f163ab53191222dfede2578b33e9251c1f8a0fb0a43ceded4414a8745f5120ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ef5af5b27a21c2a19dd1bf79ea3388
SHA1 85860829e1a3d2350d76dfb2b083d99433717afa
SHA256 d58a644f0dcee8a931937694269845deb9f868cbf3d518266271d9e6239895c7
SHA512 2b2a8a995f3bba32974420b15411664023e3be4b4aff0b021291575faa25a440930d3c6949f240e6a6bf55df7e3bdf0a646e9e616bbeff5b6c500b1cf6e2adf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e85cf190bc39751e959d9508d8541d4a
SHA1 aae3faec088f7d631cddffde61d10c56c5572964
SHA256 a76f2e312acb83196459dabdc9bb2f7e59187fab7e7a665e4a941ef5661411ba
SHA512 6c6e47decb2164598a51767997930553427ce36d59689dfe20aad37cff3650a8b91986981f90cfa644f5756ca1be6dbe44b076e10676f87f80c414c5c242ae49

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
File opened for modification C:\Windows\System32\Drivers\etc\hosts C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\URL Protocol C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{6A894FFF-725D-4359-A19C-51949D1673E5} C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\URL Protocol C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open\command C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\ = "URL:badlion" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{D164D0CF-6DE2-4278-AAAB-1B14ECE3CF33} C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\URL Protocol C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1080 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 1080 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1080 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1080 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 1080 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 1080 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe C:\Windows\SysWOW64\cmd.exe
PID 748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe C:\Windows\SysWOW64\cmd.exe
PID 748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe C:\Windows\SysWOW64\cmd.exe
PID 2572 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2572 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2572 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2572 wrote to memory of 3772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2572 wrote to memory of 3772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2572 wrote to memory of 3772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 748 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe C:\Windows\SysWOW64\cmd.exe
PID 748 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3112 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3876 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4f0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.2.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe

"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe" --updated /S --force-run

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --updated

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2804 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3944 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 launchermessenger.badlion.net udp
US 44.220.119.182:443 launchermessenger.badlion.net tcp
US 8.8.8.8:53 182.119.220.44.in-addr.arpa udp
US 8.8.8.8:53 cdn.rollbar.com udp
AT 3.161.119.127:443 cdn.rollbar.com tcp
AT 3.161.119.127:443 cdn.rollbar.com tcp
US 8.8.8.8:53 owlmessenger.badlion.net udp
US 104.16.148.116:443 owlmessenger.badlion.net tcp
US 104.16.148.116:443 owlmessenger.badlion.net tcp
US 8.8.8.8:53 client-updates.badlion.net udp
US 104.16.148.116:443 client-updates.badlion.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.81:80 apps.identrust.com tcp
US 2.18.190.81:80 apps.identrust.com tcp
US 104.16.148.116:443 client-updates.badlion.net udp
US 104.16.148.116:443 client-updates.badlion.net tcp
US 104.16.148.116:443 client-updates.badlion.net udp
US 8.8.8.8:53 127.119.161.3.in-addr.arpa udp
US 8.8.8.8:53 116.148.16.104.in-addr.arpa udp
US 104.16.148.116:443 client-updates.badlion.net tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 28.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 assets.badlion.net udp
US 8.8.8.8:53 api.rollbar.com udp
US 35.201.81.77:443 api.rollbar.com tcp
US 8.8.8.8:53 77.81.201.35.in-addr.arpa udp
US 104.16.148.116:443 assets.badlion.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 launchermessenger.badlion.net udp
US 54.237.86.40:443 launchermessenger.badlion.net tcp
US 8.8.8.8:53 40.86.237.54.in-addr.arpa udp
US 8.8.8.8:53 cdn.rollbar.com udp
AT 3.161.119.99:443 cdn.rollbar.com tcp
AT 3.161.119.99:443 cdn.rollbar.com tcp
US 8.8.8.8:53 owlmessenger.badlion.net udp
US 104.16.148.116:443 owlmessenger.badlion.net tcp
US 8.8.8.8:53 api.rollbar.com udp
US 8.8.8.8:53 client-updates.badlion.net udp
US 35.201.81.77:443 api.rollbar.com tcp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 104.16.147.116:443 client-updates.badlion.net udp
US 8.8.8.8:53 java-updates.badlion.net udp
US 8.8.8.8:53 99.119.161.3.in-addr.arpa udp
US 8.8.8.8:53 116.147.16.104.in-addr.arpa udp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.148.116:443 java-updates.badlion.net tcp
US 104.16.148.116:443 java-updates.badlion.net udp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.148.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp
US 104.16.147.116:443 java-updates.badlion.net tcp

Files

C:\Windows\system32\drivers\etc\hosts

MD5 008fba141529811128b8cd5f52300f6e
SHA1 1a350b35d82cb4bd7a924b6840c36a678105f793
SHA256 ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84
SHA512 80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 62d5d73ee869a0a2654d8fd554aaf742
SHA1 be1d557c26633ffd5edcb5caf37b2a09f47c6667
SHA256 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59
SHA512 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 4464c50f9eec4921d7f89c9c22e41636
SHA1 09f2a69aaac4b8f22b72924869f3aaf64edb1363
SHA256 04e0e1682220884f9e87d865d0586b337621d562a0e849222e7245f0f35543ea
SHA512 d8d9a7c0fd2a99b9d7f311ac7c1fcbcbde3a009e1a18be14f41ab382d0f3e86286ad1ac1c2cc82eddb84fad11a5013b2c99e0f4a6d8216c8037dfa19a3c5171c

memory/2432-419-0x00007FFA47B50000-0x00007FFA47B51000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 141dbc6b06bf9483e748b6f45cc4e420
SHA1 1ba15d012eba93b080771ec01d0c460ddc390b95
SHA256 e885ab187fbebe23e014b83cbb9a8089655fcd4e0c55916abcb97533959fedb7
SHA512 1517c206b74570f222ec48f6619726c2749caf6f6ed53eeb60b19a708fefbd6f41bb5abfc2f5768e813d98d355f4cc91574d9297008e4c3765372950dece52ba

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 1006f5b05145fd4315c4bc18fb0ea824
SHA1 048051f69e571d5d36f54c0360764d23ae7c016f
SHA256 5f705770fc9e278ad162eb9bfffd8d424db713bab70207273127f6831d3468db
SHA512 561b6f563d3fda8688519e221eef2bfd381466361457e9f61c0b592214a39607c05f28e9d6e8d44fb1c851c347b51a59453838027f2b79da44704d06be62b05d

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-5382925201c001f0

MD5 ffb98039924220fb33837a443cdc5f51
SHA1 4731fbc7a581df4e0abc248aebc158fb377213a1
SHA256 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba
SHA512 e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 d2da35e826a1e6af049f99048b4fb6ec
SHA1 ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e
SHA256 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227
SHA512 d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162

C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences~RFe57a0f3.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/2432-702-0x000002C85A750000-0x000002C85AE8F000-memory.dmp

C:\Users\Admin\AppData\Roaming\935ef187-8142-4d71-9b45-1e5a701ad0b2.tmp

MD5 6cf456d50a21c147b95933ab5620bd1a
SHA1 5e2bcf1335adede8e9c38c4dbda83fd8dd7e747f
SHA256 e1d8a7c7eadec10c72f204ad803cf975ac357a159fafe36959a0643fced8c347
SHA512 3e0999caa7205b60b7e0f220e9e8ca74d3407d755f670e500d66f90ae93b95e678c73e83c4c94471daa03b1294ac8c52e38f09366bf617846e2f1564b588c639

memory/3988-774-0x000001D0FF1B0000-0x000001D0FF1D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_egu0xter.qxh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3988-784-0x000001D0FF780000-0x000001D0FF942000-memory.dmp

memory/3988-786-0x000001D09ACF0000-0x000001D09B218000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId

MD5 92432f82c446bb69c6daf1ea30ba074b
SHA1 7243cd77d36c58c6cf049289ef81c540057dafb3
SHA256 b37216289fd8a826d274d0baf364cef0cf694f7231bb261fa846df9702526e64
SHA512 3e3b0550141343d4e3d853a3c6d611524fb1f670d9ed90651bf4abf97d1334b94112dd17fd0c0b7e0f984f6ead61b78384fbf53599385e02f213c50b78a160c6

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat

MD5 f6290118c4ede2f15bcb188c720a613b
SHA1 5e06b55d85c6a3af9b6383db755512b4ac6b2004
SHA256 9ce6500ac068c39adf1578618f5b1a611d36093bc1e1fe5cdcea79fc9b3045c3
SHA512 07ecdcbbef71c15528abbbac3ec62096ef4bc278123e404eaa8cf546dc291dcae0c04dca6e430545fccee74c51c54ae8ad5b3af81a2ecbb807d191b6c243fb76

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\LOG

MD5 08784b5d299151890eceef833380f1a3
SHA1 2083abdcc5940159013ced6a30903d888b77e1a7
SHA256 0b9d9e59c7902d9594f32571335624d059c755209048f20bbb725d3660240d56
SHA512 e9efcb53a521bacfaba13cd93faea2e89810d6077968239681203cb6828f8ad7a9b95363bd94f147852c89c746b06de68ffae78028e808c73430362546575ce0

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\000003.log

MD5 34f358dffd9e6694b126af180aa7d4ac
SHA1 8f0996d033a2041b376aedbb80fd044af336e904
SHA256 c62bdde1dc79bef5843a52abe1be9cfb2d40b4f4e6049534bc88fd5c9bfa2b1d
SHA512 afdf275a197fc319880fce44e15bedbb6cb91d8d0fc4bd683c15734654fe26382af39816852cdfcaa435512126c3af3985bd49b0bdbee3b55efc8ef3b69d336c

C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log

MD5 9b36f847a1658e4beedc9ede9cd7f126
SHA1 adb3a36e1605166bf2a7d81c329c9fe01cafd2bc
SHA256 2d8831c356cf710682d1706ddc29cd68ffe5108d113e1ca3b87311cdb7f02d38
SHA512 3092ace71c296c143dc9506c876740da8b9fc63c63083426f92fd36a68b23f15f7d3e06bb74d2772b7aba9e1d830c972cab8600f25679b29ab037a1446e59747

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 3eb2133aa8e044974cd4b25453c0d26b
SHA1 ce1d3a0ba0b89d7de29d971535b17d22997f5254
SHA256 09545599c4309060de9829ce27919e7fe82e1e3e1a84c8b64f74a7020c687891
SHA512 d2e54bd4c6f2e0b56f576648d13aae95fa8df599971e7a550009403498ec17746887e97818e9b3f4dd3c55c4036ca8af8b5c10446b50b46af76d5923a2266ac6

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\launcher\launcher-2024-05-10-23h-15m-20s.log

MD5 8d97efeab0df21de475c785b3b894edb
SHA1 04ed78fb6033aed0acfceafa07e38ec7bb11192b
SHA256 40d788b139cca5d657a1de0edf89b2d2ff73045a33d8e4d3d1b9aac02f7cdf80
SHA512 d25e0024aef81590767711c5eb0a37bdb3b7f6756fcc19975b835a224e8bba69795e50029ac59d7889f707245229672d2dffc5c0454771a3d60a147907e2c2d6

C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\LOG

MD5 1521b73318801cac5be2edf00c4e03a6
SHA1 bfa31f857af62a9b1aed797f189f313382a57f94
SHA256 b0c701752ea8959ba102ea6556f7978e0ffc5c460dab2cf6298df72dbaffc8e4
SHA512 e10c5ca05af14b0ec21784159341737c39f4a536f9a75adf55620672dee6c118b746e58e91bbf9036ee66a81d207978d5a5a2c1e07073b1cbc132a257a6522e8

C:\Users\Admin\AppData\Roaming\Badlion Client\Local State

MD5 37fed0b418a42cbad784545cf5392e5b
SHA1 3312d4d3a78feb6c377f6cf5b64b758c55bb8e33
SHA256 7a15adc4d2671a0ddad90ebee00a698e0839c69de6ef77b97ac8acfcf551947b
SHA512 f33c3cf14678ab588c7ced588e0ea7f55be8f013701c66f9c7250db37027523811a57e1fcb0cef0a8bcf262adcc87c3289e74fea714cd31432096ce3ad489e7c

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\index

MD5 c668f67b73e14bf02d47ffd0f49ce06b
SHA1 6e215cfe6d5e3f52c2702d381a00a9b21f09599a
SHA256 a6ce11f3e5fed983c62a6b9b7c7c35aeccfaa3168ea3609396ad5a0d30b5079d
SHA512 11bb0beb2ae307e76ac413a0b23abd7369755b829e56a0561b73efbb80c0cae9ebe97b97824ca91dfb3408fd2c6a589a519fccab855e7e4d705ea5b75082a718

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1

MD5 3466a6eb0f8af5493a6c9d5632c861ae
SHA1 b47d951882c95f9d8f72a322609de9483c1e7005
SHA256 9bf665f73526d1228ae45a5b2f1285c2d5d8f3b2d78bfc4bf937941f59e17b2d
SHA512 bc0b10a30dc269fb6fd880af7faba6878fd3f795d712ad11fcdaf2d03e4e5073cf9d4cd5322949d382c0a52594c27c871ecd92961470f5288fe094930f441b45

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies

MD5 b774c91af175d1620bcf240c8a6d09a7
SHA1 9427c20a3e0c8dd68417d62f3f1bb5e53c8d0307
SHA256 40a7306697abbf6da23517fc23b4860985a054bad11ea5c31afc0a5658cefe28
SHA512 36b89582a4cd3c17d955f9530a8138341526a7e996d2b8251bf7c015236d808b3d11a26ec155c766a72e9bd206176c1b428fd2a3fea8539d9b4d6b0e2fa34e37

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index

MD5 100abe3eaa14dfec7cb9e36b8d20751c
SHA1 2895357330ca87d8789cbebc9b05dcc990e9e9eb
SHA256 fb27965ed817a2f6427fbc77ab376991db565072d643d81539bddcc3d58f8294
SHA512 84cdb3cecfff1c6afd248975364cc4a502d45610151f4a29b255afd4e5af833f2cfd1a200e99cbb2831a288fa19216cdbdf8695766c934ac79ad429546921e23

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index-dir\the-real-index

MD5 7ce2f8c08ee47c6ee14e9d5b64b3ee5f
SHA1 72c4228e9e3b08d5c8ed0826d877c90c35ed0d62
SHA256 ee39eae615510223255579cfdbe8d720f40cb65baae85f84c705defa9f2c7238
SHA512 0eb651587ee8daed1843772ebc5a4ce2c82532b3dd67232ac6d5f0e5963f0a91687b310c427283cd93a8dca2f1fe07c038f2b1a1f6a6a7ea1e3b7b1ccbd33160

