Analysis Overview
SHA256
20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
Threat Level: Known bad
The file Badlion Client Setup 4.0.1.exe was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Drops file in Drivers directory
Checks computer location settings
Executes dropped EXE
Checks installed software on the system
Loads dropped DLL
Enumerates physical storage devices
Unsigned PE
Program crash
Command and Scripting Interpreter: PowerShell
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Modifies registry class
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 23:12
Signatures
Privateloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
91s
Max time network
155s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsv612C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240220-en
Max time kernel
120s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
87s
Max time network
164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-debug-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-handle-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
163s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-libraryloader-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240220-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 4.0.1.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsd37B4.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240508-en
Max time kernel
120s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
92s
Max time network
151s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1596 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1596 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1596 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2308 -ip 2308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240221-en
Max time kernel
133s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d078060130a3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000195acf40390921a41d9fe21b5ec310ae02c707ef94409b9c27498dfc10b9bb1b000000000e8000000002000020000000265f87706dbffb3e1a12a14f4a473424f4b963cae0f3518ceb30c1f27a27bbf42000000013653bc4e7d2745e736d6b875f80d74129ac42f627a2c0b0c568c6155026523f4000000030d701ac9f88329b6e71e965b17fe412316b91279fade2a819c280b90c650e59375cdd7b32ebc72ed308abf9de79dc517369419a76cbbfd48b4b6d4be59f6687 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000f72be37d9da9088882dff3150abf5de72d9325885cbb25e34d40701c35a223f4000000000e8000000002000020000000e970606808aa0001d1e12626452e66d09eddf7a42da8d8ee79a7d2e684da058c90000000743a638bb300165982c4ae52181b6f822ccf06d66ccd227a182828bbca8c025ffed63f7d24f239133f555c3d9e0c46e4eda8482d2178296fd0d122f4d89cbbb650e08120220b7e72c7d328ac5ad795f14e8d636e97928b551097019ef394f2a453d93af2de0b20f8f841f2d8f38a6efff5a6e381053f1cb79b9399a2c086d725b80b807e5a66938c4b05a0196abfc59940000000d75fc4d262eda6a6bb8bbd2c912b8b3c6cee94b847a480f5353274d6e9bd47963c2944687c470960c54cd6d6726675001b5bb6cb54ed6b46816d16f49a76e2c6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421544789" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C922531-0F23-11EF-92F7-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2864 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3998.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3AE8.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 134963ea6995ae68ecca7aa37e4a9b83 |
| SHA1 | 7a88f8d1f958ddfe18a438f06a14b60354dfd167 |
| SHA256 | 84c0be79c1f1c539743df546467278e6486049def72136cee444a464845e29e8 |
| SHA512 | cb4714bd0df0d0b6611149dc02a40c65b392ad31ae802a93c23a94482867d71c1632255005bbaf288b82f9975f9da0199e534b50b0e14eb45d50de0164c62696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659964ea7a0cc84d4335184ad0d6a359 |
| SHA1 | 43ea080d47d8ea01007f29cf834332bfc0c602b5 |
| SHA256 | 4c6d002a4c00c9c861c6ca5ccea308c2da79e2498629a0affe4c20dd51a3b679 |
| SHA512 | 591c65a7fb7d0564d3c4af6ee8ab0a402989d445897e7ad23fb03b207196a4dd762a056f2de9ab9059eb494a8e03183804ccfec31bb9789a947a2d10ac0f1c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09ceee9f40dfaa260b309b854959b6ad |
| SHA1 | 18df14d7056ca4fd87b3bbbc7a45647362cb5842 |
| SHA256 | ee5d507e0801b9567f849a022121d6c1103625b5408e28598d9e58d7aba35b54 |
| SHA512 | 01db87e27b909e83e4b0087634b9fbd45781edaf29f9e8e97db79bbb781b6b8293d8846bd6f107523aabdf08077117e92854d97014c739aa18057bdf095bd6b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baa116d88c7414456a9672fc779338ec |
| SHA1 | c8fe5b1b5c53b932487be82de4ae4eb9e409459a |
| SHA256 | 47843ddb929b7ff494669400a67c177e26e8509b20a1e69e4c8fdd9f0bf8a3dd |
| SHA512 | 1a1cd1d2d367c34d5c3e11831b3f756b6fae5606e3e421ba08a5d3a8bef666f0c9aa07ef87f1a28ca095aa7b25be56e691dd64103784fabe244cb076d638b814 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50cd8dd8b58a9500b0e28c145b4b6c81 |
| SHA1 | 03f2f64fa69331c383c01d446a41ce69708b13c6 |
| SHA256 | 469f060569bebcae713563e1719230e61ab9ed1ce55813c6080853f5c5d48153 |
| SHA512 | 9d08dc90fb4aa77b7711e72eb949cfe0dc69938df2b23d73e2b5713fb873174d187bd7fe30a6f512fb77b60209e25e5ca35116e136d55dca9b2ca69ab9c52013 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47b0ac1e60d77aec39f2e546a59d9aa |
| SHA1 | 2c34309126e65235721e9c3612bb033a5e0df8f5 |
| SHA256 | 7ffbdf8a77394f1172a799b44f9817b85ffd58e97f0cf0ba6de35d5b193977b7 |
| SHA512 | 3deb44ef42798cd702b1fb64a274667cdb9c8f6505cc2230a4ff3bdfe1c9c902c3b178138482a9a7304a684435d4066bb8d08dfac97f43b3454bb8a21dc653b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ada55db2846fe8faca484fa8be2373f |
| SHA1 | 08ab09dec41ce87253654cbd00b81a31e0e61816 |
| SHA256 | 82494778a5c2215314c1172ac1322f22aef29b2d18346fd70bc20f997609b3ad |
| SHA512 | f5f75dcfb42a8d075c0cc397f518ee57fd0980c8f730d05d0994d9d27225fd382c62216cc948bab13798336c95416a96091db5e41cf37ebf52a68d05fcbd2fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23f482cb4da9b5f7ac8fa0a145293bf |
| SHA1 | d23283d95d9966c03053290188f123d76fd0068a |
| SHA256 | 99c0ac9e468cf8ed3be1a3c60bfeb6aa9155d93fe1c2620f1f275d10ce3f85fb |
| SHA512 | 1d1b6006cc09609dd99471140999afa2197fc0828d112558cb2b0d13f60f67b64df4dbf908a2f1df5e2b093beaeee084d9f287e9308ad52b6c46460782bf61aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc453e578e7ffc872604104e9fe31ad |
| SHA1 | 47d68e7fffd0bc00399a76475542df156ffedd25 |
| SHA256 | fff87ce2897591f6d547e1e2fc86b4ceebf751dd0b5f099ff233fee9061ed3e0 |
| SHA512 | 46de63d038a791448d141681948f292ba4c64ae4b687f3c2ff700e09f6297d6e8876bd0fc3a7b6f6bbc69e6f84ada47e0a21b4140fbe6897e3f88d41d2cbf3ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25b20f110f5f1ec17bfa36b13dd84e53 |
| SHA1 | f5b9c9c36fde02e382952549be5e8aa653a69cb8 |
| SHA256 | d697d9f38c3ad8112b115606a83f5edc66ab1cdd1fef99a29d558a75937d9e29 |
| SHA512 | 846bcee8b84dde8da34f490dad2e9b11f795bcf3b648358f56cdfaeebce5f6af2e1d897f4b7b7a3a8f369d4dbad323542256dbfb2b066360e176104e1c2a2a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 829dd1fd12b2b1d1954f1aa00bbc00c9 |
| SHA1 | 549c0451ab6787f1a8760a0d87121e1a93bf5b5e |
| SHA256 | 50b282e80baa466d4c1500558b3295f7299f368612d9050c8e32ae4d9a09e29b |
| SHA512 | 467f912106530d52e374da0b2e60d23eed6d6505eeb18db78f5f8c743d31f2f319ea004e8614cd85c85c02aca7428ed35b65e363d3ee2ff0b7eeb1e1eccce12a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 297ad6cb7e1947a4b065b645641af491 |
| SHA1 | 72ac5218dbdd062d717d5166f43ae7061850910f |
| SHA256 | 8019446eb3f69f2e62d819190b7161921ec83597b33aef7854215a3ca88fbebd |
| SHA512 | 6bdbf52b3d6d57bc864353271afd6d5b8ac2c64a021ae255ee7380a7f738403a4e042d9a92b14f932bf46e267b322e699e5e5a5612b6f655df291cbe9c49afab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51e335e91243cb2eb6133a57180ecc9f |
| SHA1 | 264bd0f760bf6c335152f59dc4b43da8bfd216a7 |
| SHA256 | ee35143830859405a59bee8bc4c4f66b4811d6d76d8acaffef68ef223014afa2 |
| SHA512 | fece1d18494109cc99c0f69618ceac76b902b9610591205daeb3f6a285216ecdbca504807de3cdfa2d70e631bb7ec73e74a5f4508781506c3ff0d1940c2d9b86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 671ded980ccaa423557039e2666a5801 |
| SHA1 | b953b38ab4f15bfe96dddd6370911991d195b6b0 |
| SHA256 | 632b538a2a59364cecd3375ab2705ec572c057ebc6fcce3d45ce041b04516614 |
| SHA512 | 22e4045b1432dd78baf217e3e2c3af7e68cd0fa3dd45bb31f3bad760ea8ee2c9df7421c80374f75323aae72b79bb895747abac32919b253cc6437959ace3d914 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed14955e284cfa2866fd18b4e2633cf1 |
| SHA1 | 738b2560807954fbcfafc5ffe85f93658b094af3 |
| SHA256 | 1e13c3fad802197d02d0cecb83fd70f90fbcd33dddb1b6bd74c8bb6f2542ed6e |
| SHA512 | 42a520210e7bbacd7952b5b639016076d33ffe40d2b16d972ee56c9bb1f0cad7869fff151377c0dd6aa19b98df9d205c45707d54513615f5ea6740eb4efd188f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11c407ee9902b45225bd0e8213cd5ad9 |
| SHA1 | c086fa539e3421527ce5e4b2caf271dd088c4969 |
| SHA256 | 3e24ff133595c25200165fb0db7f9d413608f89d89afed1d9cbc4f2edd6e5b83 |
| SHA512 | 724288f9bfcaf3fd40bc2bac1e9ba5be268100be77e88c5de4f3795851da5ed9293efe01011bf475e75b5d43f964a4c293aae0c88f35f2c8ed179715d4278f54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7a9252bb29add8d292714a2aa730c5 |
| SHA1 | 2dbf9c59b362ab25975a4d8b0e07665023f2cd14 |
| SHA256 | fd0d2a635a5983aab5d852828feecc25a4af24842f91117dec7dd5428fc966d1 |
| SHA512 | c43dafb587d7bf069e75b874aa10a39ae523e4749fe44a0f4a1a6a7d48c6198f163ab53191222dfede2578b33e9251c1f8a0fb0a43ceded4414a8745f5120ba1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08ef5af5b27a21c2a19dd1bf79ea3388 |
| SHA1 | 85860829e1a3d2350d76dfb2b083d99433717afa |
| SHA256 | d58a644f0dcee8a931937694269845deb9f868cbf3d518266271d9e6239895c7 |