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\lz4-java.license.txt

MD5 0ba5044c64ef53cb0189c9546081e228
SHA1 c8bc7df08db9dd3b39c2c2259a163a36cf2f6808
SHA256 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e
SHA512 a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\notoseriftc.font.license.txt

MD5 bec6f772ed2e38634da53c388c30437d
SHA1 43513d1f6a1329962106efc212457e1d6ef9e980
SHA256 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb
SHA512 de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6

C:\Users\Admin\AppData\Local\Programs\Badlion Client\api-ms-win-core-console-l1-1-0.dll

MD5 3463d82d90601b441cf024c92abe4acc
SHA1 eac8fdafccbc1beb17386552922770bfe12ec1eb
SHA256 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
SHA512 ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll

MD5 ac3c4cafa028297da5037781f1156220
SHA1 937c2b11c7fe4effc16e67af716563aee2419a0f
SHA256 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
SHA512 a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 2a3c5cbe313f4105dce8a79f533e5959
SHA1 26e6768280c83217ccbe36f3a405381defec12b9
SHA256 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
SHA512 e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll

MD5 8c0531639f58f79b5b67b52edebb01bd
SHA1 866f3ca8819440e0ba67eb935e688509f86ce1e3
SHA256 a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
SHA512 d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll

MD5 4215700161720c767e725b1f7fc358ab
SHA1 6e31fa39775c1c6c60fe8869761c31148b0a8019
SHA256 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
SHA512 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll

MD5 3b620d81c727a8aba6dc6895af695d35
SHA1 21641bc6c802d0ada3121d14c2a8de4e708c74bc
SHA256 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0
SHA512 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll

MD5 72d542226f067dae07562fd093b0f5f0
SHA1 c0f7f85753bb351c51dd8e36ca2366a3b24c73ba
SHA256 e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6
SHA512 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll

MD5 285e3257c5a12d3384cd3f5a3ae941b2
SHA1 c05f6a72b73bc7ec8409ed42ccd947f501da0166
SHA256 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb
SHA512 f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll

MD5 d54e0da17090c6911db3fd0770faf91e
SHA1 5538096f53b4160ef2e91987d57d2da0ddb9b6ba
SHA256 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618
SHA512 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll

MD5 2ca477f1799fc97d6bd05437bdfd0017
SHA1 31feb0b42e9237cddc5e47c3f4a076de86ca600e
SHA256 e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227
SHA512 c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d6db1a6b5087a82e766fe7e9f818c135
SHA1 d786b2d8ab10edf0e893fcfbf52b03bceb15f53a
SHA256 f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d
SHA512 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll

MD5 55902b92bbbca7a2d11a946297f583e6
SHA1 b6158f009d98a98ed2e56d377f9c4b6323b852fc
SHA256 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98
SHA512 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll

MD5 8fc176a3a6550f90e73d6da8445e8780
SHA1 5d249243678a789ce56037d0d1b36420d97dce06
SHA256 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467
SHA512 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 27a8f9e71a2f2d134c55de62fad6cf0e
SHA1 b60944dbf9a50a166b71fbc58305c3d559c4157f
SHA256 a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d
SHA512 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 ef80685a812d9c252de35fc9b38bad11
SHA1 c641bf0f41d0617b25aa20d63b033236ad3133ac
SHA256 e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0
SHA512 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll

MD5 ed69bc0f310c5ce427e25973a0a52c31
SHA1 0bd1683418c952490f6a791a044b5840f5dc90b5
SHA256 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01
SHA512 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d2eeb9f6789213bfda7fe6bcb2a1540a
SHA1 c330267c8abd56c04204deee9aabd566268daf97
SHA256 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971
SHA512 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll

MD5 7f8e52ff5a64d2d471413e288a591866
SHA1 cefad6219c916307e0bf7ef1382512c2cd4c2d5f
SHA256 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb
SHA512 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 210b0178e7aca6b9444e2d10ac6ee054
SHA1 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3
SHA256 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906
SHA512 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll

MD5 46361d1f7b60b86f128f4e23c95cc3e6
SHA1 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994
SHA256 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310
SHA512 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll

MD5 599025b219fb4f70b3f93eb0d4d12bb1
SHA1 c1ceab162231476cfa9aa35a54400f3d959369bb
SHA256 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8
SHA512 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll

MD5 8f469c5b261e003ed991f570aea8f29f
SHA1 848046907a02d605d53a31748d8dcca18d11259b
SHA256 ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6
SHA512 f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll

MD5 f2d0493794b45c6a2629fc9c5c80f832
SHA1 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8
SHA256 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507
SHA512 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 f58fd490561921c154c31c05bbb63a3e
SHA1 d5f009e7cbb070b35ed81acd68710716bf971b7a
SHA256 bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff
SHA512 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll

MD5 e0b524ff31e7c651eee7d83b1c7cc2d5
SHA1 d29f001b843e452cae91a2d01ef338373fb24763
SHA256 b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6
SHA512 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll

MD5 d2de2615f123ce2bed3332d505a99385
SHA1 9f2ea75348020d271222fff7984c8ef21aee460e
SHA256 da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9
SHA512 a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll

MD5 89abe10555d85e9bd183fae2c37d7aaa
SHA1 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a
SHA256 d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2
SHA512 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll

MD5 66a41a8156a7f9cae4a7977cb8084fa7
SHA1 4c72b0d8c90daf993fa0371269af04703a81fe4d
SHA256 a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b
SHA512 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 7dbc1ca1f1103cd971a67709d5203dbd
SHA1 717e689b96a5d029558e7cb663d5c7cda840b780
SHA256 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1
SHA512 ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll

MD5 dedf6460cb6fc8229b3e889d1b32f75e
SHA1 f47e35654cb90ed4505ba49a92b2fdc661c0fe8a
SHA256 bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb
SHA512 b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll

MD5 21f5271a151394a654b2f1c44fc44049
SHA1 1d2f98700ee87fc747b230b908fea133b730bf0a
SHA256 a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822
SHA512 cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll

MD5 514a74d1050e7bdcbb1f422fb571c351
SHA1 5a82976e2456fe3f215316a85301460c6af389d7
SHA256 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a
SHA512 f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 3e4803f97b89adbaa575b45aac0dd4b8
SHA1 d810ed1486f86494828a8cd96f774881a629b652
SHA256 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da
SHA512 b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll

MD5 3d2b4445b9fafaa0e13ae0e126be2669
SHA1 3b24c99469ef9a35bf720e711a0b022f2403be22
SHA256 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398
SHA512 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll

MD5 90d42fdf308dfd771797dd41585d3baf
SHA1 daea1f05092de97ea558de14b4e112ad48b77726
SHA256 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe
SHA512 e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6856722db8c9e3dbb7fc62938ad2cf1e
SHA1 6d1aa306d7793916adb30e9aac451b2e43516abe
SHA256 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086
SHA512 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll

MD5 dec83f473e43ee78e92a4b682a9a7904
SHA1 ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3
SHA256 a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b
SHA512 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll

MD5 88b5f9bc871438973ef12782e0c8d12f
SHA1 d327208b4f26c1c6f0e9df50ecb22a89b426465d
SHA256 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b
SHA512 d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll

MD5 f862bd9516845b31973ba98e9f1288b3
SHA1 ada580fc93b4f5a86db92e1d612293ccc21c72f9
SHA256 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1
SHA512 bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll

MD5 9975d1ae7b84b373d9095d757172ec08
SHA1 302edb92e0a6ee621379528fbef9dfcc249b9285
SHA256 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584
SHA512 fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\concrt140.dll

MD5 14b7a99127ca18df05dd1f5be3ac0245
SHA1 991891bb1ea603a002941696697f48cfe52cf94b
SHA256 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995
SHA512 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\discord-rpc.dll

MD5 5882c37b79bae47a0d090006564edb22
SHA1 ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48
SHA256 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b
SHA512 d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ffmpeg.dll

MD5 2fc7f6b0abd1af4988e30e58e8310291
SHA1 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6
SHA256 b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b
SHA512 cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\icudtl.dat

MD5 224ba45e00bbbb237b34f0facbb550bf
SHA1 1b0f81da88149d9c610a8edf55f8f12a87ca67de
SHA256 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc
SHA512 c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libEGL.dll

MD5 1ed91477a02e0e2a64e5e9f26bcea438
SHA1 8058c2bd3342d8d882768188b1e5c45567a8dde9
SHA256 a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03
SHA512 c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libeay32.dll

MD5 4b8269a6ec04ec8ac23904eaaee075bd
SHA1 7e58e27dfd38de0d77eb729824f10c6aa5a0b8c6
SHA256 3c3d0df094235029e561a7813aa5835b25a8bb7b38dd77ef8acbd335f6db0485
SHA512 82a303b1e5adb8ffaa86c99fd63c533841bc9e3237ea3478584411dd92d60ea573ef063758747ff0497d58dfb085e014be1b234b5902face23a29e842b095d1b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libGLESv2.dll

MD5 640a515fcd8e5d5a332c1d40c47700b0
SHA1 0128c9d499deb7866f3d7aae0adab69d9a8f768f
SHA256 927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1
SHA512 792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\psapi.dll

MD5 80050af28eb0070a582b33470d20fc91
SHA1 bacf5fdb74ef5fbaf91d0475736d566ee3babc18
SHA256 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2
SHA512 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d

C:\Users\Admin\AppData\Local\Programs\Badlion Client\msvcp140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources.pak

MD5 f616d69f6e582582930d06c5c18f0f70
SHA1 fde8e2653f2a5317492105bcabeb3565faaf74de
SHA256 bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855
SHA512 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ssleay32.dll

MD5 c87e22c79b0653a27e0f9e6b1a9ac8bc
SHA1 bd37e85bf38192614d2b8fb5048d7e9f38eb34ac
SHA256 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132
SHA512 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ucrtbase.dll

MD5 cca4929ef8dd988d7221ef6ba398f1b5
SHA1 1d21e60e56a15038702dc18148be8cecee279890
SHA256 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3
SHA512 d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vccorlib140.dll

MD5 3d8e0ebbb613cbe80320a61259d18514
SHA1 a69747866b33159ee14eecc9ac19a0ad1f1db4e5
SHA256 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6
SHA512 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vcruntime140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vk_swiftshader.dll

MD5 76d3589242fca16d76aff52910e72d7e
SHA1 a88a7495f71b718e127bdfe09e7a279bf05bfceb
SHA256 f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a
SHA512 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\VMProtectSDK64.dll

MD5 6540242ff58d08c8849268cf305445b8
SHA1 ba0d0c8875ed96f137dcb28aeff873373b994eee
SHA256 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
SHA512 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vulkan-1.dll

MD5 9663210f63cbf7a8d6b36a95d93dd119
SHA1 0fc5c50984b2c9677b8ebce4d4518c1322ce4145
SHA256 de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88
SHA512 a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\zlib.dll

MD5 d48c270acab962aac5d222abee92c39f
SHA1 b23f9b747d859856fcad94652ebd07284fbd33c4
SHA256 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c
SHA512 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\VMProtectSDK32.dll

MD5 17011601817dd00866b681d4a0bd90f2
SHA1 d6ad7087f54182b47a9a6776fab90cb03e95f80c
SHA256 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927
SHA512 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\link_drop.cur

MD5 66e13793e687bdb92c09e0ae7964e194
SHA1 71019343b1747c19503e935aff3c7aba1fb70541
SHA256 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67
SHA512 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\invalid.cur

MD5 2f8b93325987b4eed575ffe251c67751
SHA1 ad1c4ee2358fc0f84d2ac2d17890822ff51ae725
SHA256 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf
SHA512 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grabbing.png

MD5 ddbc22bda750215abfc73d75e1105b17
SHA1 f8dc1196227d95b7630dc85a3543c6db853f65cf
SHA256 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee
SHA512 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grabbing.cur

MD5 8605cf2c21985f59d2480da72aebe3aa
SHA1 1b8137afa3dd66c23af9e40e75339d2f0174aff2
SHA256 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a
SHA512 fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grab.png

MD5 7be75a54023adbe7d6b48260e4e8d032
SHA1 81f20b4e0ca495e393748e0054d9ba12b6179196
SHA256 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e
SHA512 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grab.cur

MD5 3f37213b8c0a7374308b2ae99d4eefa2
SHA1 b72b9901b3fe6fc8693d67cc5e419e494afddbb8
SHA256 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0
SHA512 ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\copy_drop.cur

MD5 f92d1851a489b0af7ab807a2f07ebe16
SHA1 d97c9d7ab76993448f6240322140dd23c756b6c6
SHA256 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab
SHA512 b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\col_resize.png

MD5 0723c45d9f82b0e31a1fee26b9b4f53e
SHA1 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb
SHA256 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab
SHA512 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\col_resize.cur

MD5 23633a8dfa3548705f28c83ee9584d6d
SHA1 be5dd224d071d965bc0411206cadf9b33ddb384f
SHA256 d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0
SHA512 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\move_drop.cur

MD5 63942f237ac6b11d62adf014d2cbdfbb
SHA1 f8b582c7d8edf28c2637d5f0f27f2586cc92bce8
SHA256 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e
SHA512 e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\row_resize.cur

MD5 70618f41c70238453a7d876bac5ab501
SHA1 bbf033428d8cf562ac3347440848b1b3ed1b65a2
SHA256 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04
SHA512 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\row_resize.png

MD5 cd9d05d1ce7c942af1ab5e6eafd0a13c
SHA1 d3dc6b0df04e3c6bcf6166984e3738a7651284ff
SHA256 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f
SHA512 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_out.png

MD5 e1a004a51cb04c38f49184333a23379f
SHA1 5b54adccfebbfe4bb96502db5370c1ab830c829d
SHA256 e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814
SHA512 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\caffeine-2.8.8.jar

MD5 ddac1f8f76743255084022ac6f06b7cf
SHA1 298bb2108157513a39a1a52a686a1fe8b57cc973
SHA256 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73
SHA512 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_out.cur

MD5 48b46c3e0650d525e715cf9cfa6c67e5
SHA1 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a
SHA256 f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536
SHA512 e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\autofriend.license.txt

MD5 318bceaa1151b1b6bffabad8dae01498
SHA1 c776fc09a2e25058149deb3bfa163c0053860a90
SHA256 ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88
SHA512 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\autotip.license.txt

MD5 5b0b97f483331418e30c469af896d87b
SHA1 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae
SHA256 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442
SHA512 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\aperature.license.txt

MD5 1837a1eb671079c67ed2724719588c48
SHA1 ed2c02b395fdeb3b56d0d4258c677a1329e78e54
SHA256 ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6
SHA512 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\optifineinstallwrapper.jar

MD5 8967319339fd7ff2a67b3a9eab3e4b93
SHA1 03e69508f50bffba71390c367fbc5e8c00d07335
SHA256 f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0
SHA512 e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\disruptor-3.4.2.jar

MD5 6895a3c4f54cf92eef6530e9e2cd3c46
SHA1 e2543a63086b4189fbe418d05d56633bc1a815f7
SHA256 f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
SHA512 da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\lz4-java-1.7.1.jar

MD5 d56d86823662a663a4d614dd5e117eff
SHA1 c4d931ef8ad2c9c35d65b231a33e61428472d0da
SHA256 f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac
SHA512 ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\joml-jdk8-1.9.25.jar

MD5 9b868b921d0490b417bd594984b680b1
SHA1 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da
SHA256 fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28
SHA512 c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_in.png

MD5 6a5fbd95c627afe076f43f9254dfe3ed
SHA1 f71cab57e9e80ba792f73f363056f6dede7c8bcd
SHA256 e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522
SHA512 cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_in.cur

MD5 77492cf358d8b12629399322926c93f2
SHA1 8291ac3dad4e4f33183ccdfad7b92b1594c760f9
SHA256 eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872
SHA512 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\badlion.licenses.txt

MD5 a2ed77a24bd53e33a3fd458d99e9be0f
SHA1 07af4fb75f3122867c9e3255ad6d1e11fca88808
SHA256 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05
SHA512 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\chromium.license.txt

MD5 8694b4a605dcd105b40d081ad09f0f46
SHA1 6666d31977554cf9d1558cbc63c339e8b07e3c94
SHA256 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a
SHA512 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\ffmpeg.license.txt

MD5 e62637ea8a114355b985fd86c9ffbd6e
SHA1 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3
SHA256 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809
SHA512 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\ffmpeg.readme.txt

MD5 46efd225e4f70c87659ee3728c4cc352
SHA1 3772c422a0f862d32a0cdd082479e432051f17e6
SHA256 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544
SHA512 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\disruptor.txt

MD5 ae32a12a5be0d4878506f2c7927826c7
SHA1 ef0f419dca631ac1219e19af5b4a5a0875f68da5
SHA256 eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f
SHA512 a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\discord.license.txt

MD5 f8cba3d1a6a62d09224f131fd3054008
SHA1 661a941700833f7229cb17d206f1d25e23301a2d
SHA256 cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f
SHA512 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\cairo.font.license.txt

MD5 5a540f4d98fc81713b81aeadc530c6ed
SHA1 273c8a98fc1b2709cfce81d7f6960b63326e5485
SHA256 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727
SHA512 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\freetype-jni.license.txt

MD5 5db6495b17d58ad312a32e5791c61097
SHA1 428650191730f35163e8ec78a25126869b2ab1e2
SHA256 d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa
SHA512 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\freetype.license.txt

MD5 02891d3fb5adadff2546b4279649112b
SHA1 1b299099e16ad96ebf53e67391685d9d0a51b368
SHA256 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b
SHA512 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\flag-icon-css-license.txt

MD5 d0bc1323b617fbb4d3232b745ff45dfd
SHA1 5c11645d0455590741dacb68d3eb1d253a5ec106
SHA256 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225
SHA512 dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\licenses.dependencies.txt

MD5 2053245129c2910e9a1a854dcf69ece1
SHA1 294462e57e57fc416d28ef2ced053f97465e3fc1
SHA256 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943
SHA512 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\licenses.txt

MD5 4a9c8bbed40470a9ffb7db1d63bbcb9c
SHA1 88a83ce9d6734d54139ee7cbfab63253cb73b415
SHA256 c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f
SHA512 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\lunatriuscore.license.txt

MD5 ee99c1f26cd4e6a2bda84ac34b9ff861
SHA1 0327523304d63b6addb96ba18abb6c47a3fd684c
SHA256 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22
SHA512 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\mclib.license.txt

MD5 12873b817d4334eac6197edbc5956864
SHA1 20a910d495a276c23bc9b43faa7994338f51ce69
SHA256 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72
SHA512 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\nativefiledialog.license.txt

MD5 292e3e89db90cb0fbffba767983a8f55
SHA1 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec
SHA256 c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3
SHA512 b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\notenoughupdates-repo.license.txt

MD5 3a5337edcf43176e258e1a5ed8baafd7
SHA1 fe2b722844bb6331deef47fc5192c1e742ab5caf
SHA256 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc
SHA512 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\nan.license.txt

MD5 895f9d80d77e26153e48525caeb23827
SHA1 3d7128bb4973afb706aa1f67493b537006d79937
SHA256 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1
SHA512 e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\openjdk.license.txt

MD5 8425bcbfbe27f7f8ec1e46e9f0ae0c99
SHA1 5898367b940826f516f625dbd78fb8957f3be986
SHA256 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b
SHA512 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\quickplay.license.txt

MD5 c3e1cf1c2620ba0f75411f66deee382a
SHA1 37f7156c3c10e3c09169697bf2e42bb7fdab27ee
SHA256 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64
SHA512 cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\rubik.font.license.txt

MD5 1a74d7f49b7531048b89d6ee3f49e1e1
SHA1 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5
SHA256 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141
SHA512 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\replaystudio.license.txt

MD5 faddac7574586fc2805a9b3f3365767a
SHA1 bb87c11cb254b9c7693c2e62c051a10596648ecc
SHA256 eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12
SHA512 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\skyblockaddons.license.txt

MD5 b5697125b9a58f980344d778c84eddc0
SHA1 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659
SHA256 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf
SHA512 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\skyhelper-networth.license.txt

MD5 27fa1700231bee88a24cd306d673af97
SHA1 ccaf356f932ddceaa1c59756b2d72c5c21c89fb0
SHA256 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5
SHA512 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\slim.license.txt

MD5 b9647dfe37ebff8112b7fb0204192de8
SHA1 ae084d7c34776826e0398e73eb827682852a4b54
SHA256 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499
SHA512 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\xdelta.license.txt

MD5 b743e02a975dc959abb35bcda12cd4c1
SHA1 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c
SHA256 b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c
SHA512 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\tiny-process-library.txt

MD5 52607bf5b5dbb263092f9672eb5b0b1f
SHA1 ac2b9621c7b1649ccfbd31034ebdff57249802c2
SHA256 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5
SHA512 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\xxhash.license.txt

MD5 184732fe7ad572cca839560f13667eb6
SHA1 76fcece0f58b529b1ecde86e8bf8f8bb1c652519
SHA256 ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a
SHA512 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\id.pak

MD5 d0517c1bf9a89e06ed2b510b9408e578
SHA1 71494250010ed09b55f3879488d4566808a8398b
SHA256 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3
SHA512 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\nb.pak

MD5 bc1983b1c86badb361fe07031a93fa48
SHA1 5bd14d7d7a335dd6457377fc0eaed07a56c369e6
SHA256 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d
SHA512 fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\tr.pak

MD5 a38eea92c514716b8ab019ab792bf541
SHA1 cae203c3ed63807d4f2d89333540556b5e92e161
SHA256 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd
SHA512 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\badlion_js.dll

MD5 ab83489339535b6fcbad1b70ddcade23
SHA1 511d0cd7d8a1c153a774c919d8bb5b943a5fe009
SHA256 2ae0528920d1c27337ecfed3719cb294dbdbcee1b6b1fb30aac1403272610d3a
SHA512 107c734f23c2eaf2214016e881f0d09ce2cd52f5ca24b376d05562cc4366352c3bc04d03fcea2c1fd9b507f3139f898cd33867ebbea11377f9a6ad5c124bd675

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\badlion_electron.dll

MD5 77c88caf62ccf357470d630d9fa4dd7d
SHA1 1e04dfac643ab7284c529d60ab5be68be172d98e
SHA256 9bdd94dc645cb5044536dfbd3a5fc51535a63e32104895bc395b2dfdbc4962e7
SHA512 74506a6a0ed1cb356a4342e5c06244023fa6712d1b4fda178d48c431e2aeb4098c5fd539c431cc859c6560340ffddfc9c2bfe3dca6a27956611ef3189755065e

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\freetype-jni.dll

MD5 f6e10c16e1b5a475bb168bb4b32f8b07
SHA1 363c51396bcff7216f56bb299349d5151f118f20
SHA256 234af7bd598f9104663f824cb65d8ff4a08c33e68173f166bbbb6498de091638
SHA512 8044efc568f19e7e2392f0e8961a82c4a650534aceb9e0b91a64b6e38b24b495d2ff830aabe3efc59e05e0814184d92878d93ad49a65f8debb4f7bdaec0a91fa

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\launcher.node

MD5 a2cb408235c0d92526e20b6432587d6e
SHA1 aec2b9942857fdb1ff45c699f7e198a7cb72cc2f
SHA256 ebaffc8d4fb76a02ff54f993cfa5d5e90c84e18b597621adbcc51fb165532a77
SHA512 c5a36201488c5356e4efb9bda73985af74edbad158e8faf79e683f4244a8bbe8516a52a5f273bfb3208b5fe16329cb6236c1c8efb64ca882d81258aa23b5f8ff

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\app-update.yml

MD5 a85c6f31bef49be88b0a8846daf72dd1
SHA1 1563fbe30087d902674e1e6d4ad5d2a94f559fb4
SHA256 959ea658d5b7f99fc2e9c8e990f98081e019f5917316ab6c3e9e3e81e4d73c88
SHA512 87f6436610c0519daa2580bb08d1a4ca5be5c0a803b4b9db4fd797bedacb28a78d52a9891e891b1c5efa7b09da470206506ce207b61be76025f7b99a34bdf2e3

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\app.asar

MD5 ff482968da25d2526453b2ce0230c73f
SHA1 932c1c3e772de162331fb4626827d8f9dcb799db
SHA256 cc42e22451c3f348f04fd055e96721d36ff6d6b35b6b44d1cc4dfb35e5b17dc6
SHA512 e07cc5db3977d7c814f41dea66e21582764318bf99dd1484b0024a5060b4351b68864fc193cc4a8279ff07bc4f91ea80cbc240f7d36ee59b550175db38479e90

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\elevate.exe

MD5 59b5872248146319a464c52af7f136a4
SHA1 d6ac14ce2d602fc3bb3970554b1eece84c3f913e
SHA256 50fae753983844e20b11f3a8033ec22fbe1168170c98045ea5c6134c8050828e
SHA512 1ddb200db06453593c9e3fa819c906db6405e3920f8c703f5871a2c65cb7b17f773a90aeffc3cc7d76567739ed985dd77752d6cb9928dc05a2f737f97b1f5502

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\roots.pem

MD5 bec29e7471bdfd13632a88a0e1177a4e
SHA1 f06003491572f8c18b6c18f1857562562eb48032
SHA256 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e
SHA512 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\debug-log4j2.xml

MD5 dd7150b869964d8a892cdd584948dc55
SHA1 f8053aba6ad32932509c37f9d06fff2af011ce52
SHA256 c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba
SHA512 a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\swiftshader\libEGL.dll

MD5 e7c8cd0bc5305a7c3c2a2c1f689744e2
SHA1 de20c6420bd838e13867bb37256e1b25bf365942
SHA256 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9
SHA512 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 d9a5609d8da5bd558facf2617619ad2b
SHA1 9debb66a376549ee795e9c049b3a685245e0a4b8
SHA256 da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216
SHA512 b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d

C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 ce591e10b596b03351131b4c341b740c
SHA1 5d173905466eecb7034c3132030146c3f557cb47
SHA256 75172afc595dadfbbb1edeae4cc8dd07cd5f8c6158347c78d81e6bda8ae04014
SHA512 b3d66b1927b6b6e3aefe7f1136efada58bf4e2e265c27cb7ca31946e39d971796d74a225ef0abde3dd16ec2bf9ac936014069cc2d5f878532b52e3dd41b7f831

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 22d34b76477b637f85b94110b113c9d6
SHA1 a3288eb9d3de8b8431a7457b57187cf5ca2ce3fa
SHA256 2a314f8b6fe9281596378139b4ae93d82a3d638d83e1462a6a7912cb7188c16d
SHA512 33c70a9a924d02932e3aa77e101edae1b45431dc1436aa8653008be355b1d769aec7e8faacf4d5700f1f1007c59a714483f81069a53b5bcad64ad76ba78f409c

memory/5104-3237-0x00007FFA47B50000-0x00007FFA47B51000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 50bdc9a03c779e7a27c96817f21f9345
SHA1 a240dff2eee71ff9586a765d467b5f882801c0f5
SHA256 5504d669b277c168df183f7046bbbada1acf417b156f1063ea53079ee174f172
SHA512 d6da2f76d572a983b0db1a916c8f256ce13cc2201ab62448280afb9eac40b407bc2cd690589137c24d4d29b258b82ddf946bcd639e21c4570588ac1a9e13012d

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\bin\msvcr100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\deploy\messages_zh_HK.properties

MD5 4287d97616f708e0a258be0141504beb
SHA1 5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e
SHA256 479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7
SHA512 f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.security

MD5 b7aba3dfea0468195be1256c959135e6
SHA1 8c30082493935efda5ba54489d8605199c976b29
SHA256 c50c923c2b0dc5a3c598671be2cd980f7f06e7254cce04a1fe498f6e17fce3ec
SHA512 c91e110a3f3fc74596d22ee9f59bfa952be75b1b87fdb0e7ca8f188671c8e1d22bf02bc0c0b9f1321ad4df0c8c8db6f660efbba513888686b5ba9f86d7c30b7d

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jvm.hprof.txt

MD5 ad91d69a4129d31d72fbe288ff967943
SHA1 cb510afcdbecea3538c3f841c0440194573dbb65
SHA256 235a50d958faedde808d071705a6d603f97611f568eec40d7444984b984a4b18
SHA512 600bee4676d26e2ce5b9171582540021509a4d7888c9c7badc14f0fad07007e4ce2b4c007a8eb15bd0d977722b8b34442012ea972ffbd72797475a56cdfd86ee

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf

MD5 a0c96aa334f1aeaa799773db3e6cba9c
SHA1 a5da2eb49448f461470387c939f0e69119310e0b
SHA256 fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2
SHA512 a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\bin\server\Xusage.txt

MD5 f4188deb5103b6d7015b2106938bfa23
SHA1 8e3781a080cd72fde8702eb6e02a05a23b4160f8
SHA256 bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763
SHA512 0be9a00a48cf8c7d210126591e61531899502e694a3c3ba7c3235295e80b1733b6f399cae58fb4f7bff2c934da7782d256bdf46793f814a5f25b7a811d0cb2e3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.access

MD5 41b36d832be39a3cf0f3d7760e55fdcb
SHA1 e706e9be75604a13dfcc5a96b1720a544d76348b
SHA256 71a930cbe577cbabb4269650c98d227f739e0d4b9c0b44830dd3d52f5015be1f
SHA512 41e6b8639c1ceb3d09d2fdeeeba89ffa17c4ed8b1ad0df1e5ab46c4bf178688d5504dc5a3c854226f7da23dfa0edab0d035d6b56495829f43aaa2a7babec4273