| SHA512 | 2b2a8a995f3bba32974420b15411664023e3be4b4aff0b021291575faa25a440930d3c6949f240e6a6bf55df7e3bdf0a646e9e616bbeff5b6c500b1cf6e2adf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e85cf190bc39751e959d9508d8541d4a |
| SHA1 | aae3faec088f7d631cddffde61d10c56c5572964 |
| SHA256 | a76f2e312acb83196459dabdc9bb2f7e59187fab7e7a665e4a941ef5661411ba |
| SHA512 | 6c6e47decb2164598a51767997930553427ce36d59689dfe20aad37cff3650a8b91986981f90cfa644f5756ca1be6dbe44b076e10676f87f80c414c5c242ae49 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
161s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| File opened for modification | C:\Windows\System32\Drivers\etc\hosts | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\URL Protocol | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{6A894FFF-725D-4359-A19C-51949D1673E5} | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open\command | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell\open | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\ = "URL:badlion" | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\badlion\shell | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{D164D0CF-6DE2-4278-AAAB-1B14ECE3CF33} | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\URL Protocol | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Badlion Client\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3112 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2620,18398883497224075237,16505565428715645685,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3876 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4f0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.2.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"
C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe" --updated /S --force-run
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "Badlion Client.exe" /fi "PID ne 748" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --updated
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2804 /prefetch:8
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Programs\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Programs\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2652,7156062910182647088,7613221424329618446,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3944 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchermessenger.badlion.net | udp |
| US | 44.220.119.182:443 | launchermessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | 182.119.220.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.rollbar.com | udp |
| AT | 3.161.119.127:443 | cdn.rollbar.com | tcp |
| AT | 3.161.119.127:443 | cdn.rollbar.com | tcp |
| US | 8.8.8.8:53 | owlmessenger.badlion.net | udp |
| US | 104.16.148.116:443 | owlmessenger.badlion.net | tcp |
| US | 104.16.148.116:443 | owlmessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | client-updates.badlion.net | udp |
| US | 104.16.148.116:443 | client-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 104.16.148.116:443 | client-updates.badlion.net | udp |
| US | 104.16.148.116:443 | client-updates.badlion.net | tcp |
| US | 104.16.148.116:443 | client-updates.badlion.net | udp |
| US | 8.8.8.8:53 | 127.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.148.16.104.in-addr.arpa | udp |
| US | 104.16.148.116:443 | client-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.badlion.net | udp |
| US | 8.8.8.8:53 | api.rollbar.com | udp |
| US | 35.201.81.77:443 | api.rollbar.com | tcp |
| US | 8.8.8.8:53 | 77.81.201.35.in-addr.arpa | udp |
| US | 104.16.148.116:443 | assets.badlion.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchermessenger.badlion.net | udp |
| US | 54.237.86.40:443 | launchermessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | 40.86.237.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.rollbar.com | udp |
| AT | 3.161.119.99:443 | cdn.rollbar.com | tcp |
| AT | 3.161.119.99:443 | cdn.rollbar.com | tcp |
| US | 8.8.8.8:53 | owlmessenger.badlion.net | udp |
| US | 104.16.148.116:443 | owlmessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | api.rollbar.com | udp |
| US | 8.8.8.8:53 | client-updates.badlion.net | udp |
| US | 35.201.81.77:443 | api.rollbar.com | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | udp |
| US | 8.8.8.8:53 | java-updates.badlion.net | udp |
| US | 8.8.8.8:53 | 99.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.147.16.104.in-addr.arpa | udp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.148.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.148.116:443 | java-updates.badlion.net | udp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.148.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | java-updates.badlion.net | tcp |
Files
C:\Windows\system32\drivers\etc\hosts
| MD5 | 008fba141529811128b8cd5f52300f6e |
| SHA1 | 1a350b35d82cb4bd7a924b6840c36a678105f793 |
| SHA256 | ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84 |
| SHA512 | 80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | 62d5d73ee869a0a2654d8fd554aaf742 |
| SHA1 | be1d557c26633ffd5edcb5caf37b2a09f47c6667 |
| SHA256 | 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59 |
| SHA512 | 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 4464c50f9eec4921d7f89c9c22e41636 |
| SHA1 | 09f2a69aaac4b8f22b72924869f3aaf64edb1363 |
| SHA256 | 04e0e1682220884f9e87d865d0586b337621d562a0e849222e7245f0f35543ea |
| SHA512 | d8d9a7c0fd2a99b9d7f311ac7c1fcbcbde3a009e1a18be14f41ab382d0f3e86286ad1ac1c2cc82eddb84fad11a5013b2c99e0f4a6d8216c8037dfa19a3c5171c |
memory/2432-419-0x00007FFA47B50000-0x00007FFA47B51000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 141dbc6b06bf9483e748b6f45cc4e420 |
| SHA1 | 1ba15d012eba93b080771ec01d0c460ddc390b95 |
| SHA256 | e885ab187fbebe23e014b83cbb9a8089655fcd4e0c55916abcb97533959fedb7 |
| SHA512 | 1517c206b74570f222ec48f6619726c2749caf6f6ed53eeb60b19a708fefbd6f41bb5abfc2f5768e813d98d355f4cc91574d9297008e4c3765372950dece52ba |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 1006f5b05145fd4315c4bc18fb0ea824 |
| SHA1 | 048051f69e571d5d36f54c0360764d23ae7c016f |
| SHA256 | 5f705770fc9e278ad162eb9bfffd8d424db713bab70207273127f6831d3468db |
| SHA512 | 561b6f563d3fda8688519e221eef2bfd381466361457e9f61c0b592214a39607c05f28e9d6e8d44fb1c851c347b51a59453838027f2b79da44704d06be62b05d |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-5382925201c001f0
| MD5 | ffb98039924220fb33837a443cdc5f51 |
| SHA1 | 4731fbc7a581df4e0abc248aebc158fb377213a1 |
| SHA256 | 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba |
| SHA512 | e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | d2da35e826a1e6af049f99048b4fb6ec |
| SHA1 | ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e |
| SHA256 | 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227 |
| SHA512 | d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\Badlion Client\Preferences~RFe57a0f3.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
memory/2432-702-0x000002C85A750000-0x000002C85AE8F000-memory.dmp
C:\Users\Admin\AppData\Roaming\935ef187-8142-4d71-9b45-1e5a701ad0b2.tmp
| MD5 | 6cf456d50a21c147b95933ab5620bd1a |
| SHA1 | 5e2bcf1335adede8e9c38c4dbda83fd8dd7e747f |
| SHA256 | e1d8a7c7eadec10c72f204ad803cf975ac357a159fafe36959a0643fced8c347 |
| SHA512 | 3e0999caa7205b60b7e0f220e9e8ca74d3407d755f670e500d66f90ae93b95e678c73e83c4c94471daa03b1294ac8c52e38f09366bf617846e2f1564b588c639 |
memory/3988-774-0x000001D0FF1B0000-0x000001D0FF1D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_egu0xter.qxh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3988-784-0x000001D0FF780000-0x000001D0FF942000-memory.dmp
memory/3988-786-0x000001D09ACF0000-0x000001D09B218000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId
| MD5 | 92432f82c446bb69c6daf1ea30ba074b |
| SHA1 | 7243cd77d36c58c6cf049289ef81c540057dafb3 |
| SHA256 | b37216289fd8a826d274d0baf364cef0cf694f7231bb261fa846df9702526e64 |
| SHA512 | 3e3b0550141343d4e3d853a3c6d611524fb1f670d9ed90651bf4abf97d1334b94112dd17fd0c0b7e0f984f6ead61b78384fbf53599385e02f213c50b78a160c6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat
| MD5 | f6290118c4ede2f15bcb188c720a613b |
| SHA1 | 5e06b55d85c6a3af9b6383db755512b4ac6b2004 |
| SHA256 | 9ce6500ac068c39adf1578618f5b1a611d36093bc1e1fe5cdcea79fc9b3045c3 |
| SHA512 | 07ecdcbbef71c15528abbbac3ec62096ef4bc278123e404eaa8cf546dc291dcae0c04dca6e430545fccee74c51c54ae8ad5b3af81a2ecbb807d191b6c243fb76 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\LOG
| MD5 | 08784b5d299151890eceef833380f1a3 |
| SHA1 | 2083abdcc5940159013ced6a30903d888b77e1a7 |
| SHA256 | 0b9d9e59c7902d9594f32571335624d059c755209048f20bbb725d3660240d56 |
| SHA512 | e9efcb53a521bacfaba13cd93faea2e89810d6077968239681203cb6828f8ad7a9b95363bd94f147852c89c746b06de68ffae78028e808c73430362546575ce0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\000003.log
| MD5 | 34f358dffd9e6694b126af180aa7d4ac |
| SHA1 | 8f0996d033a2041b376aedbb80fd044af336e904 |
| SHA256 | c62bdde1dc79bef5843a52abe1be9cfb2d40b4f4e6049534bc88fd5c9bfa2b1d |
| SHA512 | afdf275a197fc319880fce44e15bedbb6cb91d8d0fc4bd683c15734654fe26382af39816852cdfcaa435512126c3af3985bd49b0bdbee3b55efc8ef3b69d336c |
C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log
| MD5 | 9b36f847a1658e4beedc9ede9cd7f126 |
| SHA1 | adb3a36e1605166bf2a7d81c329c9fe01cafd2bc |
| SHA256 | 2d8831c356cf710682d1706ddc29cd68ffe5108d113e1ca3b87311cdb7f02d38 |