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_ja.properties

MD5 d830fc76bdd1975010ece4c5369dadf8
SHA1 d8cc3f54325142efa740026e2bc623afe6f3acb5
SHA256 11e886336ba51a9044ab1a87c60ceee34c29bb724e06a16968d31531a7001064
SHA512 7b867a50a811fbd7ffdad0b729ca4501e16386ee5c4940a4cf9a805767cc0d10f7e3bdfd6a60204d79292d778d93e3bd915368ac0e9453bbb1010adfd9655f0f

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf

MD5 a387b65159c9887265babdef9ca8dae5
SHA1 7913274c2f73bafcf888f09ff60990b100214ede
SHA256 712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46
SHA512 359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\LICENSE

MD5 67cb88f6234b6a1f2320a23b197fa3f6
SHA1 877aceba17b28cfff3f5df664e03b319f23767a1
SHA256 263e21f4b43c118a8b4c07f1a8acb11cafc232886834433e34187f5663242360
SHA512 4d43e5edecab92cebd853204c941327dccbfd071a71f066c12f7fb2f1b2def59c37a15ce05c4fe06ec2ea296b8630c4e938254a8a92e149e4a0a82c4307d648f

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf

MD5 4d666869c97cdb9e1381a393ffe50a3a
SHA1 aa5c037865c563726ecd63d61ca26443589be425
SHA256 d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06
SHA512 1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\amd64\jvm.cfg

MD5 3bc0c7371c924bf144af8516ba8ba720
SHA1 dcd2c34791a1e7c7d0866d00c014f566d983d860
SHA256 875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1
SHA512 eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf

MD5 630a6fa16c414f3de6110e46717aad53
SHA1 5d7ed564791c900a8786936930ba99385653139c
SHA256 0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923
SHA512 0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif

MD5 89cdf623e11aaf0407328fd3ada32c07
SHA1 ae813939f9a52e7b59927f531ce8757636ff8082
SHA256 13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d
SHA512 2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt

MD5 ea05cfe64caab3ac7c6ce79163faf3f1
SHA1 e7798b9f64d07b359e9efd3723c64c0842c3bd69
SHA256 8091d955ed8fcc8c87e83c9d582692662aeb79a5a87b431e92ddb187cb32f835
SHA512 836d99f3109d2a3538c8f94c7c66fc9e8584cb1e15d5a187325663109b6ee8624e0f7b257e54ec6b28d529518a59f5772f3a2b39dd99273862829565a36f5325

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\accessibility.properties

MD5 9e5e954bc0e625a69a0a430e80dcf724
SHA1 c29c1f37a2148b50a343db1a4aa9eb0512f80749
SHA256 a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e
SHA512 18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_es.properties

MD5 72bdae07c5d619e5849a97acc6a1090f
SHA1 9fc8a7a29658ac23a30ab9d655117bb79d08dc3b
SHA256 821a3452ecb9f29bcec16c0b39fb668c2cc30c7f7283b34bfc5400040723892b
SHA512 67f0d1d60012b5598864b68612aa488af1b5876ff5f347cd98abcf1e3c0d267cf0354d5085bf12b0a09c6ef124fd0117cd16fcc032da2b195d45bab19740bb78

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\flavormap.properties

MD5 b0ce9f297d3fec6325c0c784072908f1
SHA1 dd778a0e5417b9b97187215ffc66d4c14f95fef0
SHA256 6da00c1cbe02909dcd6a75da51d25dbf49bfd1d779c0b8e57b12e757229fc4a8
SHA512 4c774bcb9ade996569c86dd46b3bdb046771ad1bcf9aabb9db86854c83e18015cbe5df73da86ee98e26ba0393f548b1cc09de60bda4248eacc4fc833e23b8ab4

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\calendars.properties

MD5 92ba2d87915e6f7f58d43344df07e1a6
SHA1 872bc54e53377aac7c7616196bcce1db6a3f0477
SHA256 68f0cf30429a42a6fe78b1de91970e5c78fd03d1599beb080c1c196d5c59e4c0
SHA512 a964e2ceb4d601faf28ecf13fb11777b70708c21cf9ea23721e462b6e911051108b8a42ebf6447fa49cb61d7fa2d79475f50ee791f1121616371e2b02fab71b6

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.password.template

MD5 5dd28aaf5a06c946df7b223f33482fdf
SHA1 d09118d402ca3ba625b165ecace863466d7f4ce9
SHA256 24674176a4c0e5eefb9285691764ea06585d90bbdaf5bf40c4220de7ca3e3175
SHA512 13c6f37e969a5aece2b2f938fa8ebf6a72c0c173678a026e77c35871e4ae89404585fb1a3516ae2ca336fc47eab1f3dd2009123adba9c437cd76ba654401cbdf

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\[email protected]

MD5 cb81fed291361d1dd745202659857b1b
SHA1 0ae4a5bda2a6d628fac51462390b503c99509fdc
SHA256 9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435
SHA512 4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\splash.gif

MD5 249053609eaf5b17ddd42149fc24c469
SHA1 20e7aec75f6d036d504277542e507eb7dc24aae8
SHA256 113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be
SHA512 9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\profile.jfc

MD5 4350cbf99dca8cfcd1075fbbe2ff6c60
SHA1 37e6c871457dc5691a692c9577877d6846e43c6e
SHA256 9bcd76b6dca5ea258edaddd2cfdd0dd93e66e4d9352eda6752c82e0e87be5408
SHA512 1d397c2881de8aa8e77a503a83b7025010c953c8b56a2d8f7b53cee7b7d68451ce0527ecb775df52ecd1d5cf7912b67dc1186ce6a0990ac2d0fe3519321678e3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfontj2d.properties

MD5 66b3e6770c291fe8cd3240ffbb00dc47
SHA1 88ce9d723a2d4a07fd2032a8b4a742fe323eec8f
SHA256 7ea6e05d3b8b51d03c3d6548e709c220541df0f1aee2e69b9101c9f051f7c17a
SHA512 d1b99aa011568affa415758c986b427588ae87fe5eb7fc52d519f7167ad46bbff8b62799f14d8dbc7c55deb6ff7259445d6e8882cc781d61206ed1b79b688745

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\US_export_policy.jar

MD5 ee4ed9c75a1aaa04dfd192382c57900c
SHA1 7d69ea3b385bc067738520f1b5c549e1084be285
SHA256 90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870
SHA512 eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\javaws.policy

MD5 e0c4ef8b210c0ddfee01126e1aca4280
SHA1 f1cc674f447045d668454996d5c3c188884762cd
SHA256 e5cd7f9fd43084674aa749bc8301f28de85eef6d01bd78828f72fa32377a3368
SHA512 4820074f15520ad099193b27a673499c31544a7279279efcb6131d53fe997438a96e1c5b386c233385004f7a2fbb775d4cde3c0272a196b54c0d8ee6ccef43df

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\sRGB.pf

MD5 1d3fda2edb4a89ab60a23c5f7c7d81dd
SHA1 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA256 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA512 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf

MD5 af0c5c24ef340aea5ccac002177e5c09
SHA1 b5c97f985639e19a3b712193ee48b55dda581fd1
SHA256 72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244
SHA512 6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\local_policy.jar

MD5 57aaaa3176dc28fc554ef0906d01041a
SHA1 238b8826e110f58acb2e1959773b0a577cd4d569
SHA256 b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7
SHA512 8704b5e3665f28d1a0bc2a063f4bc07ba3c7cd8611e06c0d636a91d5ea55f63e85c6d2ad49e5d8ece267d43ca3800b3cd09cf369841c94d30692eb715bb0098e

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\content-types.properties

MD5 95ae170d90764b3f5e68c72e8c518ddc
SHA1 1939b699d16a5db3e3f905466222099d7c29285a
SHA256 a2b31e9cbceab296a5e1cf056efd953ced23b888cd929b0bbe6eb6b53d2bf861
SHA512 87e970beac8141c757d622fc8b6d84fe173ea4b134afd8e2f979714c1110c3d92f3ce5f2b9dc74804dd37d13ab2a0edf0fca242f61cf8ed065ae81b7331f8816

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf

MD5 c1397e8d6e6abcd727c71fca2132e218
SHA1 c144dcafe4faf2e79cfd74d8134a631f30234db1
SHA256 d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff
SHA512 da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf

MD5 b75309b925371b38997df1b25c1ea508
SHA1 39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add
SHA256 f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde
SHA512 9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf

MD5 793ae1ab32085c8de36541bb6b30da7c
SHA1 1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7
SHA256 895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c
SHA512 a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_fr.properties

MD5 ffe3cc16616314296c3262b0a0e093cd
SHA1 198dd1c6e6707c10ae74a1c42e8a91c429598f3b
SHA256 3941736bef6a8e53d002b6b67ece4793c2f3f34bcc1ecb271684eb3f73fc4103
SHA512 cd3a9329f405ca14e11cdbb74d467b31a31530cbf00537b16fb23aebc6c07eb268e9624fdbc997aa0cf4852dac288e1d011e2fc392d71e25dbdf52e359ba9d4e

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\management.properties

MD5 054e093240388f0322604619ef643f18
SHA1 6e110c2a5d813013e9c57700be8b0d17896e950c
SHA256 bf41d73eab0da8222fe24255e1bbf68327fb02b1a4f1e7a81b9c7b539033ffb2
SHA512 bd60c6271cdeffff4563e6e2cf97c176d86f160092d1ffcbe7eefe714ba75ddc5fb4e848a5fdbe7a1d1510720d92af6a176a76de2cc599f27e4beae8e692c5d3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfont.properties.ja

MD5 a38587427e422d55b012fa3e5c9436d2
SHA1 7bd1b81b39da78124be045507e0681e860921dbb
SHA256 d2c47de948033ed836b375ccd518cf55333fe11c4ced56bc1ce2ff62114cf546
SHA512 ea6ca975e9308ed2b3bbcce91ee61142dab0067ce8f17cb469929f6136e6b4a968bac838141d8b38866f9ef5e15e156400859cccc84fb114214e19556f0dc636

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\tzmappings

MD5 b8dd8953b143685b5e91abeb13ff24f0
SHA1 b5ceb39061fce39bb9d7a0176049a6e2600c419c
SHA256 3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272
SHA512 c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\default.jfc

MD5 23aa3364d2ad1a2fc01fe9632b3b657e
SHA1 aa73c9d419da1237450d85a8c14fe8473fc96a0d
SHA256 dc59d905640c4931f45b14d24a08757a3108597a07eaefc5317c52681797139d
SHA512 d882bcbc7eb8372758467c211c6b1d00ce76ecb3579bd6682ec84d63472b9164a9c9ba27d6b88e779c726d90c8c7bc364ccbe37dfd514c638f24fa79d6478e31

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\hijrah-config-umalqura.properties

MD5 6e378235fb49f30c9580686ba8a787aa
SHA1 2fc76d9d615a35244133fc01ab7381ba49b0b149
SHA256 b4a0c0a98624c48a801d8ea071ec4a3d582826ac9637478814591bc6ea259d4a
SHA512 58558a1f8d9d3d6f0e21b1269313fd6ac9a80a93cc093a5e8cdec495855fcd2fc95a6b54fe59e714e89d9274654bb9c1cd887b3fb9d4b9d9c50e5c5983c571b8

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\sound.properties

MD5 bb63293b1207cb8608c5fbe089a1b06d
SHA1 96a0fa723af939c22ae25b164771319d82bc033b
SHA256 633015ad63728dfe7a51bf26e55b766dd3e935f1fcccffa8054bf6e158ea89b2
SHA512 0042debe4a77da997a75a294a0c48d19aed258eeb3cd723fd305037df11f0a5073a92cc54967b8b541e1afc912f36481d0b0f68477b8156e52e15093722b7c32

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\meta-index

MD5 91aa6ea7320140f30379f758d626e59d
SHA1 3be2febe28723b1033ccdaa110eaf59bbd6d1f96
SHA256 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4
SHA512 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf

MD5 5dd099908b722236aa0c0047c56e5af2
SHA1 92b79fefc35e96190250c602a8fed85276b32a95
SHA256 53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee
SHA512 440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\cursors.properties

MD5 01b94c63bd5e6d094e84ff3ad640ffbf
SHA1 5570f355456250b1ec902375b0257584db2360ae
SHA256 52845deb58038b4375c30b75dd2053726872758c96597c7cc5d6cef11f42a2ba
SHA512 816be2271cf3ecf10ee40e24a288ce302b2810010bef76efc0ce5746591955921b70f19005335f485d61a7b216dcce0b06750831720dd426d07709154d5fac7a

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif

MD5 cc8dd9ab7ddf6efa2f3b8bcfa31115c0
SHA1 1333f489ac0506d7dc98656a515feeb6e87e27f9
SHA256 12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338
SHA512 9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\ext\meta-index

MD5 005faac2118450bfcd46ae414da5f0e5
SHA1 9f5c887e0505e1bb06bd1fc7975a3219709d061d
SHA256 f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8
SHA512 8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\GRAY.pf

MD5 1002f18fc4916f83e0fc7e33dcc1fa09
SHA1 27f93961d66b8230d0cdb8b166bc8b4153d5bc2d
SHA256 081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424
SHA512 334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\logging.properties

MD5 0aa5d5efdb4f2b92bebbeb4160aa808b
SHA1 c6f1b311a4d0790af8c16c1ca9599d043ba99e90
SHA256 a3148336160ea7ef451052d1f435f7c9d96eeb738105ac730358edada5bd45a2
SHA512 a52c2b784cf0b01a2af3066f4bb8e7fd890a86cfd82359a22266341942a25333d4c63ba2c02aa43ade872357fc9c8bbc60d311b2af2ad2634d60377a2294afdd

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_it.properties

MD5 bf5e5310b2dcf8e8b3697b358ad4446d
SHA1 c746ac1f46f607fa8f971bea2b6853746a4fb28d
SHA256 cc9ad73957535011ee2376c23de2c2597f877aceba9173e822ee79aad3c4e9e6
SHA512 b6c61d38b0acc427b9b2f4c19dabd7eacbe8eea6b973fd31b3555c4c5b3ffaf1ca036b730359346f57223b44cce79e04a6d06bbc13c6f7dd26ed463776bb6dcc

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_zh_CN.properties

MD5 823d1f655440c3912dd1f965a23363fc
SHA1 50b941a38b9c5f565f893e1e0824f7619f51185c
SHA256 86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7
SHA512 1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 694a59efde0648f49fa448a46c4d8948
SHA1 4b3843cbd4f112a90d112a37957684c843d68e83
SHA256 485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198
SHA512 cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\CIEXYZ.pf

MD5 10f23396e21454e6bdfb0db2d124db85
SHA1 b7779924c70554647b87c2a86159ca7781e929f8
SHA256 207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c
SHA512 f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\blacklist

MD5 3f5dc1d941e8356ccd04454ac0a7a7d2
SHA1 3698f9afd870c7959e2d8a0da0a97b4475554831
SHA256 c48d57d64ed98f8f174a4f6873f536ae03b41a63f67079d7c2f7140950a1c02e
SHA512 65319a4ef150884f7e67c6f96085a996c9b32dcf9a539c4eb7af77b1b46cdd90f1e83446f33da14467ea37d0628c9411323f5c3d3cefcf03cbdfa186eeb2bd3c

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\snmp.acl.template

MD5 9d9ec1bb9e357bbfb72b077e4af5f63f
SHA1 6484b03dbe9687216429d3a6f916773c060e15ce
SHA256 8b02a29bc61b0f7203df7ca94140f80d2c6a1138064e0441dfd621cf243a0339
SHA512 5fe39bbfca806ce45871a6223d80fa731efaa5d31c3b97ee055ab77eaf3833342945f39e9858335d9dd358b4b7f984ffade741452e19b60b8e510aa74ac02c00

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\README.txt

MD5 4bda1f1b04053dcfe66e87a77b307bb1
SHA1 b8b35584be24be3a8e1160f97b97b2226b38fa7d
SHA256 fd475b1619675b9fb3f5cd11d448b97eddee8d1f6ddcca13ded8bc6e0caa9cf3
SHA512 997cee676018076e9e4e94d61ec94d5b69b148b3152a0148e70d0be959533a13ad0bc1e8b43268f91db08b881bf5050a6d5c157d456597260a2b332a48068980

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\PYCC.pf

MD5 24b9dee2469f9cc8ec39d5bdb3901500
SHA1 4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144
SHA256 48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0
SHA512 d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages.properties

MD5 2eb9117d147baa0578e4000da9b29e12
SHA1 3d297ecf3d280d4aa3d1423e885994495243f326
SHA256 b8d9c69ff7f4832a9b365d4a43cf66dff9847051752b13eedf024caa9c1ef46b
SHA512 c3f7730767941b3c8f6f53d4686e9f898d1907d978f6d1fa35ba02c3fcd8306335406a5f9abaa844f27f7afd9e548810becb9ec3e6b84888ea5eac57b6ed6fdb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_de.properties

MD5 ff9cfee1acfcd927253a6e35673f1bb7
SHA1 957e6609a1af6d06a45a6f7b278be7625807b909
SHA256 e130fbd5fa378a380f46f42981f2c97bc152059c27120204ab4da47079d31513
SHA512 f42601092436d7af30ccd81126185232d9d643b195d3d4619aec451e3e2a60e33e6378e770dd1a4cdf7ab20cb749371665a992ca73d2842a7102f3fb34b6b9eb

C:\Users\Admin\AppData\Roaming\ff60a168-f63b-4214-9ce3-35cfbcd5aae6.tmp

MD5 050445f361673df6b448e8a85bb845b4
SHA1 f8ae63dd6cb0a271982653a09583fc5eb6427892
SHA256 a69310493fe902acbde001b22ac7e2e4db9823b097e286d30da21b0b6a71f083
SHA512 56ab0ad126529507d892224dde021c000c3e26eabfde3fc015bd06581a1bcf057ec1cbbb8ce4b38d256865ade734df3ba91046ee1de91a0ec45a5fa5bc6f2eb1

memory/5104-4698-0x0000028900BB0000-0x00000289012EF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.policy

MD5 ec90fd04c2890584a16eb24664050c2a
SHA1 c7fe062eac95909ec6a5ea93f42dda5e023ad82c
SHA256 ced51e3926e6b0cfec8ecab3b15d296fdcfae4d32046224814aaab5fd0fed9c0
SHA512 8da494925b3b5aae69a30a8b5f9732e64edbae39c968229d112185e349c410a0f5d1b281a4e44718e0120e910820b15ca878b2ed1cf905dfc6595f1ba34b85d3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\java.scripting\ASSEMBLY_EXCEPTION

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.management.jfr\ADDITIONAL_LICENSE_INFO

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.attach\LICENSE

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\conf\security\policy\unlimited\default_US_export.policy

MD5 1a08ffdf0bc871296c8d698fb22f542a
SHA1 f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA512 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.javadoc\jquery.md

MD5 8ef4ab67241efd69eaa3df9871fa0dbd
SHA1 a20a019c3b06d4263b00f5e89ed394a52b8c1981
SHA256 0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e
SHA512 1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.sctp\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfontj2d.properties

MD5 17b15d370018acc01550175882c7da91
SHA1 4edd9e0fc3d30fbdcabcdcaab3bc0b3157fc881e
SHA256 780c565d5af3ee6f68b887b75c041cdf46a0592f67012f12eeb691283e92630a
SHA512 e4ee92d4598385cb2f6f3a4db91ddabd7e615dc105ed26cdc5b5598d01c526cea7726ff93f92a308350229f2e5a5dd64cc0c38865dd97666368a330b410d4892

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.jdi\ADDITIONAL_LICENSE_INFO

MD5 19c9d1d2aad61ce9cb8fb7f20ef1ca98
SHA1 2db86ab706d9b73feeb51a904be03b63bee92baf
SHA256 ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9
SHA512 7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\colorimaging.md

MD5 0889fd01a6802a5a934572d9bd47f430
SHA1 7a7e547452ee1c72e8b0d96dccbe315f62d5b564
SHA256 04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189
SHA512 f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.attach\ASSEMBLY_EXCEPTION

MD5 7caf4cdbb99569deb047c20f1aad47c4
SHA1 24e7497426d27fe3c17774242883ccbed8f54b4d
SHA256 b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a
SHA512 a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\jcup.md

MD5 d19594fbf6eab2242dc29257905d8ded
SHA1 fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c
SHA256 8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf
SHA512 7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\logging.properties

MD5 0f00ec3e7a7767a4efeae1875fb5f3d4
SHA1 167808418571e9209b952188ddab2f4e62920e68
SHA256 b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f
SHA512 e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\jvm.cfg

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\management.properties

MD5 1e236f07e2b653fafe2c0ecd3eb815e1
SHA1 81c332967eb7424827e9a570d845f7d48930b35c
SHA256 07dffdd85b01c19bf46ca320a699aba48dd6b01043eb0bd6a9528c7993312bad
SHA512 4fae4e2b5f7122cd80c03b3d04fca5c4b9586be6c712dfdb729f5e85d6e71a86addfdb975be4ee7e250e28643222687f834a6456054e38331bd978aba79dae71

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzmappings

MD5 4c30d7867505379a18a27d0e8f03198c
SHA1 0cc871d5bd91e061d676a861749af68bbc0ca9c6
SHA256 b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab
SHA512 873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.localedata\thaidict.md

MD5 2ea6eb55ca40902554aaf2fd20a76ba8
SHA1 e5b9e88e174c797c313d6739e7e34772b723bc4b
SHA256 c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a
SHA512 5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfont.properties.ja

MD5 d4c735bf5756759a1c3bc8de408629fc
SHA1 67c15e05a398b4ce6409d530a058f7e1b2208c20
SHA256 5a4bd51b969bf187ff86d94f4a71fdfbfa602762975fa3c73d264b4575f7c78f
SHA512 8124b25decfa64a65433ff2ce1f0f7bdf304abe2997568abc35264a705f07152aa993b543da37c4132b4b1b606743c825c90a0eb17b268518d478f5cf0889062

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.access

MD5 5880f5255cf159b204761cf24be76061
SHA1 db484eb763831db19c089c9820a54cc875e4f624
SHA256 0c25d26ee212ca1e8c33f67c3c460d43fe849c3a1d23dbe341148517602b280c
SHA512 64d33add796d2d3df7ad37aa452ee1d106174be1ade3063d73ba416211629a9a9b05177969404fdc92fcee8458450c9de4a6195744b93131303208cb6f1416ad

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\exempt_local.policy

MD5 4cbb03f484c86cbea1a217baae07d3c9
SHA1 ee67275bc119c98191a09ff72f043872b05ab7fd
SHA256 8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9
SHA512 2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\wepoll.md

MD5 cef1d92ff8ace278bd32ac5e18735b86
SHA1 6c7d15e2b8f3e99527458c8ea33420ee1d34af7b
SHA256 3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0
SHA512 12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\ADDITIONAL_LICENSE_INFO

MD5 71bb3ad0017bf36d14bb96a8d4b32c45
SHA1 1a5c553e71bdb7d94995b206bc9eaa49abd1e888
SHA256 a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916
SHA512 9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\sound.properties

MD5 4f95242740bfb7b133b879597947a41e
SHA1 9afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA512 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\README.txt

MD5 3d47d94bc4f19d18bcc8b23f51d013af
SHA1 a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
SHA256 6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
SHA512 68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.dynalink\dynalink.md

MD5 7c3773c14e9de1161a33902d64854bde
SHA1 bee6874bd3625623c939441c9269f9c6239a9247
SHA256 17312591cabee3ef6c34ed8897d92e4e361ba9cea41ec00dcd61a322a8fc2cdb
SHA512 86ee77d8e129b78173964461cd27200aeab7fb6417fe0f4982d9b126ed2292216d08212be91b53eccb26dd6a8b3e1aab1d1dbab85c2133872ac0027dc87a8223

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

MD5 b77d1951df7a8488eb84ce1d25486a14
SHA1 e35415235ec3bbcb92beeceb03a9a8e7c13a6fce
SHA256 371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d
SHA512 759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\lcms.md

MD5 04a8a77cafdd6185a3506eccf7a83346
SHA1 1acbec21e9eab8bd2bee9826353c1e768d5457b5
SHA256 8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782
SHA512 a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\security\blocked.certs

MD5 8273f70416f494f7fa5b6c70a101e00e
SHA1 aeaebb14fbf146fbb0aaf347446c08766c86ca7f
SHA256 583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58
SHA512 e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\dom.md

MD5 13952c46b3867103ad7d1e9c6c9e906c
SHA1 4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb
SHA256 6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148
SHA512 8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.internal.opt\jopt-simple.md

MD5 4f3f190fd212329afc39442174ca4b3a
SHA1 d7e25adf223e68d06276ae7666bbc96590dda442
SHA256 99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05
SHA512 fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\aes.md

MD5 2e33468a535a4eb09ef57fc12a2652d0
SHA1 e64516f3fa1e72f88caa50f14b8046dd74d012b6
SHA256 45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d
SHA512 4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzdb.dat

MD5 2fd920c56de68f65493ba6962fd079e1
SHA1 1e79bff02711d3dab3c75e90d4bb08f8086c9626
SHA256 b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93
SHA512 958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\LICENSE

MD5 3e0b59f8fac05c3c03d4a26bbda13f8f
SHA1 a4fb972c240d89131ee9e16b845cd302e0ecb05f
SHA256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726
SHA512 6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\net.properties

MD5 385443b7e4a37bc277c018cd1d336d49
SHA1 b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
SHA256 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
SHA512 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\zlib.md

MD5 440321d71d082c9f04a9995b613bdff2
SHA1 9af688d499b3026ec8e5a2e266dc4b9b4884a87b
SHA256 81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285
SHA512 c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\c-libutl.md

MD5 2e89a282a50f8702e52703464e6937ca
SHA1 cfc22a6f5b17cd539234d5b3160a5224abefadb9
SHA256 bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9
SHA512 ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\giflib.md

MD5 867001e2a577f88cfc856f45959502aa
SHA1 109c11cec13349212ba94b9f3eb7d0943229938e
SHA256 c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8
SHA512 dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\unlimited\default_local.policy

MD5 2a0f330c51aff13a96af8bd5082c84a8
SHA1 ad2509631ed743c882999ac1200fd5fb8a593639
SHA256 8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a
SHA512 2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

MD5 fa24b7e2a61a7045cb0c6c385000681b
SHA1 869fc0b687986ea26b8ff63c137e03c92234a5c8
SHA256 262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811
SHA512 2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.password.template

MD5 ad773cfd53efe03e662f1cf23561f725
SHA1 3bad5b040b6d7117df4c40609ea0f8074339ee47
SHA256 0273b6a6b9e20e6ce54c5aee70164028e0395063b2b7d39060a40b6495543dbf
SHA512 e6794168ba80a8ff733d8c1771930ae8c8fc33030e5e9ca02700f326c88a2f68ff09bc734bfd1e492ef15705b288c7918ce1f3f7174742dee6a62dfe086abd65

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\mesa3d.md

MD5 c7e0d19c8f4eff11e97f0eb9afd3f7f4
SHA1 6a98ee2703132e181f37d162452f073fb64ced83
SHA256 63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152
SHA512 9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4

C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\default_local.policy

MD5 6d7b4616a5dba477b6b6d3f9a12e568f
SHA1 7fb67e217c53a685cb9314001592b5bd50b5fbb9
SHA256 2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441
SHA512 a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2

C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State

MD5 bdba1dccce6bc58eed28b6a2bc148cd8
SHA1 f3ef5f6c12588e4c126fbf5b2f28915ee33f22c6
SHA256 34c49e5963d600ebdd6cefeaebe75332eefb0ed855d636ab4346a646179c293c
SHA512 59f6b25f96f965848c783587cc0f4ede9cb4e4df21e8763c5b21a2ca1c4cdcb7a1084b8898171976ae4ebbd2987eb6041f68949ab2f8173cbb8f2083f580d5d5

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:18

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

172s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 142.250.185.138:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 138.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:18

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

167s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-interlocked-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-interlocked-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240419-en

Max time kernel

118s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

100s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1556 wrote to memory of 2424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1556 wrote to memory of 2424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1556 wrote to memory of 2424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2424 -ip 2424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240220-en

Max time kernel

120s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\URL Protocol C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
PID 2908 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 2908 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 2908 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 2908 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
PID 2908 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2056 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1828 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe

"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.2.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"

C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe

"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe" --updated /S --force-run

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq %USERNAME%"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq Admin"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Badlion Client.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 launchermessenger.badlion.net udp
US 44.220.119.182:443 launchermessenger.badlion.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 142.250.186.142:443 redirector.gvt1.com tcp
US 8.8.8.8:53 cdn.rollbar.com udp
US 8.8.8.8:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
AT 3.161.119.113:443 cdn.rollbar.com tcp
AT 3.161.119.113:443 cdn.rollbar.com tcp
US 8.8.8.8:53 owlmessenger.badlion.net udp
US 104.16.147.116:443 owlmessenger.badlion.net tcp
US 104.16.147.116:443 owlmessenger.badlion.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 assets.badlion.net udp
US 104.16.148.116:443 assets.badlion.net tcp
US 104.16.148.116:443 assets.badlion.net tcp
US 8.8.8.8:53 client-updates.badlion.net udp
DE 142.250.186.142:443 redirector.gvt1.com tcp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 104.16.147.116:443 client-updates.badlion.net udp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 8.8.8.8:53 api.rollbar.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
US 35.201.81.77:443 api.rollbar.com tcp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 104.16.147.116:443 client-updates.badlion.net udp
US 104.16.147.116:443 client-updates.badlion.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.4.4:443 tcp
US 8.8.4.4:443 tcp
US 8.8.4.4:443 tcp
US 8.8.8.8:53 download.microsoft.com udp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp
US 23.220.113.200:80 download.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3B7C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4011.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar414F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 79742862b18fb88cfe2b06203c6b3b9e
SHA1 1d9365894a003e43b5112c63419dacd8f37b0600
SHA256 e94b0c28327020c4cde9b9dd8ff77112c954227392423739447cef550588f80b
SHA512 7636a51ede5fb1acec52330ad78a6c678ec793c9a899f7df5a607eff1bb07d4644ad851115a38f9a9ddceadfa151c2c36fe6b19bc53219cb711b4751b7507130