| SHA512 | 3092ace71c296c143dc9506c876740da8b9fc63c63083426f92fd36a68b23f15f7d3e06bb74d2772b7aba9e1d830c972cab8600f25679b29ab037a1446e59747 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 3eb2133aa8e044974cd4b25453c0d26b |
| SHA1 | ce1d3a0ba0b89d7de29d971535b17d22997f5254 |
| SHA256 | 09545599c4309060de9829ce27919e7fe82e1e3e1a84c8b64f74a7020c687891 |
| SHA512 | d2e54bd4c6f2e0b56f576648d13aae95fa8df599971e7a550009403498ec17746887e97818e9b3f4dd3c55c4036ca8af8b5c10446b50b46af76d5923a2266ac6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\launcher\launcher-2024-05-10-23h-15m-20s.log
| MD5 | 8d97efeab0df21de475c785b3b894edb |
| SHA1 | 04ed78fb6033aed0acfceafa07e38ec7bb11192b |
| SHA256 | 40d788b139cca5d657a1de0edf89b2d2ff73045a33d8e4d3d1b9aac02f7cdf80 |
| SHA512 | d25e0024aef81590767711c5eb0a37bdb3b7f6756fcc19975b835a224e8bba69795e50029ac59d7889f707245229672d2dffc5c0454771a3d60a147907e2c2d6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\LOG
| MD5 | 1521b73318801cac5be2edf00c4e03a6 |
| SHA1 | bfa31f857af62a9b1aed797f189f313382a57f94 |
| SHA256 | b0c701752ea8959ba102ea6556f7978e0ffc5c460dab2cf6298df72dbaffc8e4 |
| SHA512 | e10c5ca05af14b0ec21784159341737c39f4a536f9a75adf55620672dee6c118b746e58e91bbf9036ee66a81d207978d5a5a2c1e07073b1cbc132a257a6522e8 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local State
| MD5 | 37fed0b418a42cbad784545cf5392e5b |
| SHA1 | 3312d4d3a78feb6c377f6cf5b64b758c55bb8e33 |
| SHA256 | 7a15adc4d2671a0ddad90ebee00a698e0839c69de6ef77b97ac8acfcf551947b |
| SHA512 | f33c3cf14678ab588c7ced588e0ea7f55be8f013701c66f9c7250db37027523811a57e1fcb0cef0a8bcf262adcc87c3289e74fea714cd31432096ce3ad489e7c |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\index
| MD5 | c668f67b73e14bf02d47ffd0f49ce06b |
| SHA1 | 6e215cfe6d5e3f52c2702d381a00a9b21f09599a |
| SHA256 | a6ce11f3e5fed983c62a6b9b7c7c35aeccfaa3168ea3609396ad5a0d30b5079d |
| SHA512 | 11bb0beb2ae307e76ac413a0b23abd7369755b829e56a0561b73efbb80c0cae9ebe97b97824ca91dfb3408fd2c6a589a519fccab855e7e4d705ea5b75082a718 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1
| MD5 | 3466a6eb0f8af5493a6c9d5632c861ae |
| SHA1 | b47d951882c95f9d8f72a322609de9483c1e7005 |
| SHA256 | 9bf665f73526d1228ae45a5b2f1285c2d5d8f3b2d78bfc4bf937941f59e17b2d |
| SHA512 | bc0b10a30dc269fb6fd880af7faba6878fd3f795d712ad11fcdaf2d03e4e5073cf9d4cd5322949d382c0a52594c27c871ecd92961470f5288fe094930f441b45 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies
| MD5 | b774c91af175d1620bcf240c8a6d09a7 |
| SHA1 | 9427c20a3e0c8dd68417d62f3f1bb5e53c8d0307 |
| SHA256 | 40a7306697abbf6da23517fc23b4860985a054bad11ea5c31afc0a5658cefe28 |
| SHA512 | 36b89582a4cd3c17d955f9530a8138341526a7e996d2b8251bf7c015236d808b3d11a26ec155c766a72e9bd206176c1b428fd2a3fea8539d9b4d6b0e2fa34e37 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index
| MD5 | 100abe3eaa14dfec7cb9e36b8d20751c |
| SHA1 | 2895357330ca87d8789cbebc9b05dcc990e9e9eb |
| SHA256 | fb27965ed817a2f6427fbc77ab376991db565072d643d81539bddcc3d58f8294 |
| SHA512 | 84cdb3cecfff1c6afd248975364cc4a502d45610151f4a29b255afd4e5af833f2cfd1a200e99cbb2831a288fa19216cdbdf8695766c934ac79ad429546921e23 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index-dir\the-real-index
| MD5 | 7ce2f8c08ee47c6ee14e9d5b64b3ee5f |
| SHA1 | 72c4228e9e3b08d5c8ed0826d877c90c35ed0d62 |
| SHA256 | ee39eae615510223255579cfdbe8d720f40cb65baae85f84c705defa9f2c7238 |
| SHA512 | 0eb651587ee8daed1843772ebc5a4ce2c82532b3dd67232ac6d5f0e5963f0a91687b310c427283cd93a8dca2f1fe07c038f2b1a1f6a6a7ea1e3b7b1ccbd33160 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\lz4-java.license.txt
| MD5 | 0ba5044c64ef53cb0189c9546081e228 |
| SHA1 | c8bc7df08db9dd3b39c2c2259a163a36cf2f6808 |
| SHA256 | 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e |
| SHA512 | a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\notoseriftc.font.license.txt
| MD5 | bec6f772ed2e38634da53c388c30437d |
| SHA1 | 43513d1f6a1329962106efc212457e1d6ef9e980 |
| SHA256 | 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb |
| SHA512 | de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6 |
C:\Users\Admin\AppData\Local\Programs\Badlion Client\api-ms-win-core-console-l1-1-0.dll
| MD5 | 3463d82d90601b441cf024c92abe4acc |
| SHA1 | eac8fdafccbc1beb17386552922770bfe12ec1eb |
| SHA256 | 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e |
| SHA512 | ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | ac3c4cafa028297da5037781f1156220 |
| SHA1 | 937c2b11c7fe4effc16e67af716563aee2419a0f |
| SHA256 | 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40 |
| SHA512 | a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 2a3c5cbe313f4105dce8a79f533e5959 |
| SHA1 | 26e6768280c83217ccbe36f3a405381defec12b9 |
| SHA256 | 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e |
| SHA512 | e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 8c0531639f58f79b5b67b52edebb01bd |
| SHA1 | 866f3ca8819440e0ba67eb935e688509f86ce1e3 |
| SHA256 | a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956 |
| SHA512 | d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll
| MD5 | 4215700161720c767e725b1f7fc358ab |
| SHA1 | 6e31fa39775c1c6c60fe8869761c31148b0a8019 |
| SHA256 | 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a |
| SHA512 | 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 3b620d81c727a8aba6dc6895af695d35 |
| SHA1 | 21641bc6c802d0ada3121d14c2a8de4e708c74bc |
| SHA256 | 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0 |
| SHA512 | 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll
| MD5 | 72d542226f067dae07562fd093b0f5f0 |
| SHA1 | c0f7f85753bb351c51dd8e36ca2366a3b24c73ba |
| SHA256 | e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6 |
| SHA512 | 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll
| MD5 | 285e3257c5a12d3384cd3f5a3ae941b2 |
| SHA1 | c05f6a72b73bc7ec8409ed42ccd947f501da0166 |
| SHA256 | 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb |
| SHA512 | f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll
| MD5 | d54e0da17090c6911db3fd0770faf91e |
| SHA1 | 5538096f53b4160ef2e91987d57d2da0ddb9b6ba |
| SHA256 | 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618 |
| SHA512 | 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 2ca477f1799fc97d6bd05437bdfd0017 |
| SHA1 | 31feb0b42e9237cddc5e47c3f4a076de86ca600e |
| SHA256 | e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227 |
| SHA512 | c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | d6db1a6b5087a82e766fe7e9f818c135 |
| SHA1 | d786b2d8ab10edf0e893fcfbf52b03bceb15f53a |
| SHA256 | f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d |
| SHA512 | 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 55902b92bbbca7a2d11a946297f583e6 |
| SHA1 | b6158f009d98a98ed2e56d377f9c4b6323b852fc |
| SHA256 | 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98 |
| SHA512 | 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 8fc176a3a6550f90e73d6da8445e8780 |
| SHA1 | 5d249243678a789ce56037d0d1b36420d97dce06 |
| SHA256 | 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467 |
| SHA512 | 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 27a8f9e71a2f2d134c55de62fad6cf0e |
| SHA1 | b60944dbf9a50a166b71fbc58305c3d559c4157f |
| SHA256 | a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d |
| SHA512 | 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | ef80685a812d9c252de35fc9b38bad11 |
| SHA1 | c641bf0f41d0617b25aa20d63b033236ad3133ac |
| SHA256 | e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0 |
| SHA512 | 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | ed69bc0f310c5ce427e25973a0a52c31 |
| SHA1 | 0bd1683418c952490f6a791a044b5840f5dc90b5 |
| SHA256 | 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01 |
| SHA512 | 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | d2eeb9f6789213bfda7fe6bcb2a1540a |
| SHA1 | c330267c8abd56c04204deee9aabd566268daf97 |
| SHA256 | 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971 |
| SHA512 | 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll
| MD5 | 7f8e52ff5a64d2d471413e288a591866 |
| SHA1 | cefad6219c916307e0bf7ef1382512c2cd4c2d5f |
| SHA256 | 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb |
| SHA512 | 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 210b0178e7aca6b9444e2d10ac6ee054 |
| SHA1 | 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3 |
| SHA256 | 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906 |
| SHA512 | 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 46361d1f7b60b86f128f4e23c95cc3e6 |
| SHA1 | 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994 |
| SHA256 | 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310 |
| SHA512 | 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 599025b219fb4f70b3f93eb0d4d12bb1 |
| SHA1 | c1ceab162231476cfa9aa35a54400f3d959369bb |
| SHA256 | 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8 |
| SHA512 | 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 8f469c5b261e003ed991f570aea8f29f |
| SHA1 | 848046907a02d605d53a31748d8dcca18d11259b |
| SHA256 | ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6 |
| SHA512 | f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | f2d0493794b45c6a2629fc9c5c80f832 |
| SHA1 | 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8 |
| SHA256 | 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507 |
| SHA512 | 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | f58fd490561921c154c31c05bbb63a3e |
| SHA1 | d5f009e7cbb070b35ed81acd68710716bf971b7a |
| SHA256 | bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff |
| SHA512 | 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll
| MD5 | e0b524ff31e7c651eee7d83b1c7cc2d5 |
| SHA1 | d29f001b843e452cae91a2d01ef338373fb24763 |
| SHA256 | b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6 |
| SHA512 | 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | d2de2615f123ce2bed3332d505a99385 |
| SHA1 | 9f2ea75348020d271222fff7984c8ef21aee460e |
| SHA256 | da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9 |
| SHA512 | a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 89abe10555d85e9bd183fae2c37d7aaa |
| SHA1 | 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a |
| SHA256 | d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2 |
| SHA512 | 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 66a41a8156a7f9cae4a7977cb8084fa7 |
| SHA1 | 4c72b0d8c90daf993fa0371269af04703a81fe4d |
| SHA256 | a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b |
| SHA512 | 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 7dbc1ca1f1103cd971a67709d5203dbd |
| SHA1 | 717e689b96a5d029558e7cb663d5c7cda840b780 |
| SHA256 | 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1 |
| SHA512 | ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | dedf6460cb6fc8229b3e889d1b32f75e |
| SHA1 | f47e35654cb90ed4505ba49a92b2fdc661c0fe8a |
| SHA256 | bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb |
| SHA512 | b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 21f5271a151394a654b2f1c44fc44049 |
| SHA1 | 1d2f98700ee87fc747b230b908fea133b730bf0a |
| SHA256 | a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822 |
| SHA512 | cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 514a74d1050e7bdcbb1f422fb571c351 |
| SHA1 | 5a82976e2456fe3f215316a85301460c6af389d7 |
| SHA256 | 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a |
| SHA512 | f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 3e4803f97b89adbaa575b45aac0dd4b8 |
| SHA1 | d810ed1486f86494828a8cd96f774881a629b652 |
| SHA256 | 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da |
| SHA512 | b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 3d2b4445b9fafaa0e13ae0e126be2669 |
| SHA1 | 3b24c99469ef9a35bf720e711a0b022f2403be22 |
| SHA256 | 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398 |
| SHA512 | 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 90d42fdf308dfd771797dd41585d3baf |
| SHA1 | daea1f05092de97ea558de14b4e112ad48b77726 |
| SHA256 | 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe |
| SHA512 | e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6856722db8c9e3dbb7fc62938ad2cf1e |
| SHA1 | 6d1aa306d7793916adb30e9aac451b2e43516abe |
| SHA256 | 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086 |
| SHA512 | 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | dec83f473e43ee78e92a4b682a9a7904 |
| SHA1 | ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3 |
| SHA256 | a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b |
| SHA512 | 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 88b5f9bc871438973ef12782e0c8d12f |
| SHA1 | d327208b4f26c1c6f0e9df50ecb22a89b426465d |
| SHA256 | 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b |
| SHA512 | d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll
| MD5 | f862bd9516845b31973ba98e9f1288b3 |
| SHA1 | ada580fc93b4f5a86db92e1d612293ccc21c72f9 |
| SHA256 | 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1 |
| SHA512 | bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9975d1ae7b84b373d9095d757172ec08 |
| SHA1 | 302edb92e0a6ee621379528fbef9dfcc249b9285 |
| SHA256 | 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584 |
| SHA512 | fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0fd0a948532d8c353c7227ae69ed7800 |
| SHA1 | c6679bfb70a212b6bc570cbdf3685946f8f9464c |
| SHA256 | 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf |
| SHA512 | 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\chrome_200_percent.pak
| MD5 | 1014a2ee8ee705c5a1a56cda9a8e72ee |
| SHA1 | 5492561fb293955f30e95a5f3413a14bca512c30 |
| SHA256 | ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57 |
| SHA512 | ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\concrt140.dll
| MD5 | 14b7a99127ca18df05dd1f5be3ac0245 |
| SHA1 | 991891bb1ea603a002941696697f48cfe52cf94b |
| SHA256 | 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995 |
| SHA512 | 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\discord-rpc.dll
| MD5 | 5882c37b79bae47a0d090006564edb22 |
| SHA1 | ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48 |
| SHA256 | 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b |
| SHA512 | d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ffmpeg.dll
| MD5 | 2fc7f6b0abd1af4988e30e58e8310291 |
| SHA1 | 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6 |
| SHA256 | b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b |
| SHA512 | cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libEGL.dll
| MD5 | 1ed91477a02e0e2a64e5e9f26bcea438 |
| SHA1 | 8058c2bd3342d8d882768188b1e5c45567a8dde9 |
| SHA256 | a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03 |
| SHA512 | c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libeay32.dll
| MD5 | 4b8269a6ec04ec8ac23904eaaee075bd |
| SHA1 | 7e58e27dfd38de0d77eb729824f10c6aa5a0b8c6 |
| SHA256 | 3c3d0df094235029e561a7813aa5835b25a8bb7b38dd77ef8acbd335f6db0485 |
| SHA512 | 82a303b1e5adb8ffaa86c99fd63c533841bc9e3237ea3478584411dd92d60ea573ef063758747ff0497d58dfb085e014be1b234b5902face23a29e842b095d1b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libGLESv2.dll
| MD5 | 640a515fcd8e5d5a332c1d40c47700b0 |
| SHA1 | 0128c9d499deb7866f3d7aae0adab69d9a8f768f |
| SHA256 | 927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1 |
| SHA512 | 792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\LICENSES.chromium.html
| MD5 | 27206d29e7a2d80ee16f7f02ee89fb0f |
| SHA1 | 3cf857751158907166f87ed03f74b40621e883ef |
| SHA256 | 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab |
| SHA512 | 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\psapi.dll
| MD5 | 80050af28eb0070a582b33470d20fc91 |
| SHA1 | bacf5fdb74ef5fbaf91d0475736d566ee3babc18 |
| SHA256 | 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2 |
| SHA512 | 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d |
C:\Users\Admin\AppData\Local\Programs\Badlion Client\msvcp140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources.pak
| MD5 | f616d69f6e582582930d06c5c18f0f70 |
| SHA1 | fde8e2653f2a5317492105bcabeb3565faaf74de |
| SHA256 | bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855 |
| SHA512 | 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\snapshot_blob.bin
| MD5 | dbe18c25f68d40444ea576a68e78a12e |
| SHA1 | 44453e3fa8400cbe6bb674adaaad4ea09dab0e14 |
| SHA256 | c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c |
| SHA512 | 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ssleay32.dll
| MD5 | c87e22c79b0653a27e0f9e6b1a9ac8bc |
| SHA1 | bd37e85bf38192614d2b8fb5048d7e9f38eb34ac |
| SHA256 | 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132 |
| SHA512 | 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\ucrtbase.dll
| MD5 | cca4929ef8dd988d7221ef6ba398f1b5 |
| SHA1 | 1d21e60e56a15038702dc18148be8cecee279890 |
| SHA256 | 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3 |
| SHA512 | d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 89f5b9dc2c1eccfce7c3681b8066125f |
| SHA1 | 273175d93ae554da7f63a6475426a6515d0c8cd1 |
| SHA256 | 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91 |
| SHA512 | 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vccorlib140.dll
| MD5 | 3d8e0ebbb613cbe80320a61259d18514 |
| SHA1 | a69747866b33159ee14eecc9ac19a0ad1f1db4e5 |
| SHA256 | 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6 |
| SHA512 | 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vcruntime140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vk_swiftshader.dll
| MD5 | 76d3589242fca16d76aff52910e72d7e |
| SHA1 | a88a7495f71b718e127bdfe09e7a279bf05bfceb |
| SHA256 | f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a |
| SHA512 | 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\VMProtectSDK64.dll
| MD5 | 6540242ff58d08c8849268cf305445b8 |
| SHA1 | ba0d0c8875ed96f137dcb28aeff873373b994eee |
| SHA256 | 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2 |
| SHA512 | 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vulkan-1.dll
| MD5 | 9663210f63cbf7a8d6b36a95d93dd119 |
| SHA1 | 0fc5c50984b2c9677b8ebce4d4518c1322ce4145 |
| SHA256 | de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88 |
| SHA512 | a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\zlib.dll
| MD5 | d48c270acab962aac5d222abee92c39f |
| SHA1 | b23f9b747d859856fcad94652ebd07284fbd33c4 |
| SHA256 | 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c |
| SHA512 | 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\VMProtectSDK32.dll
| MD5 | 17011601817dd00866b681d4a0bd90f2 |
| SHA1 | d6ad7087f54182b47a9a6776fab90cb03e95f80c |
| SHA256 | 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927 |
| SHA512 | 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\link_drop.cur
| MD5 | 66e13793e687bdb92c09e0ae7964e194 |
| SHA1 | 71019343b1747c19503e935aff3c7aba1fb70541 |
| SHA256 | 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67 |
| SHA512 | 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\invalid.cur
| MD5 | 2f8b93325987b4eed575ffe251c67751 |
| SHA1 | ad1c4ee2358fc0f84d2ac2d17890822ff51ae725 |
| SHA256 | 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf |
| SHA512 | 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grabbing.png