C:\Windows\system32\drivers\etc\hosts

MD5 53316bc0c42b9d65743709021f1d03c7
SHA1 44cfe377bf7fedee2ce8f888cfacefd283e924e6
SHA256 600d914eb6b9ffb387be5b7300ca138192a4e86c4679c9bff36bcf0364e74b36
SHA512 9b390f6d7955413c8d63d02dff6988442cf78bbfb72e12f7deab56b190c1a7f455c5af3344ee5a1f7477d383c24e567af4fb7639ab6d9f014935418bf1cf00f6

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 62d5d73ee869a0a2654d8fd554aaf742
SHA1 be1d557c26633ffd5edcb5caf37b2a09f47c6667
SHA256 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59
SHA512 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550

memory/2488-514-0x00000000775C0000-0x00000000775C1000-memory.dmp

memory/2488-482-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c47f2478f6458700756e25ca28cdb83
SHA1 faae98cbc98adeb01fafffd3f515c4448a8fb17a
SHA256 4c60c1a3f69c3811423ebab1426981ae04cc814a3986c6182cde5aebc31110de
SHA512 0db72179a5e401a4df8031d2a81409d8e545ea92b2fcd669a7d7fce1426ad2df6466fb790988eaff8208f08b96caa1bcfc99cb313503504c3b35ee025541c292

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0248a686e0be68d498620acdfed1dea0
SHA1 04517a5f7b5df88c69e2715b6820dd1c579ad166
SHA256 f347e6b45a6e8b7d712595b8f3156a00cb67911efe29b00311b4c05b863c2ff3
SHA512 522fb112b4f11258911afdc6c93d16a189f7291489460b5e8f999ea15688a800ebe7c3a37207b34dee8a0f4217e79825c908db2a13b2c3a57c8f95de53fb9018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 e0941c3ef712e912bc012f118dd5bc00
SHA1 67f14968d46ca7d56db1269000b5d89968c78869
SHA256 22579a347237a66658d456cde186e74a44b38285333b1dc0c31b4459b98a0d46
SHA512 c1b54215e9fee3f812042f1dbce205a7aa2492299568d707cd3fb680048f1fd0c740e24ed50f9563ebe0a9a7e911c2a3b685fa979f4dfa32e5ce116f22f43f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-53829248454ea407

MD5 ffb98039924220fb33837a443cdc5f51
SHA1 4731fbc7a581df4e0abc248aebc158fb377213a1
SHA256 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba
SHA512 e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29dcd7fd07e19727a73af769d35ff8db
SHA1 90198cd5baab3b4c08657a4f534a0a85e343d0ff
SHA256 0a1c49724ce7fe88607053cbcb298b04ee89ddefa3f82ef175584ce3c25d3ec3
SHA512 3395da34445fd2aaceb61a5741e3965673203e3adcca0e30c2d7fdf85e84c35bd32fae15dad6bffe196ccc8761641d83cc7c13a43a18739d6a4ce249b7815e46

C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

MD5 d2da35e826a1e6af049f99048b4fb6ec
SHA1 ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e
SHA256 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227
SHA512 d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32091680d205b2cdd283243807c35c50
SHA1 a7731d9df9b7053bc397ae846aab76177bd71b25
SHA256 1799657d54be1c8f54248c9dbea445ba02d708946a9d8b47c743ad38bf5f549a
SHA512 630899bfa735d64936280ec963c2b472c31903f1fbf54d87bdf37c4bb8699dda52db81acef8f98627083b7b242992793faabee65ea4251117841b2b40f13e420

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09ae742410f25f5d7ccb6c2847733823
SHA1 9a4270275403a1aa2fa3f418b655c2ca2a6c5701
SHA256 c2d46140ca6fc88065a2a111f48671a90e5d264a45735c6fb16d29e44d48d10b
SHA512 3d6a4e047b80f50bb7f87a3e25d513cf0382580657a41e645604315dbab81e128101b4a1ea4b6914b225b2c05d8b4269d6c4b64ed59e12075156e5981dd85b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a23d7b204c91fdd77b73f18481e39f
SHA1 422f8b060dffc0c102f3aeced987cff49c4c5114
SHA256 4233d901624074c00cc7dd85a219c4d705cb89fa6ac284d6e24a64e2544675cb
SHA512 127b7596fb97b39a89b4ba6d265b29f8068100a119a2efddba86e0bd4f5c6f5dc288e503dadea492055c7a3f9a7f35367e7505d097b22e496520b8752acd0b9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe85b46c728a45f21d8c06b6c74dd4b9
SHA1 a03b04c534ee40be2c9419cbcd1d9a0c9e1417db
SHA256 ba000389517f8f87828470574f5ff284bfa206aa7f89cbd6cc77301110f0a4f2
SHA512 08c24340af88bcaff5d66c983681e03d9facb0b87f0ef76b7043fbb9068a554ac80a5912fb7df6307b3410a54928a860c9498063a6bbbe6a5b14498c789fc70b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51376d8f9f151ea9802e3a1cc993f6c5
SHA1 d157cf2d73d30ed470c9d1b3891067024f86e894
SHA256 75c20dee3f3a3a6bbf23bd4bf7e81a332784363b6d723a1d9c326380d3fd5d3f
SHA512 a964e97d30394fe270fb7bacea7d053eb9ed31c95cb98efb259fb859a2b26884bd2b88f959b3f38e597faa481e12e04095eef94d0763aadf10367c4f7403ae1f

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 aba36324838ec90a86f551dd8d5b8bb1
SHA1 1b276a09dc93ca519d313c2063c12a83a99b3362
SHA256 62c0678800b1495c125fdae39d7f3510b4437d0b4df5c5a37c741070fa160ee2
SHA512 b02d8447fbe3329b502d5a54e71167015100c97e9cf358732798797c215e3d178e5e0885c915127221807bfe7f9df40bd7be82e861d6d2e76f3ce45af8facc06

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 4d6ade88bd9ba437e88810b2931fb07f
SHA1 b8c881560099c08931fe9e389ca89e819b58bee5
SHA256 bcfcf450e16cc0950730e99ebf3e373caa2d1533608fb5e978b5b3ed74290f63
SHA512 c329230b37ddb376a5456058bcda6bad944d3ad51613ec7e3a84a71a5f8db213ed7e6dc13b0c4a531ced8a105029d215de4aa1580e686f4ab0ee6f36336b95d1

C:\Users\Admin\AppData\Roaming\Badlion Client\70c18255-ab5b-44dc-be48-dc70e1453b03.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\57c8da57-a1c5-4f22-a5dc-cc945c35c1af.tmp

MD5 f6337ef8fe190bb703d73f50e46e2e36
SHA1 2b720a67d0ffeefc8715a83ce107f91efb0e6ae7
SHA256 e404f3c7e58f54cd4ab5bbc169c8fa71a9059ad5c88162ba0ea9fc57844ed3bf
SHA512 aeb7fa616c0703fbefba33936c8c2b1dd77e03e6a96e0dc498de27bf03d7ea048448aa77f8bf34fe9241a43c42c0d87ca2b39aed6987c894fcdd7c3f81871e21

memory/3932-1593-0x000000001B730000-0x000000001BA12000-memory.dmp

memory/3932-1594-0x0000000001E90000-0x0000000001E98000-memory.dmp

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1

MD5 36e4e73541b9dd86e0fcd81746f062a0
SHA1 3ddd99f2826259511d6aa4eb86ead41f07c5e360
SHA256 fc3763a48770173d3fe1b36e546e276d7bb5015a637e262fe19ecf6404035c3f
SHA512 d4b930146beb7ea5b904dc9c2fb7dd1bb330165e33fc8e2b68e2dde60b8dad71af3b3001546af9bb84f7e3cdcb1168ab067c0a35f282475f2f2d1d293d6e33b9

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat

MD5 f6290118c4ede2f15bcb188c720a613b
SHA1 5e06b55d85c6a3af9b6383db755512b4ac6b2004
SHA256 9ce6500ac068c39adf1578618f5b1a611d36093bc1e1fe5cdcea79fc9b3045c3
SHA512 07ecdcbbef71c15528abbbac3ec62096ef4bc278123e404eaa8cf546dc291dcae0c04dca6e430545fccee74c51c54ae8ad5b3af81a2ecbb807d191b6c243fb76

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\LOG

MD5 cb08a4b8f84b3d81f1d8db93fbfbaa0d
SHA1 0f6716bec1c09a36ee87eff4f647e290c6e77bc4
SHA256 9360f529ebb138b5007aeda4b196906991e576327bd45ae06faa2f9b3af2503a
SHA512 1c3a6b27547eae1b12c26c66a3901933032a7bbe94c98352139a4beee890d248e34fa292eb03387b34aeaf8150dd34e19ef2540e4d3eb10a32f71a3f6be0b5f8

C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\000003.log

MD5 7f2681f894a1cd39a64c48ac6e7f3969
SHA1 aecfd7074e3b4adb31c715aa1b7be70439593d4b
SHA256 fde22fa01e0421169d887dc9730158ef8c3e26565354c30ed41276a485a15654
SHA512 758b5057940f20db05263164129eafb4243d4faadcd978a3a48c3e579ad38fd78ec0d928c0496b32f2653f95165f3f39e8a20fad0d682082c5064f74753f15b6

C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log

MD5 fa64cebeda4d8181046b4bfbafbbcb02
SHA1 63a7e821f146c79cc9ddd976597a477fd853a3d3
SHA256 4201d4224b3e11326ae7ac4ca375d469913c83953d05e0eef6bff97996a84220
SHA512 75f5be1342ee27f732a4acd148ace19a659f66224413015493dc2ac952a6fefa39f0eb5dccbd6e26c4d120b35472fd52e2581b8c272c29fea584df01cc25c922

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

MD5 c4881f361f2b2d805bb865e620d89be1
SHA1 6c260c9e59d3b91625c1ed5cd05b2467551e3167
SHA256 5c21360435eed8cc4c358d7095dba15dc2210c147eb9e20bbfb9a725041edb32
SHA512 196262b3e8047d1f15c4b3b23908de3dba9e94bd3a6eba676afcdcfc708d133d392f2634652ca822301ffc280dc3d522598b681840bf4e486a56521e53b08950

C:\Users\Admin\AppData\Roaming\Badlion Client\logs\launcher\launcher-2024-05-10-23h-15m-17s.log

MD5 95166c021d42630db843f1947d24aefa
SHA1 91f93558fd124bd220a188a857082ffbcd0e2f7f
SHA256 71df7d2cccc68b0305ddaec7da23318fcb624ffbfe831ef101b5408a8ba04037
SHA512 1cf952c841965881958c85cc9650b445faf929150eceb0c2213e846f4bd79fb1671a0498b5750aaf5f7a204d245047a1af6715e3af0b3be2458b064104daff2d

C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\LOG

MD5 6dcdadf40edd2f85128edc4e94bc1aca
SHA1 156924a013358b8bcb37335e61d2e91875cc0764
SHA256 fa7c333516e3b8e894a84d6ef4a3366fad1caf3a321b75b75bc9ded426aba223
SHA512 0f5420f13ffbf83a751c48cba39efb72b3c63abd6495f4b86df6905637e00ee6397e317e0834dd50ff3453c5b9b7d197e9404d29d41007d13c8faba70ebf430b

C:\Users\Admin\AppData\Roaming\Badlion Client\Local State

MD5 c6a5a4201cef86f117a528ad481c619c
SHA1 2e1791fceb59ad7e14b05689c58bc9e741a2c780
SHA256 f0a7622c943b82f4e5ce0ca194e25b77059230dda4f607fb678e15acd1d8449d
SHA512 694e44db09f331539e753e8124fe4ad0f315a5535592fe5be36dc44c2cbef600b242a8616d6ae321cb6546f0095e803f0cc780712a8116a5c9f9035b4f23b5c2

C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\index

MD5 32fb2d47424bfe034836bbb4d7c5a74d
SHA1 1126bb34ddca2768927d3ec01c99c26a82632b2d
SHA256 b110a53b9744e794d5e51e2489dda8a9ce6c394b62d3b32eb012cf2c9545557f
SHA512 adcee1e7e64680e929157e3e37760b85df67cda18b378ac6f257ac6fc90975f3dda0600040dbb08d4ae89eafbea114b530580cf1e74e20b06584606cc0d2e9c4

C:\Users\Admin\AppData\Roaming\Badlion Client\FontLookupTableCache\font_unique_name_table.pb

MD5 52b43a858c24f00363413039b51b11d3
SHA1 4b02d3aa85d8da8e6d771f0e18c30112fca4e630
SHA256 997db37a632e6a1a8814026d3b3febc0714383dfb26599524a2558960774dc51
SHA512 96c017473290b157403ac87c4d5c83f9e7c80ffa694113d4c521b39525307e06b14e2b8c077a7783338830a24e31b43de1358216fd5e2acf5697b4bcfa8d8f43

C:\Users\Admin\AppData\Roaming\Badlion Client\en-US-9-0.bdic

MD5 a78ad14e77147e7de3647e61964c0335
SHA1 cecc3dd41f4cea0192b24300c71e1911bd4fce45
SHA256 0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa
SHA512 dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies

MD5 76304179fbf6b60eefd5b5e535483137
SHA1 f5ca1a5705a2cd3df231e593dfb3741ea820cd52
SHA256 ab6c5722e81996003e350548b8a0932989b4a644d7c6dbab23a4bfaa771073a7
SHA512 53ee111c966b9bba1c6d6ed4176428b68e003b93aad5bf70ada64b44525b3c028befb2a457892fdd6b7d232287133463a4c0d7ece62fc756afe3535cfc58b7f4

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index

MD5 23070aad9d4aa482158e8522e3456c3c
SHA1 0f4d4e96c69dfca340bb2ae1b901a4a823813a96
SHA256 f7e1270930d8335fa117ae026dab1959a4d69ca45b673a7cd58ff8e12c741ed9
SHA512 23ebfeeea94c9983a6d500b17615cfc62219bf5951e9047f594ced92268c2699af379e77e6d06d83a0ebadd1178a12a7855cfb30c5b17b70fae2fbb8d0a19eb9

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index-dir\the-real-index

MD5 db61248083dbf1cb4ecee5c858c087b2
SHA1 64eb92e3949ff45655aa7550f9bbaa0bfd5bdeae
SHA256 0f05c293ff1349be4b525aeb644c3207b4723bf07306404a06eae75132f0be38
SHA512 e5f51a11bbbebab708ccf6a01dd8c61a4bfb57b5581c97d4b09b4d640866356151a40d10ed956374d122ce821eec3e5515f156d3232da63832e73c70bd45d622

C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId

MD5 1f5a92beeac6abcf2eb9d52db5b40701
SHA1 a12053b676287b46545c223891c110540d0bb279
SHA256 58fd0b0009caad3725d0acc7002f55cf0178891d8b7f86d4fddc48520531d4a1
SHA512 010ed41c3f5012c70b19001822f7c7850649149313fd345e49155bde86b15166d900f08da2d6c700c806a130625cf41de08281afd4d7a54316abc304094ea178

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\lz4-java.license.txt

MD5 0ba5044c64ef53cb0189c9546081e228
SHA1 c8bc7df08db9dd3b39c2c2259a163a36cf2f6808
SHA256 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e
SHA512 a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\notoseriftc.font.license.txt

MD5 bec6f772ed2e38634da53c388c30437d
SHA1 43513d1f6a1329962106efc212457e1d6ef9e980
SHA256 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb
SHA512 de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-console-l1-1-0.dll

MD5 3463d82d90601b441cf024c92abe4acc
SHA1 eac8fdafccbc1beb17386552922770bfe12ec1eb
SHA256 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
SHA512 ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll

MD5 ac3c4cafa028297da5037781f1156220
SHA1 937c2b11c7fe4effc16e67af716563aee2419a0f
SHA256 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
SHA512 a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll

MD5 8c0531639f58f79b5b67b52edebb01bd
SHA1 866f3ca8819440e0ba67eb935e688509f86ce1e3
SHA256 a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
SHA512 d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d6db1a6b5087a82e766fe7e9f818c135
SHA1 d786b2d8ab10edf0e893fcfbf52b03bceb15f53a
SHA256 f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d
SHA512 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 2a3c5cbe313f4105dce8a79f533e5959
SHA1 26e6768280c83217ccbe36f3a405381defec12b9
SHA256 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
SHA512 e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll

MD5 4215700161720c767e725b1f7fc358ab
SHA1 6e31fa39775c1c6c60fe8869761c31148b0a8019
SHA256 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
SHA512 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll

MD5 285e3257c5a12d3384cd3f5a3ae941b2
SHA1 c05f6a72b73bc7ec8409ed42ccd947f501da0166
SHA256 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb
SHA512 f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll

MD5 72d542226f067dae07562fd093b0f5f0
SHA1 c0f7f85753bb351c51dd8e36ca2366a3b24c73ba
SHA256 e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6
SHA512 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll

MD5 3b620d81c727a8aba6dc6895af695d35
SHA1 21641bc6c802d0ada3121d14c2a8de4e708c74bc
SHA256 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0
SHA512 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll

MD5 d54e0da17090c6911db3fd0770faf91e
SHA1 5538096f53b4160ef2e91987d57d2da0ddb9b6ba
SHA256 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618
SHA512 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll

MD5 2ca477f1799fc97d6bd05437bdfd0017
SHA1 31feb0b42e9237cddc5e47c3f4a076de86ca600e
SHA256 e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227
SHA512 c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll

MD5 55902b92bbbca7a2d11a946297f583e6
SHA1 b6158f009d98a98ed2e56d377f9c4b6323b852fc
SHA256 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98
SHA512 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll

MD5 8fc176a3a6550f90e73d6da8445e8780
SHA1 5d249243678a789ce56037d0d1b36420d97dce06
SHA256 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467
SHA512 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 27a8f9e71a2f2d134c55de62fad6cf0e
SHA1 b60944dbf9a50a166b71fbc58305c3d559c4157f
SHA256 a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d
SHA512 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 ef80685a812d9c252de35fc9b38bad11
SHA1 c641bf0f41d0617b25aa20d63b033236ad3133ac
SHA256 e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0
SHA512 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll

MD5 ed69bc0f310c5ce427e25973a0a52c31
SHA1 0bd1683418c952490f6a791a044b5840f5dc90b5
SHA256 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01
SHA512 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d2eeb9f6789213bfda7fe6bcb2a1540a
SHA1 c330267c8abd56c04204deee9aabd566268daf97
SHA256 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971
SHA512 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll

MD5 46361d1f7b60b86f128f4e23c95cc3e6
SHA1 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994
SHA256 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310
SHA512 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322

C:\Users\Admin\AppData\Local\Programs\Badlion Client\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 210b0178e7aca6b9444e2d10ac6ee054
SHA1 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3
SHA256 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906
SHA512 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll

MD5 7f8e52ff5a64d2d471413e288a591866
SHA1 cefad6219c916307e0bf7ef1382512c2cd4c2d5f
SHA256 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb
SHA512 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll

MD5 599025b219fb4f70b3f93eb0d4d12bb1
SHA1 c1ceab162231476cfa9aa35a54400f3d959369bb
SHA256 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8
SHA512 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 f58fd490561921c154c31c05bbb63a3e
SHA1 d5f009e7cbb070b35ed81acd68710716bf971b7a
SHA256 bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff
SHA512 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll

MD5 8f469c5b261e003ed991f570aea8f29f
SHA1 848046907a02d605d53a31748d8dcca18d11259b
SHA256 ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6
SHA512 f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll

MD5 f2d0493794b45c6a2629fc9c5c80f832
SHA1 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8
SHA256 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507
SHA512 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll

MD5 e0b524ff31e7c651eee7d83b1c7cc2d5
SHA1 d29f001b843e452cae91a2d01ef338373fb24763
SHA256 b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6
SHA512 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll

MD5 d2de2615f123ce2bed3332d505a99385
SHA1 9f2ea75348020d271222fff7984c8ef21aee460e
SHA256 da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9
SHA512 a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll

MD5 66a41a8156a7f9cae4a7977cb8084fa7
SHA1 4c72b0d8c90daf993fa0371269af04703a81fe4d
SHA256 a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b
SHA512 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll

MD5 89abe10555d85e9bd183fae2c37d7aaa
SHA1 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a
SHA256 d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2
SHA512 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll

MD5 dedf6460cb6fc8229b3e889d1b32f75e
SHA1 f47e35654cb90ed4505ba49a92b2fdc661c0fe8a
SHA256 bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb
SHA512 b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 7dbc1ca1f1103cd971a67709d5203dbd
SHA1 717e689b96a5d029558e7cb663d5c7cda840b780
SHA256 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1
SHA512 ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll

MD5 21f5271a151394a654b2f1c44fc44049
SHA1 1d2f98700ee87fc747b230b908fea133b730bf0a
SHA256 a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822
SHA512 cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll

MD5 514a74d1050e7bdcbb1f422fb571c351
SHA1 5a82976e2456fe3f215316a85301460c6af389d7
SHA256 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a
SHA512 f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 3e4803f97b89adbaa575b45aac0dd4b8
SHA1 d810ed1486f86494828a8cd96f774881a629b652
SHA256 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da
SHA512 b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll

MD5 3d2b4445b9fafaa0e13ae0e126be2669
SHA1 3b24c99469ef9a35bf720e711a0b022f2403be22
SHA256 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398
SHA512 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll

MD5 90d42fdf308dfd771797dd41585d3baf
SHA1 daea1f05092de97ea558de14b4e112ad48b77726
SHA256 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe
SHA512 e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6856722db8c9e3dbb7fc62938ad2cf1e
SHA1 6d1aa306d7793916adb30e9aac451b2e43516abe
SHA256 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086
SHA512 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll

MD5 dec83f473e43ee78e92a4b682a9a7904
SHA1 ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3
SHA256 a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b
SHA512 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll

MD5 88b5f9bc871438973ef12782e0c8d12f
SHA1 d327208b4f26c1c6f0e9df50ecb22a89b426465d
SHA256 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b
SHA512 d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll

MD5 f862bd9516845b31973ba98e9f1288b3
SHA1 ada580fc93b4f5a86db92e1d612293ccc21c72f9
SHA256 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1
SHA512 bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll

MD5 9975d1ae7b84b373d9095d757172ec08
SHA1 302edb92e0a6ee621379528fbef9dfcc249b9285
SHA256 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584
SHA512 fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\concrt140.dll

MD5 14b7a99127ca18df05dd1f5be3ac0245
SHA1 991891bb1ea603a002941696697f48cfe52cf94b
SHA256 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995
SHA512 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\discord-rpc.dll

MD5 5882c37b79bae47a0d090006564edb22
SHA1 ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48
SHA256 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b
SHA512 d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ffmpeg.dll

MD5 2fc7f6b0abd1af4988e30e58e8310291
SHA1 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6
SHA256 b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b
SHA512 cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\icudtl.dat

MD5 224ba45e00bbbb237b34f0facbb550bf
SHA1 1b0f81da88149d9c610a8edf55f8f12a87ca67de
SHA256 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc
SHA512 c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libeay32.dll

MD5 4b8269a6ec04ec8ac23904eaaee075bd
SHA1 7e58e27dfd38de0d77eb729824f10c6aa5a0b8c6
SHA256 3c3d0df094235029e561a7813aa5835b25a8bb7b38dd77ef8acbd335f6db0485
SHA512 82a303b1e5adb8ffaa86c99fd63c533841bc9e3237ea3478584411dd92d60ea573ef063758747ff0497d58dfb085e014be1b234b5902face23a29e842b095d1b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libGLESv2.dll

MD5 640a515fcd8e5d5a332c1d40c47700b0
SHA1 0128c9d499deb7866f3d7aae0adab69d9a8f768f
SHA256 927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1
SHA512 792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libEGL.dll

MD5 1ed91477a02e0e2a64e5e9f26bcea438
SHA1 8058c2bd3342d8d882768188b1e5c45567a8dde9
SHA256 a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03
SHA512 c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\msvcp140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\psapi.dll

MD5 80050af28eb0070a582b33470d20fc91
SHA1 bacf5fdb74ef5fbaf91d0475736d566ee3babc18
SHA256 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2
SHA512 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources.pak

MD5 f616d69f6e582582930d06c5c18f0f70
SHA1 fde8e2653f2a5317492105bcabeb3565faaf74de
SHA256 bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855
SHA512 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ssleay32.dll

MD5 c87e22c79b0653a27e0f9e6b1a9ac8bc
SHA1 bd37e85bf38192614d2b8fb5048d7e9f38eb34ac
SHA256 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132
SHA512 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vccorlib140.dll

MD5 3d8e0ebbb613cbe80320a61259d18514
SHA1 a69747866b33159ee14eecc9ac19a0ad1f1db4e5
SHA256 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6
SHA512 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ucrtbase.dll

MD5 cca4929ef8dd988d7221ef6ba398f1b5
SHA1 1d21e60e56a15038702dc18148be8cecee279890
SHA256 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3
SHA512 d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vk_swiftshader.dll

MD5 76d3589242fca16d76aff52910e72d7e
SHA1 a88a7495f71b718e127bdfe09e7a279bf05bfceb
SHA256 f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a
SHA512 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\VMProtectSDK32.dll

MD5 17011601817dd00866b681d4a0bd90f2
SHA1 d6ad7087f54182b47a9a6776fab90cb03e95f80c
SHA256 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927
SHA512 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\VMProtectSDK64.dll

MD5 6540242ff58d08c8849268cf305445b8
SHA1 ba0d0c8875ed96f137dcb28aeff873373b994eee
SHA256 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
SHA512 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vcruntime140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\zlib.dll

MD5 d48c270acab962aac5d222abee92c39f
SHA1 b23f9b747d859856fcad94652ebd07284fbd33c4
SHA256 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c
SHA512 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vulkan-1.dll

MD5 9663210f63cbf7a8d6b36a95d93dd119
SHA1 0fc5c50984b2c9677b8ebce4d4518c1322ce4145
SHA256 de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88
SHA512 a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\col_resize.cur

MD5 23633a8dfa3548705f28c83ee9584d6d
SHA1 be5dd224d071d965bc0411206cadf9b33ddb384f
SHA256 d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0
SHA512 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\copy_drop.cur

MD5 f92d1851a489b0af7ab807a2f07ebe16
SHA1 d97c9d7ab76993448f6240322140dd23c756b6c6
SHA256 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab
SHA512 b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\col_resize.png

MD5 0723c45d9f82b0e31a1fee26b9b4f53e
SHA1 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb
SHA256 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab
SHA512 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_out.png

MD5 e1a004a51cb04c38f49184333a23379f
SHA1 5b54adccfebbfe4bb96502db5370c1ab830c829d
SHA256 e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814
SHA512 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_out.cur

MD5 48b46c3e0650d525e715cf9cfa6c67e5
SHA1 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a
SHA256 f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536
SHA512 e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_in.png

MD5 6a5fbd95c627afe076f43f9254dfe3ed
SHA1 f71cab57e9e80ba792f73f363056f6dede7c8bcd
SHA256 e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522
SHA512 cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_in.cur

MD5 77492cf358d8b12629399322926c93f2
SHA1 8291ac3dad4e4f33183ccdfad7b92b1594c760f9
SHA256 eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872
SHA512 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\row_resize.png

MD5 cd9d05d1ce7c942af1ab5e6eafd0a13c
SHA1 d3dc6b0df04e3c6bcf6166984e3738a7651284ff
SHA256 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f
SHA512 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\row_resize.cur

MD5 70618f41c70238453a7d876bac5ab501
SHA1 bbf033428d8cf562ac3347440848b1b3ed1b65a2
SHA256 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04
SHA512 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\move_drop.cur

MD5 63942f237ac6b11d62adf014d2cbdfbb
SHA1 f8b582c7d8edf28c2637d5f0f27f2586cc92bce8
SHA256 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e
SHA512 e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\link_drop.cur

MD5 66e13793e687bdb92c09e0ae7964e194
SHA1 71019343b1747c19503e935aff3c7aba1fb70541
SHA256 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67
SHA512 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\invalid.cur

MD5 2f8b93325987b4eed575ffe251c67751
SHA1 ad1c4ee2358fc0f84d2ac2d17890822ff51ae725
SHA256 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf
SHA512 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grabbing.png

MD5 ddbc22bda750215abfc73d75e1105b17
SHA1 f8dc1196227d95b7630dc85a3543c6db853f65cf
SHA256 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee
SHA512 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grabbing.cur

MD5 8605cf2c21985f59d2480da72aebe3aa
SHA1 1b8137afa3dd66c23af9e40e75339d2f0174aff2
SHA256 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a
SHA512 fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grab.png

MD5 7be75a54023adbe7d6b48260e4e8d032
SHA1 81f20b4e0ca495e393748e0054d9ba12b6179196
SHA256 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e
SHA512 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grab.cur