| MD5 | ddbc22bda750215abfc73d75e1105b17 |
| SHA1 | f8dc1196227d95b7630dc85a3543c6db853f65cf |
| SHA256 | 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee |
| SHA512 | 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grabbing.cur
| MD5 | 8605cf2c21985f59d2480da72aebe3aa |
| SHA1 | 1b8137afa3dd66c23af9e40e75339d2f0174aff2 |
| SHA256 | 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a |
| SHA512 | fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grab.png
| MD5 | 7be75a54023adbe7d6b48260e4e8d032 |
| SHA1 | 81f20b4e0ca495e393748e0054d9ba12b6179196 |
| SHA256 | 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e |
| SHA512 | 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\hand_grab.cur
| MD5 | 3f37213b8c0a7374308b2ae99d4eefa2 |
| SHA1 | b72b9901b3fe6fc8693d67cc5e419e494afddbb8 |
| SHA256 | 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0 |
| SHA512 | ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\copy_drop.cur
| MD5 | f92d1851a489b0af7ab807a2f07ebe16 |
| SHA1 | d97c9d7ab76993448f6240322140dd23c756b6c6 |
| SHA256 | 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab |
| SHA512 | b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\col_resize.png
| MD5 | 0723c45d9f82b0e31a1fee26b9b4f53e |
| SHA1 | 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb |
| SHA256 | 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab |
| SHA512 | 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\col_resize.cur
| MD5 | 23633a8dfa3548705f28c83ee9584d6d |
| SHA1 | be5dd224d071d965bc0411206cadf9b33ddb384f |
| SHA256 | d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0 |
| SHA512 | 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\move_drop.cur
| MD5 | 63942f237ac6b11d62adf014d2cbdfbb |
| SHA1 | f8b582c7d8edf28c2637d5f0f27f2586cc92bce8 |
| SHA256 | 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e |
| SHA512 | e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\row_resize.cur
| MD5 | 70618f41c70238453a7d876bac5ab501 |
| SHA1 | bbf033428d8cf562ac3347440848b1b3ed1b65a2 |
| SHA256 | 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04 |
| SHA512 | 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\row_resize.png
| MD5 | cd9d05d1ce7c942af1ab5e6eafd0a13c |
| SHA1 | d3dc6b0df04e3c6bcf6166984e3738a7651284ff |
| SHA256 | 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f |
| SHA512 | 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_out.png
| MD5 | e1a004a51cb04c38f49184333a23379f |
| SHA1 | 5b54adccfebbfe4bb96502db5370c1ab830c829d |
| SHA256 | e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814 |
| SHA512 | 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\caffeine-2.8.8.jar
| MD5 | ddac1f8f76743255084022ac6f06b7cf |
| SHA1 | 298bb2108157513a39a1a52a686a1fe8b57cc973 |
| SHA256 | 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73 |
| SHA512 | 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_out.cur
| MD5 | 48b46c3e0650d525e715cf9cfa6c67e5 |
| SHA1 | 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a |
| SHA256 | f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536 |
| SHA512 | e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\autofriend.license.txt
| MD5 | 318bceaa1151b1b6bffabad8dae01498 |
| SHA1 | c776fc09a2e25058149deb3bfa163c0053860a90 |
| SHA256 | ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88 |
| SHA512 | 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\autotip.license.txt
| MD5 | 5b0b97f483331418e30c469af896d87b |
| SHA1 | 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae |
| SHA256 | 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442 |
| SHA512 | 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\aperature.license.txt
| MD5 | 1837a1eb671079c67ed2724719588c48 |
| SHA1 | ed2c02b395fdeb3b56d0d4258c677a1329e78e54 |
| SHA256 | ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6 |
| SHA512 | 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\optifineinstallwrapper.jar
| MD5 | 8967319339fd7ff2a67b3a9eab3e4b93 |
| SHA1 | 03e69508f50bffba71390c367fbc5e8c00d07335 |
| SHA256 | f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0 |
| SHA512 | e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\disruptor-3.4.2.jar
| MD5 | 6895a3c4f54cf92eef6530e9e2cd3c46 |
| SHA1 | e2543a63086b4189fbe418d05d56633bc1a815f7 |
| SHA256 | f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0 |
| SHA512 | da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\lz4-java-1.7.1.jar
| MD5 | d56d86823662a663a4d614dd5e117eff |
| SHA1 | c4d931ef8ad2c9c35d65b231a33e61428472d0da |
| SHA256 | f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac |
| SHA512 | ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\libs\joml-jdk8-1.9.25.jar
| MD5 | 9b868b921d0490b417bd594984b680b1 |
| SHA1 | 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da |
| SHA256 | fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28 |
| SHA512 | c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_in.png
| MD5 | 6a5fbd95c627afe076f43f9254dfe3ed |
| SHA1 | f71cab57e9e80ba792f73f363056f6dede7c8bcd |
| SHA256 | e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522 |
| SHA512 | cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\cursors\zoom_in.cur
| MD5 | 77492cf358d8b12629399322926c93f2 |
| SHA1 | 8291ac3dad4e4f33183ccdfad7b92b1594c760f9 |
| SHA256 | eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872 |
| SHA512 | 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\badlion.licenses.txt
| MD5 | a2ed77a24bd53e33a3fd458d99e9be0f |
| SHA1 | 07af4fb75f3122867c9e3255ad6d1e11fca88808 |
| SHA256 | 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05 |
| SHA512 | 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\chromium.license.txt
| MD5 | 8694b4a605dcd105b40d081ad09f0f46 |
| SHA1 | 6666d31977554cf9d1558cbc63c339e8b07e3c94 |
| SHA256 | 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a |
| SHA512 | 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\ffmpeg.license.txt
| MD5 | e62637ea8a114355b985fd86c9ffbd6e |
| SHA1 | 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3 |
| SHA256 | 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809 |
| SHA512 | 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\ffmpeg.readme.txt
| MD5 | 46efd225e4f70c87659ee3728c4cc352 |
| SHA1 | 3772c422a0f862d32a0cdd082479e432051f17e6 |
| SHA256 | 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544 |
| SHA512 | 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\disruptor.txt
| MD5 | ae32a12a5be0d4878506f2c7927826c7 |
| SHA1 | ef0f419dca631ac1219e19af5b4a5a0875f68da5 |
| SHA256 | eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f |
| SHA512 | a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\discord.license.txt
| MD5 | f8cba3d1a6a62d09224f131fd3054008 |
| SHA1 | 661a941700833f7229cb17d206f1d25e23301a2d |
| SHA256 | cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f |
| SHA512 | 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\cairo.font.license.txt
| MD5 | 5a540f4d98fc81713b81aeadc530c6ed |
| SHA1 | 273c8a98fc1b2709cfce81d7f6960b63326e5485 |
| SHA256 | 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727 |
| SHA512 | 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\freetype-jni.license.txt
| MD5 | 5db6495b17d58ad312a32e5791c61097 |
| SHA1 | 428650191730f35163e8ec78a25126869b2ab1e2 |
| SHA256 | d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa |
| SHA512 | 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\freetype.license.txt
| MD5 | 02891d3fb5adadff2546b4279649112b |
| SHA1 | 1b299099e16ad96ebf53e67391685d9d0a51b368 |
| SHA256 | 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b |
| SHA512 | 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\flag-icon-css-license.txt
| MD5 | d0bc1323b617fbb4d3232b745ff45dfd |
| SHA1 | 5c11645d0455590741dacb68d3eb1d253a5ec106 |
| SHA256 | 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225 |
| SHA512 | dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\licenses.dependencies.txt
| MD5 | 2053245129c2910e9a1a854dcf69ece1 |
| SHA1 | 294462e57e57fc416d28ef2ced053f97465e3fc1 |
| SHA256 | 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943 |
| SHA512 | 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\licenses.txt
| MD5 | 4a9c8bbed40470a9ffb7db1d63bbcb9c |
| SHA1 | 88a83ce9d6734d54139ee7cbfab63253cb73b415 |
| SHA256 | c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f |
| SHA512 | 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\lunatriuscore.license.txt
| MD5 | ee99c1f26cd4e6a2bda84ac34b9ff861 |
| SHA1 | 0327523304d63b6addb96ba18abb6c47a3fd684c |
| SHA256 | 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22 |
| SHA512 | 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\mclib.license.txt
| MD5 | 12873b817d4334eac6197edbc5956864 |
| SHA1 | 20a910d495a276c23bc9b43faa7994338f51ce69 |
| SHA256 | 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72 |
| SHA512 | 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\nativefiledialog.license.txt
| MD5 | 292e3e89db90cb0fbffba767983a8f55 |
| SHA1 | 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec |
| SHA256 | c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3 |
| SHA512 | b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\notenoughupdates-repo.license.txt
| MD5 | 3a5337edcf43176e258e1a5ed8baafd7 |
| SHA1 | fe2b722844bb6331deef47fc5192c1e742ab5caf |
| SHA256 | 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc |
| SHA512 | 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\nan.license.txt