MD5 3f37213b8c0a7374308b2ae99d4eefa2
SHA1 b72b9901b3fe6fc8693d67cc5e419e494afddbb8
SHA256 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0
SHA512 ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\caffeine-2.8.8.jar

MD5 ddac1f8f76743255084022ac6f06b7cf
SHA1 298bb2108157513a39a1a52a686a1fe8b57cc973
SHA256 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73
SHA512 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\disruptor-3.4.2.jar

MD5 6895a3c4f54cf92eef6530e9e2cd3c46
SHA1 e2543a63086b4189fbe418d05d56633bc1a815f7
SHA256 f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
SHA512 da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\optifineinstallwrapper.jar

MD5 8967319339fd7ff2a67b3a9eab3e4b93
SHA1 03e69508f50bffba71390c367fbc5e8c00d07335
SHA256 f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0
SHA512 e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\joml-jdk8-1.9.25.jar

MD5 9b868b921d0490b417bd594984b680b1
SHA1 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da
SHA256 fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28
SHA512 c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\lz4-java-1.7.1.jar

MD5 d56d86823662a663a4d614dd5e117eff
SHA1 c4d931ef8ad2c9c35d65b231a33e61428472d0da
SHA256 f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac
SHA512 ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\autotip.license.txt

MD5 5b0b97f483331418e30c469af896d87b
SHA1 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae
SHA256 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442
SHA512 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\badlion.licenses.txt

MD5 a2ed77a24bd53e33a3fd458d99e9be0f
SHA1 07af4fb75f3122867c9e3255ad6d1e11fca88808
SHA256 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05
SHA512 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\autofriend.license.txt

MD5 318bceaa1151b1b6bffabad8dae01498
SHA1 c776fc09a2e25058149deb3bfa163c0053860a90
SHA256 ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88
SHA512 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\aperature.license.txt

MD5 1837a1eb671079c67ed2724719588c48
SHA1 ed2c02b395fdeb3b56d0d4258c677a1329e78e54
SHA256 ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6
SHA512 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\cairo.font.license.txt

MD5 5a540f4d98fc81713b81aeadc530c6ed
SHA1 273c8a98fc1b2709cfce81d7f6960b63326e5485
SHA256 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727
SHA512 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\chromium.license.txt

MD5 8694b4a605dcd105b40d081ad09f0f46
SHA1 6666d31977554cf9d1558cbc63c339e8b07e3c94
SHA256 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a
SHA512 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\discord.license.txt

MD5 f8cba3d1a6a62d09224f131fd3054008
SHA1 661a941700833f7229cb17d206f1d25e23301a2d
SHA256 cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f
SHA512 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\disruptor.txt

MD5 ae32a12a5be0d4878506f2c7927826c7
SHA1 ef0f419dca631ac1219e19af5b4a5a0875f68da5
SHA256 eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f
SHA512 a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\ffmpeg.readme.txt

MD5 46efd225e4f70c87659ee3728c4cc352
SHA1 3772c422a0f862d32a0cdd082479e432051f17e6
SHA256 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544
SHA512 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\freetype-jni.license.txt

MD5 5db6495b17d58ad312a32e5791c61097
SHA1 428650191730f35163e8ec78a25126869b2ab1e2
SHA256 d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa
SHA512 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\freetype.license.txt

MD5 02891d3fb5adadff2546b4279649112b
SHA1 1b299099e16ad96ebf53e67391685d9d0a51b368
SHA256 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b
SHA512 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\flag-icon-css-license.txt

MD5 d0bc1323b617fbb4d3232b745ff45dfd
SHA1 5c11645d0455590741dacb68d3eb1d253a5ec106
SHA256 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225
SHA512 dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\ffmpeg.license.txt

MD5 e62637ea8a114355b985fd86c9ffbd6e
SHA1 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3
SHA256 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809
SHA512 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\licenses.txt

MD5 4a9c8bbed40470a9ffb7db1d63bbcb9c
SHA1 88a83ce9d6734d54139ee7cbfab63253cb73b415
SHA256 c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f
SHA512 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\lunatriuscore.license.txt

MD5 ee99c1f26cd4e6a2bda84ac34b9ff861
SHA1 0327523304d63b6addb96ba18abb6c47a3fd684c
SHA256 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22
SHA512 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\licenses.dependencies.txt

MD5 2053245129c2910e9a1a854dcf69ece1
SHA1 294462e57e57fc416d28ef2ced053f97465e3fc1
SHA256 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943
SHA512 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\mclib.license.txt

MD5 12873b817d4334eac6197edbc5956864
SHA1 20a910d495a276c23bc9b43faa7994338f51ce69
SHA256 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72
SHA512 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\nan.license.txt

MD5 895f9d80d77e26153e48525caeb23827
SHA1 3d7128bb4973afb706aa1f67493b537006d79937
SHA256 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1
SHA512 e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\notenoughupdates-repo.license.txt

MD5 3a5337edcf43176e258e1a5ed8baafd7
SHA1 fe2b722844bb6331deef47fc5192c1e742ab5caf
SHA256 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc
SHA512 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\openjdk.license.txt

MD5 8425bcbfbe27f7f8ec1e46e9f0ae0c99
SHA1 5898367b940826f516f625dbd78fb8957f3be986
SHA256 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b
SHA512 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\nativefiledialog.license.txt

MD5 292e3e89db90cb0fbffba767983a8f55
SHA1 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec
SHA256 c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3
SHA512 b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\quickplay.license.txt

MD5 c3e1cf1c2620ba0f75411f66deee382a
SHA1 37f7156c3c10e3c09169697bf2e42bb7fdab27ee
SHA256 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64
SHA512 cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\skyblockaddons.license.txt

MD5 b5697125b9a58f980344d778c84eddc0
SHA1 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659
SHA256 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf
SHA512 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\rubik.font.license.txt

MD5 1a74d7f49b7531048b89d6ee3f49e1e1
SHA1 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5
SHA256 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141
SHA512 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\tiny-process-library.txt

MD5 52607bf5b5dbb263092f9672eb5b0b1f
SHA1 ac2b9621c7b1649ccfbd31034ebdff57249802c2
SHA256 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5
SHA512 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\xdelta.license.txt

MD5 b743e02a975dc959abb35bcda12cd4c1
SHA1 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c
SHA256 b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c
SHA512 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\xxhash.license.txt

MD5 184732fe7ad572cca839560f13667eb6
SHA1 76fcece0f58b529b1ecde86e8bf8f8bb1c652519
SHA256 ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a
SHA512 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\slim.license.txt

MD5 b9647dfe37ebff8112b7fb0204192de8
SHA1 ae084d7c34776826e0398e73eb827682852a4b54
SHA256 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499
SHA512 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\skyhelper-networth.license.txt

MD5 27fa1700231bee88a24cd306d673af97
SHA1 ccaf356f932ddceaa1c59756b2d72c5c21c89fb0
SHA256 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5
SHA512 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\replaystudio.license.txt

MD5 faddac7574586fc2805a9b3f3365767a
SHA1 bb87c11cb254b9c7693c2e62c051a10596648ecc
SHA256 eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12
SHA512 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\badlion_js.dll

MD5 ab83489339535b6fcbad1b70ddcade23
SHA1 511d0cd7d8a1c153a774c919d8bb5b943a5fe009
SHA256 2ae0528920d1c27337ecfed3719cb294dbdbcee1b6b1fb30aac1403272610d3a
SHA512 107c734f23c2eaf2214016e881f0d09ce2cd52f5ca24b376d05562cc4366352c3bc04d03fcea2c1fd9b507f3139f898cd33867ebbea11377f9a6ad5c124bd675

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\badlion_electron.dll

MD5 77c88caf62ccf357470d630d9fa4dd7d
SHA1 1e04dfac643ab7284c529d60ab5be68be172d98e
SHA256 9bdd94dc645cb5044536dfbd3a5fc51535a63e32104895bc395b2dfdbc4962e7
SHA512 74506a6a0ed1cb356a4342e5c06244023fa6712d1b4fda178d48c431e2aeb4098c5fd539c431cc859c6560340ffddfc9c2bfe3dca6a27956611ef3189755065e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\tr.pak

MD5 a38eea92c514716b8ab019ab792bf541
SHA1 cae203c3ed63807d4f2d89333540556b5e92e161
SHA256 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd
SHA512 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\roots.pem

MD5 bec29e7471bdfd13632a88a0e1177a4e
SHA1 f06003491572f8c18b6c18f1857562562eb48032
SHA256 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e
SHA512 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\elevate.exe

MD5 59b5872248146319a464c52af7f136a4
SHA1 d6ac14ce2d602fc3bb3970554b1eece84c3f913e
SHA256 50fae753983844e20b11f3a8033ec22fbe1168170c98045ea5c6134c8050828e
SHA512 1ddb200db06453593c9e3fa819c906db6405e3920f8c703f5871a2c65cb7b17f773a90aeffc3cc7d76567739ed985dd77752d6cb9928dc05a2f737f97b1f5502

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\debug-log4j2.xml

MD5 dd7150b869964d8a892cdd584948dc55
SHA1 f8053aba6ad32932509c37f9d06fff2af011ce52
SHA256 c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba
SHA512 a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\app.asar

MD5 ff482968da25d2526453b2ce0230c73f
SHA1 932c1c3e772de162331fb4626827d8f9dcb799db
SHA256 cc42e22451c3f348f04fd055e96721d36ff6d6b35b6b44d1cc4dfb35e5b17dc6
SHA512 e07cc5db3977d7c814f41dea66e21582764318bf99dd1484b0024a5060b4351b68864fc193cc4a8279ff07bc4f91ea80cbc240f7d36ee59b550175db38479e90

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\app-update.yml

MD5 a85c6f31bef49be88b0a8846daf72dd1
SHA1 1563fbe30087d902674e1e6d4ad5d2a94f559fb4
SHA256 959ea658d5b7f99fc2e9c8e990f98081e019f5917316ab6c3e9e3e81e4d73c88
SHA512 87f6436610c0519daa2580bb08d1a4ca5be5c0a803b4b9db4fd797bedacb28a78d52a9891e891b1c5efa7b09da470206506ce207b61be76025f7b99a34bdf2e3

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\launcher.node

MD5 a2cb408235c0d92526e20b6432587d6e
SHA1 aec2b9942857fdb1ff45c699f7e198a7cb72cc2f
SHA256 ebaffc8d4fb76a02ff54f993cfa5d5e90c84e18b597621adbcc51fb165532a77
SHA512 c5a36201488c5356e4efb9bda73985af74edbad158e8faf79e683f4244a8bbe8516a52a5f273bfb3208b5fe16329cb6236c1c8efb64ca882d81258aa23b5f8ff

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\freetype-jni.dll

MD5 f6e10c16e1b5a475bb168bb4b32f8b07
SHA1 363c51396bcff7216f56bb299349d5151f118f20
SHA256 234af7bd598f9104663f824cb65d8ff4a08c33e68173f166bbbb6498de091638
SHA512 8044efc568f19e7e2392f0e8961a82c4a650534aceb9e0b91a64b6e38b24b495d2ff830aabe3efc59e05e0814184d92878d93ad49a65f8debb4f7bdaec0a91fa

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\nb.pak

MD5 bc1983b1c86badb361fe07031a93fa48
SHA1 5bd14d7d7a335dd6457377fc0eaed07a56c369e6
SHA256 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d
SHA512 fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\id.pak

MD5 d0517c1bf9a89e06ed2b510b9408e578
SHA1 71494250010ed09b55f3879488d4566808a8398b
SHA256 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3
SHA512 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\swiftshader\libEGL.dll

MD5 e7c8cd0bc5305a7c3c2a2c1f689744e2
SHA1 de20c6420bd838e13867bb37256e1b25bf365942
SHA256 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9
SHA512 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 d9a5609d8da5bd558facf2617619ad2b
SHA1 9debb66a376549ee795e9c049b3a685245e0a4b8
SHA256 da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216
SHA512 b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Users\Admin\AppData\Local\Temp\nstCC26.tmp\NSISdl.dll

MD5 ba2cc9634ebed71cea697a31144af802
SHA1 8221c522b24f4808f66a476381db3e6455eab5c3
SHA256 9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba
SHA512 dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240221-en

Max time kernel

119s

Max time network

132s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 224

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

156s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1732 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cc9046f8,0x7ff8cc904708,0x7ff8cc904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_1732_SYESCSGRPIOTXRLY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd390322e950a03ff5a44fdda85a3d32
SHA1 f1090dac6993a8a5b7d3bce7c5b4f111c59e8255
SHA256 26aa916ffc6d128758fcbf1d6382d92c2002e62af5f7c288cceb5e790ccb1a45
SHA512 f4fdad0c402e52c7ee25c34165e5afc7b6a5175692a4d0a7de2d2a22d54f35f32b4a848406a40e8611ecfc722a6e99df012bdf44fb2769e114d677a8968b2af7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2d5ffaed1eac33182d5c41689fd211d
SHA1 9625a7c973e7e38df5099223bf03344fe3102b15
SHA256 f6f756c2e6e74450089e81f2073e8f8da17223f656299f2e0a19539100f8fa25
SHA512 df727743d9bf7f98cd0d0efd7a19da0cd6f1ef6d1c6598493d2bb8b3517042c932c5224471f7f6f37b66c69a426fb16b0f4755ade08ac89e6083a4136fa9f105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27a30c1a470aa306b9dd3bcd08a2ddc4
SHA1 76b5b59c10ccdc34dd1c29f0a5570c0cec931062
SHA256 37d91197cb39b7866f3234079af9511b9701eb49a06e785aecd8148c6b43f165
SHA512 b769f45ba0ba64fd4badee1eddc5d717d1a92a92d023b42bcd42366770ae50e231511329bcbb76504b9cdb29ee89835826b990feb3ce6b8f40f33bed9a9d4063

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240221-en

Max time kernel

118s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2948 wrote to memory of 2996 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll,#1

Network

Country Destination Domain Proto
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

146s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 1248 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 1248 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 1248 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1248 -ip 1248

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 560

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

147s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 664 wrote to memory of 1500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 664 wrote to memory of 1500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 664 wrote to memory of 1500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1500 -ip 1500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
NL 23.62.61.97:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 4972 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3908 wrote to memory of 4972 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3908 wrote to memory of 4972 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4972 -ip 4972

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1

Network

Country Destination Domain Proto
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

104s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240215-en

Max time kernel

121s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 224

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win7-20240221-en

Max time kernel

121s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

138s

Max time network

162s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-heap-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-heap-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

97s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4624 wrote to memory of 1312 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4624 wrote to memory of 1312 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4624 wrote to memory of 1312 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1312 -ip 1312

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

144s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240508-en

Max time kernel

118s

Max time network

158s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-10 23:09

Reported

2024-05-10 23:17

Platform

win10v2004-20240426-en

Max time kernel

142s

Max time network

164s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
NL 23.62.61.194:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

N/A