| MD5 | 895f9d80d77e26153e48525caeb23827 |
| SHA1 | 3d7128bb4973afb706aa1f67493b537006d79937 |
| SHA256 | 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1 |
| SHA512 | e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\openjdk.license.txt
| MD5 | 8425bcbfbe27f7f8ec1e46e9f0ae0c99 |
| SHA1 | 5898367b940826f516f625dbd78fb8957f3be986 |
| SHA256 | 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b |
| SHA512 | 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\quickplay.license.txt
| MD5 | c3e1cf1c2620ba0f75411f66deee382a |
| SHA1 | 37f7156c3c10e3c09169697bf2e42bb7fdab27ee |
| SHA256 | 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64 |
| SHA512 | cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\rubik.font.license.txt
| MD5 | 1a74d7f49b7531048b89d6ee3f49e1e1 |
| SHA1 | 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5 |
| SHA256 | 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141 |
| SHA512 | 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\replaystudio.license.txt
| MD5 | faddac7574586fc2805a9b3f3365767a |
| SHA1 | bb87c11cb254b9c7693c2e62c051a10596648ecc |
| SHA256 | eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12 |
| SHA512 | 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\skyblockaddons.license.txt
| MD5 | b5697125b9a58f980344d778c84eddc0 |
| SHA1 | 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659 |
| SHA256 | 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf |
| SHA512 | 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\skyhelper-networth.license.txt
| MD5 | 27fa1700231bee88a24cd306d673af97 |
| SHA1 | ccaf356f932ddceaa1c59756b2d72c5c21c89fb0 |
| SHA256 | 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5 |
| SHA512 | 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\slim.license.txt
| MD5 | b9647dfe37ebff8112b7fb0204192de8 |
| SHA1 | ae084d7c34776826e0398e73eb827682852a4b54 |
| SHA256 | 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499 |
| SHA512 | 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\xdelta.license.txt
| MD5 | b743e02a975dc959abb35bcda12cd4c1 |
| SHA1 | 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c |
| SHA256 | b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c |
| SHA512 | 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\tiny-process-library.txt
| MD5 | 52607bf5b5dbb263092f9672eb5b0b1f |
| SHA1 | ac2b9621c7b1649ccfbd31034ebdff57249802c2 |
| SHA256 | 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5 |
| SHA512 | 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\licenses\xxhash.license.txt
| MD5 | 184732fe7ad572cca839560f13667eb6 |
| SHA1 | 76fcece0f58b529b1ecde86e8bf8f8bb1c652519 |
| SHA256 | ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a |
| SHA512 | 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ar.pak
| MD5 | 5209516dee9d9ce64854b70da199108c |
| SHA1 | 5797e37da5909e47e03d323abf884b573adf0840 |
| SHA256 | 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246 |
| SHA512 | 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\am.pak
| MD5 | 985be89267e0d559bffd4b66380e5e53 |
| SHA1 | fa33e9bbfff5a89dcc26f52634561e27c1cf0e05 |
| SHA256 | bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b |
| SHA512 | 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ca.pak
| MD5 | 5c5c2e574c8d51a61d9e58547d89b0df |
| SHA1 | 268d6a348c22616432191ae55bb8c34e039feac7 |
| SHA256 | 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73 |
| SHA512 | e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\bn.pak
| MD5 | 5670d1c74a07e5e9bb3853307ea2cfd7 |
| SHA1 | 7cd7568d2bd4c64b8685bf17e3289afe923468b2 |
| SHA256 | 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a |
| SHA512 | 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\da.pak
| MD5 | 42628b87e74b0a3a7cbce510f2ef674f |
| SHA1 | c9fc502eac895690f4bd0bd3cd47b72819bfc342 |
| SHA256 | 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5 |
| SHA512 | ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\de.pak
| MD5 | b48f5b846d1b32f8426255e8a03b4d20 |
| SHA1 | 77272097e67ba495d73e3d82e3100237a1664fcc |
| SHA256 | 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745 |
| SHA512 | 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\es.pak
| MD5 | 2c8b6b9b30b62618c65237943c030e6a |
| SHA1 | 887717930c8d070f0ba965c8a215478653d3845f |
| SHA256 | 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4 |
| SHA512 | b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\es-419.pak
| MD5 | 7b45d7be08eed5dfee3d12f0b7e6111d |
| SHA1 | e14d2e0861d42bc31ea778237f77fd71c5dd32c8 |
| SHA256 | 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c |
| SHA512 | dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\en-US.pak
| MD5 | 214e2b52108bbde227209a00664d30a5 |
| SHA1 | e2ac97090a3935c8aa7aa466e87b67216284b150 |
| SHA256 | 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab |
| SHA512 | 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\en-GB.pak
| MD5 | dabd9d0434e128d6ae3feec3b2c2801e |
| SHA1 | d7a25ac86c15f5d4a3b3d4b713a5302c5b385498 |
| SHA256 | dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835 |
| SHA512 | 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\el.pak
| MD5 | 9d654962e91275c7538dabdb450a2f03 |
| SHA1 | 3121a84f1035d7b44e4597ebe4857137b7172da6 |
| SHA256 | 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27 |
| SHA512 | 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\cs.pak
| MD5 | 6310a8e1c7e8ca3a1611d78b4d67845b |
| SHA1 | fa8cff4ec0b1cf3aca65e6745d9f31154dc48115 |
| SHA256 | 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e |
| SHA512 | 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\bg.pak
| MD5 | 7005e72419774fc1d78ba0718fca1b47 |
| SHA1 | bedcb1e0897a1a47a878bb820735d8e373a4b4f1 |
| SHA256 | 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d |
| SHA512 | 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\et.pak
| MD5 | 7c8be63adae41cfa46a1a614de18e842 |
| SHA1 | eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4 |
| SHA256 | 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be |
| SHA512 | 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hr.pak
| MD5 | 7bee03725ba9ace3cb2aaf64cf0c26a2 |
| SHA1 | 076f0ce744bad1cf242325d5b2378b501e069d38 |
| SHA256 | e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941 |
| SHA512 | 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hu.pak
| MD5 | 14d81146ec6e0ddf4b14fa7b2df372c3 |
| SHA1 | 9c77f0f0c959f2cb21e283b352176596a77992fd |
| SHA256 | 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568 |
| SHA512 | 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\hi.pak
| MD5 | 361f04e0a4176ac478b7b7674779388c |
| SHA1 | 68b4e7a9a31e0f9450c856d073b8d03613ae9816 |
| SHA256 | 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c |
| SHA512 | 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\he.pak
| MD5 | 70de839caf5f0caeccc5a2b7dd438583 |
| SHA1 | aa4b932b2313bca859568d62e8c12f9249d7bb81 |
| SHA256 | 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479 |
| SHA512 | 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\gu.pak
| MD5 | 2e015f0ad58e22b8eaf60e4d727aa3a0 |
| SHA1 | dba0b894f32ad6507ea6a41917c0631f06f2c03e |
| SHA256 | 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c |
| SHA512 | 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fr.pak
| MD5 | 9442fbfc2b150479f4836706313e42c2 |
| SHA1 | 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f |
| SHA256 | 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87 |
| SHA512 | 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fil.pak
| MD5 | 919d0bae6d964906176cec8530c019ba |
| SHA1 | ab41e78a91314608ffa0cec927b4e001b3833e4a |
| SHA256 | 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa |
| SHA512 | 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fi.pak
| MD5 | 4215d02d92e1be2e182197a0bb87ef29 |
| SHA1 | 005cc2d1ed5039fc34fc14270344ebc938760554 |
| SHA256 | 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb |
| SHA512 | b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\fa.pak
| MD5 | 00bc7a02631c7de396537ee08deeec7c |
| SHA1 | 063c897b59cd70955cee3ca27d8743a0989f0a86 |
| SHA256 | 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec |
| SHA512 | cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\id.pak
| MD5 | d0517c1bf9a89e06ed2b510b9408e578 |
| SHA1 | 71494250010ed09b55f3879488d4566808a8398b |
| SHA256 | 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3 |
| SHA512 | 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\it.pak
| MD5 | 812115ccf85cb84b2ea167a16e16587b |
| SHA1 | 317e50a1c4c7d8c46554822b43a81a0d8237dfd6 |
| SHA256 | 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37 |
| SHA512 | 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ja.pak
| MD5 | f8dcd5f1433d83464b44265449de812c |
| SHA1 | 47763205f105e19cadafdeb1cdec6f45001f2c58 |
| SHA256 | f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b |
| SHA512 | 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\kn.pak
| MD5 | acab21f3fafc58f1f42016f33d032158 |
| SHA1 | 682f11e3c282724093179c85a7df7d0992495cd4 |
| SHA256 | 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f |
| SHA512 | d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ko.pak
| MD5 | 95239fdef6e852df2d2e9d52dd99b622 |
| SHA1 | 360be5e62ac4573ee1a6bfa7effbe245c039862d |
| SHA256 | f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae |
| SHA512 | 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\lt.pak
| MD5 | 6e6993270327064cad2ff0784f20585a |
| SHA1 | 924a2ce4fffee99f29cbee875cd5abab2e814888 |
| SHA256 | 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434 |
| SHA512 | f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\lv.pak
| MD5 | e21a8a96d9f17e1f9e3ede2cb66eea9b |
| SHA1 | e3f456b5d238ce2095e7a51a4250fe26c361bfdc |
| SHA256 | 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090 |
| SHA512 | f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\nb.pak
| MD5 | bc1983b1c86badb361fe07031a93fa48 |
| SHA1 | 5bd14d7d7a335dd6457377fc0eaed07a56c369e6 |
| SHA256 | 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d |
| SHA512 | fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pt-PT.pak
| MD5 | 553594ab0e163c6375ebe75524095dec |
| SHA1 | 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5 |
| SHA256 | bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df |
| SHA512 | 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7f150a17a11d43e395f571dd23951d88 |
| SHA1 | f8b8d6f89f63d92f04156f2b44b36b6045fd3723 |
| SHA256 | 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9 |
| SHA512 | de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\pl.pak
| MD5 | 31200d5726b3d1cfbe9ac3bc7138a389 |
| SHA1 | e82f0300046e7cc9ffa13223c11cbb94d62c0dc6 |
| SHA256 | 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3 |
| SHA512 | 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\nl.pak
| MD5 | f1210067dc72e8c82444b2ad9a3f7897 |
| SHA1 | 3cf8c6fcb93a5f79fe6190aa0551d673887125da |
| SHA256 | d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9 |
| SHA512 | 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ms.pak
| MD5 | 53e8b7262db4c5b04ba5b39c07eddb32 |
| SHA1 | 9cb8946966547630cee42de04eb8604e6bb5af86 |
| SHA256 | 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a |
| SHA512 | c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\mr.pak
| MD5 | abcc39abc488cdbf73e44f53d74b15af |
| SHA1 | 982f12328342eddbacfbe45be577d839568c96e0 |
| SHA256 | 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54 |
| SHA512 | 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ml.pak
| MD5 | 7dabd95b96d90662432026c0a9ae1c22 |
| SHA1 | 49eb49428d642bd906aed9b0b69870a843326efd |
| SHA256 | 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5 |
| SHA512 | 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ro.pak
| MD5 | 06a36fa95702b38e749568037634828e |
| SHA1 | 9c584a9b7a0446fbc44bf5fecab71ab1312a592f |
| SHA256 | 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b |
| SHA512 | 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ru.pak
| MD5 | 12836eeb93367830b3b88b404449a3e7 |
| SHA1 | 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c |
| SHA256 | f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf |
| SHA512 | 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sk.pak
| MD5 | 9ce4e3abe9d948f6a89759d0ab188dba |
| SHA1 | 447e5c8803d0284c69ffb990ac0060adf93f4d25 |
| SHA256 | 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2 |
| SHA512 | 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sl.pak
| MD5 | 7a75fa0fd3ddd471cdf9b15d3b3860ca |
| SHA1 | f07e3e136768501e69e76529011003bd45fcc0a4 |
| SHA256 | d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959 |
| SHA512 | e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sr.pak
| MD5 | b2555a29076995ccf01580f0f1b2f766 |
| SHA1 | 284ed665f078620afdd6c7d074a6f9e26dbef1dd |
| SHA256 | 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0 |
| SHA512 | a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sv.pak
| MD5 | 03154d7a3c69ec91714c799b86267a1d |
| SHA1 | 8671e9672002c58581488416f2320005140adedf |
| SHA256 | 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b |
| SHA512 | 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\uk.pak
| MD5 | 6f2f1b073ccef426c7eb49362123f2d0 |
| SHA1 | 048921ad0cba17256e9838257d9f47969cdf6172 |
| SHA256 | 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f |
| SHA512 | cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\tr.pak
| MD5 | a38eea92c514716b8ab019ab792bf541 |
| SHA1 | cae203c3ed63807d4f2d89333540556b5e92e161 |
| SHA256 | 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd |
| SHA512 | 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\zh-TW.pak
| MD5 | 3d230011248333ed6cee72f667c8df45 |
| SHA1 | 4114f307a31516bb6309fa9fc2572722b8d93d24 |
| SHA256 | b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1 |
| SHA512 | 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\zh-CN.pak
| MD5 | 376ef5a6f076a9757f58d7b10526eb73 |
| SHA1 | 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e |
| SHA256 | f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6 |
| SHA512 | e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\th.pak
| MD5 | 687a80e1cb637003c3e5f05d3f4b89b4 |
| SHA1 | 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6 |
| SHA256 | daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654 |
| SHA512 | 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\te.pak
| MD5 | b5e9289d02b4963d292bbb4210e9ab5d |
| SHA1 | 48382ab36b77cbec280833f587450270b5080a85 |
| SHA256 | 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9 |
| SHA512 | eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\vi.pak
| MD5 | a01c81f3bd56d52c205ce6742dfe52c7 |
| SHA1 | 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25 |
| SHA256 | 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f |
| SHA512 | e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\ta.pak
| MD5 | 7503d3994d48911a38370095f5c83ec8 |
| SHA1 | a98917d5de0cc237d226ad64792fc9840bec0a0a |
| SHA256 | 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33 |
| SHA512 | d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\locales\sw.pak
| MD5 | 0dad65bd01e92ec4001c8377a3f6900a |
| SHA1 | 91353a816b6b1d0aa5bf5342b8f2bd430da57286 |
| SHA256 | 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892 |
| SHA512 | 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\badlion_js.dll
| MD5 | ab83489339535b6fcbad1b70ddcade23 |
| SHA1 | 511d0cd7d8a1c153a774c919d8bb5b943a5fe009 |
| SHA256 | 2ae0528920d1c27337ecfed3719cb294dbdbcee1b6b1fb30aac1403272610d3a |
| SHA512 | 107c734f23c2eaf2214016e881f0d09ce2cd52f5ca24b376d05562cc4366352c3bc04d03fcea2c1fd9b507f3139f898cd33867ebbea11377f9a6ad5c124bd675 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\badlion_electron.dll
| MD5 | 77c88caf62ccf357470d630d9fa4dd7d |
| SHA1 | 1e04dfac643ab7284c529d60ab5be68be172d98e |
| SHA256 | 9bdd94dc645cb5044536dfbd3a5fc51535a63e32104895bc395b2dfdbc4962e7 |
| SHA512 | 74506a6a0ed1cb356a4342e5c06244023fa6712d1b4fda178d48c431e2aeb4098c5fd539c431cc859c6560340ffddfc9c2bfe3dca6a27956611ef3189755065e |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\freetype-jni.dll
| MD5 | f6e10c16e1b5a475bb168bb4b32f8b07 |
| SHA1 | 363c51396bcff7216f56bb299349d5151f118f20 |
| SHA256 | 234af7bd598f9104663f824cb65d8ff4a08c33e68173f166bbbb6498de091638 |
| SHA512 | 8044efc568f19e7e2392f0e8961a82c4a650534aceb9e0b91a64b6e38b24b495d2ff830aabe3efc59e05e0814184d92878d93ad49a65f8debb4f7bdaec0a91fa |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\native-modules\launcher.node
| MD5 | a2cb408235c0d92526e20b6432587d6e |
| SHA1 | aec2b9942857fdb1ff45c699f7e198a7cb72cc2f |
| SHA256 | ebaffc8d4fb76a02ff54f993cfa5d5e90c84e18b597621adbcc51fb165532a77 |
| SHA512 | c5a36201488c5356e4efb9bda73985af74edbad158e8faf79e683f4244a8bbe8516a52a5f273bfb3208b5fe16329cb6236c1c8efb64ca882d81258aa23b5f8ff |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\app-update.yml
| MD5 | a85c6f31bef49be88b0a8846daf72dd1 |
| SHA1 | 1563fbe30087d902674e1e6d4ad5d2a94f559fb4 |
| SHA256 | 959ea658d5b7f99fc2e9c8e990f98081e019f5917316ab6c3e9e3e81e4d73c88 |
| SHA512 | 87f6436610c0519daa2580bb08d1a4ca5be5c0a803b4b9db4fd797bedacb28a78d52a9891e891b1c5efa7b09da470206506ce207b61be76025f7b99a34bdf2e3 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\app.asar
| MD5 | ff482968da25d2526453b2ce0230c73f |
| SHA1 | 932c1c3e772de162331fb4626827d8f9dcb799db |
| SHA256 | cc42e22451c3f348f04fd055e96721d36ff6d6b35b6b44d1cc4dfb35e5b17dc6 |
| SHA512 | e07cc5db3977d7c814f41dea66e21582764318bf99dd1484b0024a5060b4351b68864fc193cc4a8279ff07bc4f91ea80cbc240f7d36ee59b550175db38479e90 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\elevate.exe
| MD5 | 59b5872248146319a464c52af7f136a4 |
| SHA1 | d6ac14ce2d602fc3bb3970554b1eece84c3f913e |
| SHA256 | 50fae753983844e20b11f3a8033ec22fbe1168170c98045ea5c6134c8050828e |
| SHA512 | 1ddb200db06453593c9e3fa819c906db6405e3920f8c703f5871a2c65cb7b17f773a90aeffc3cc7d76567739ed985dd77752d6cb9928dc05a2f737f97b1f5502 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\roots.pem
| MD5 | bec29e7471bdfd13632a88a0e1177a4e |
| SHA1 | f06003491572f8c18b6c18f1857562562eb48032 |
| SHA256 | 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e |
| SHA512 | 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\resources\debug-log4j2.xml
| MD5 | dd7150b869964d8a892cdd584948dc55 |
| SHA1 | f8053aba6ad32932509c37f9d06fff2af011ce52 |
| SHA256 | c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba |
| SHA512 | a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e7c8cd0bc5305a7c3c2a2c1f689744e2 |
| SHA1 | de20c6420bd838e13867bb37256e1b25bf365942 |
| SHA256 | 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9 |
| SHA512 | 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0 |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | d9a5609d8da5bd558facf2617619ad2b |
| SHA1 | 9debb66a376549ee795e9c049b3a685245e0a4b8 |
| SHA256 | da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216 |
| SHA512 | b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d |
C:\Users\Admin\AppData\Local\Temp\nsq1F7B.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | ce591e10b596b03351131b4c341b740c |
| SHA1 | 5d173905466eecb7034c3132030146c3f557cb47 |
| SHA256 | 75172afc595dadfbbb1edeae4cc8dd07cd5f8c6158347c78d81e6bda8ae04014 |
| SHA512 | b3d66b1927b6b6e3aefe7f1136efada58bf4e2e265c27cb7ca31946e39d971796d74a225ef0abde3dd16ec2bf9ac936014069cc2d5f878532b52e3dd41b7f831 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 22d34b76477b637f85b94110b113c9d6 |
| SHA1 | a3288eb9d3de8b8431a7457b57187cf5ca2ce3fa |
| SHA256 | 2a314f8b6fe9281596378139b4ae93d82a3d638d83e1462a6a7912cb7188c16d |
| SHA512 | 33c70a9a924d02932e3aa77e101edae1b45431dc1436aa8653008be355b1d769aec7e8faacf4d5700f1f1007c59a714483f81069a53b5bcad64ad76ba78f409c |
memory/5104-3237-0x00007FFA47B50000-0x00007FFA47B51000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 50bdc9a03c779e7a27c96817f21f9345 |
| SHA1 | a240dff2eee71ff9586a765d467b5f882801c0f5 |
| SHA256 | 5504d669b277c168df183f7046bbbada1acf417b156f1063ea53079ee174f172 |
| SHA512 | d6da2f76d572a983b0db1a916c8f256ce13cc2201ab62448280afb9eac40b407bc2cd690589137c24d4d29b258b82ddf946bcd639e21c4570588ac1a9e13012d |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\bin\msvcr100.dll
| MD5 | df3ca8d16bded6a54977b30e66864d33 |
| SHA1 | b7b9349b33230c5b80886f5c1f0a42848661c883 |
| SHA256 | 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36 |
| SHA512 | 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\deploy\messages_zh_HK.properties
| MD5 | 4287d97616f708e0a258be0141504beb |
| SHA1 | 5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e |
| SHA256 | 479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7 |
| SHA512 | f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.security
| MD5 | b7aba3dfea0468195be1256c959135e6 |
| SHA1 | 8c30082493935efda5ba54489d8605199c976b29 |
| SHA256 | c50c923c2b0dc5a3c598671be2cd980f7f06e7254cce04a1fe498f6e17fce3ec |
| SHA512 | c91e110a3f3fc74596d22ee9f59bfa952be75b1b87fdb0e7ca8f188671c8e1d22bf02bc0c0b9f1321ad4df0c8c8db6f660efbba513888686b5ba9f86d7c30b7d |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jvm.hprof.txt
| MD5 | ad91d69a4129d31d72fbe288ff967943 |
| SHA1 | cb510afcdbecea3538c3f841c0440194573dbb65 |
| SHA256 | 235a50d958faedde808d071705a6d603f97611f568eec40d7444984b984a4b18 |
| SHA512 | 600bee4676d26e2ce5b9171582540021509a4d7888c9c7badc14f0fad07007e4ce2b4c007a8eb15bd0d977722b8b34442012ea972ffbd72797475a56cdfd86ee |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf
| MD5 | a0c96aa334f1aeaa799773db3e6cba9c |
| SHA1 | a5da2eb49448f461470387c939f0e69119310e0b |
| SHA256 | fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2 |
| SHA512 | a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\bin\server\Xusage.txt
| MD5 | f4188deb5103b6d7015b2106938bfa23 |
| SHA1 | 8e3781a080cd72fde8702eb6e02a05a23b4160f8 |
| SHA256 | bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763 |
| SHA512 | 0be9a00a48cf8c7d210126591e61531899502e694a3c3ba7c3235295e80b1733b6f399cae58fb4f7bff2c934da7782d256bdf46793f814a5f25b7a811d0cb2e3 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.access
| MD5 | 41b36d832be39a3cf0f3d7760e55fdcb |
| SHA1 | e706e9be75604a13dfcc5a96b1720a544d76348b |
| SHA256 | 71a930cbe577cbabb4269650c98d227f739e0d4b9c0b44830dd3d52f5015be1f |
| SHA512 | 41e6b8639c1ceb3d09d2fdeeeba89ffa17c4ed8b1ad0df1e5ab46c4bf178688d5504dc5a3c854226f7da23dfa0edab0d035d6b56495829f43aaa2a7babec4273 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_ja.properties
| MD5 | d830fc76bdd1975010ece4c5369dadf8 |
| SHA1 | d8cc3f54325142efa740026e2bc623afe6f3acb5 |
| SHA256 | 11e886336ba51a9044ab1a87c60ceee34c29bb724e06a16968d31531a7001064 |
| SHA512 | 7b867a50a811fbd7ffdad0b729ca4501e16386ee5c4940a4cf9a805767cc0d10f7e3bdfd6a60204d79292d778d93e3bd915368ac0e9453bbb1010adfd9655f0f |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf
| MD5 | a387b65159c9887265babdef9ca8dae5 |
| SHA1 | 7913274c2f73bafcf888f09ff60990b100214ede |
| SHA256 | 712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46 |
| SHA512 | 359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\LICENSE
| MD5 | 67cb88f6234b6a1f2320a23b197fa3f6 |
| SHA1 | 877aceba17b28cfff3f5df664e03b319f23767a1 |
| SHA256 | 263e21f4b43c118a8b4c07f1a8acb11cafc232886834433e34187f5663242360 |
| SHA512 | 4d43e5edecab92cebd853204c941327dccbfd071a71f066c12f7fb2f1b2def59c37a15ce05c4fe06ec2ea296b8630c4e938254a8a92e149e4a0a82c4307d648f |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf
| MD5 | 4d666869c97cdb9e1381a393ffe50a3a |
| SHA1 | aa5c037865c563726ecd63d61ca26443589be425 |
| SHA256 | d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06 |
| SHA512 | 1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\amd64\jvm.cfg
| MD5 | 3bc0c7371c924bf144af8516ba8ba720 |
| SHA1 | dcd2c34791a1e7c7d0866d00c014f566d983d860 |
| SHA256 | 875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1 |
| SHA512 | eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf
| MD5 | 630a6fa16c414f3de6110e46717aad53 |
| SHA1 | 5d7ed564791c900a8786936930ba99385653139c |
| SHA256 | 0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923 |
| SHA512 | 0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif
| MD5 | 89cdf623e11aaf0407328fd3ada32c07 |
| SHA1 | ae813939f9a52e7b59927f531ce8757636ff8082 |
| SHA256 | 13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d |
| SHA512 | 2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt
| MD5 | ea05cfe64caab3ac7c6ce79163faf3f1 |
| SHA1 | e7798b9f64d07b359e9efd3723c64c0842c3bd69 |
| SHA256 | 8091d955ed8fcc8c87e83c9d582692662aeb79a5a87b431e92ddb187cb32f835 |
| SHA512 | 836d99f3109d2a3538c8f94c7c66fc9e8584cb1e15d5a187325663109b6ee8624e0f7b257e54ec6b28d529518a59f5772f3a2b39dd99273862829565a36f5325 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\accessibility.properties
| MD5 | 9e5e954bc0e625a69a0a430e80dcf724 |
| SHA1 | c29c1f37a2148b50a343db1a4aa9eb0512f80749 |
| SHA256 | a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e |
| SHA512 | 18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_es.properties
| MD5 | 72bdae07c5d619e5849a97acc6a1090f |
| SHA1 | 9fc8a7a29658ac23a30ab9d655117bb79d08dc3b |
| SHA256 | 821a3452ecb9f29bcec16c0b39fb668c2cc30c7f7283b34bfc5400040723892b |
| SHA512 | 67f0d1d60012b5598864b68612aa488af1b5876ff5f347cd98abcf1e3c0d267cf0354d5085bf12b0a09c6ef124fd0117cd16fcc032da2b195d45bab19740bb78 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\flavormap.properties
| MD5 | b0ce9f297d3fec6325c0c784072908f1 |
| SHA1 | dd778a0e5417b9b97187215ffc66d4c14f95fef0 |
| SHA256 | 6da00c1cbe02909dcd6a75da51d25dbf49bfd1d779c0b8e57b12e757229fc4a8 |
| SHA512 | 4c774bcb9ade996569c86dd46b3bdb046771ad1bcf9aabb9db86854c83e18015cbe5df73da86ee98e26ba0393f548b1cc09de60bda4248eacc4fc833e23b8ab4 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\calendars.properties
| MD5 | 92ba2d87915e6f7f58d43344df07e1a6 |
| SHA1 | 872bc54e53377aac7c7616196bcce1db6a3f0477 |
| SHA256 | 68f0cf30429a42a6fe78b1de91970e5c78fd03d1599beb080c1c196d5c59e4c0 |
| SHA512 | a964e2ceb4d601faf28ecf13fb11777b70708c21cf9ea23721e462b6e911051108b8a42ebf6447fa49cb61d7fa2d79475f50ee791f1121616371e2b02fab71b6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.password.template
| MD5 | 5dd28aaf5a06c946df7b223f33482fdf |
| SHA1 | d09118d402ca3ba625b165ecace863466d7f4ce9 |
| SHA256 | 24674176a4c0e5eefb9285691764ea06585d90bbdaf5bf40c4220de7ca3e3175 |
| SHA512 | 13c6f37e969a5aece2b2f938fa8ebf6a72c0c173678a026e77c35871e4ae89404585fb1a3516ae2ca336fc47eab1f3dd2009123adba9c437cd76ba654401cbdf |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\[email protected]
| MD5 | cb81fed291361d1dd745202659857b1b |
| SHA1 | 0ae4a5bda2a6d628fac51462390b503c99509fdc |
| SHA256 | 9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435 |
| SHA512 | 4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\splash.gif
| MD5 | 249053609eaf5b17ddd42149fc24c469 |
| SHA1 | 20e7aec75f6d036d504277542e507eb7dc24aae8 |
| SHA256 | 113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be |
| SHA512 | 9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\profile.jfc
| MD5 | 4350cbf99dca8cfcd1075fbbe2ff6c60 |
| SHA1 | 37e6c871457dc5691a692c9577877d6846e43c6e |
| SHA256 | 9bcd76b6dca5ea258edaddd2cfdd0dd93e66e4d9352eda6752c82e0e87be5408 |
| SHA512 | 1d397c2881de8aa8e77a503a83b7025010c953c8b56a2d8f7b53cee7b7d68451ce0527ecb775df52ecd1d5cf7912b67dc1186ce6a0990ac2d0fe3519321678e3 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfontj2d.properties
| MD5 | 66b3e6770c291fe8cd3240ffbb00dc47 |
| SHA1 | 88ce9d723a2d4a07fd2032a8b4a742fe323eec8f |
| SHA256 | 7ea6e05d3b8b51d03c3d6548e709c220541df0f1aee2e69b9101c9f051f7c17a |
| SHA512 | d1b99aa011568affa415758c986b427588ae87fe5eb7fc52d519f7167ad46bbff8b62799f14d8dbc7c55deb6ff7259445d6e8882cc781d61206ed1b79b688745 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\US_export_policy.jar
| MD5 | ee4ed9c75a1aaa04dfd192382c57900c |
| SHA1 | 7d69ea3b385bc067738520f1b5c549e1084be285 |
| SHA256 | 90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870 |
| SHA512 | eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\javaws.policy
| MD5 | e0c4ef8b210c0ddfee01126e1aca4280 |
| SHA1 | f1cc674f447045d668454996d5c3c188884762cd |
| SHA256 | e5cd7f9fd43084674aa749bc8301f28de85eef6d01bd78828f72fa32377a3368 |
| SHA512 | 4820074f15520ad099193b27a673499c31544a7279279efcb6131d53fe997438a96e1c5b386c233385004f7a2fbb775d4cde3c0272a196b54c0d8ee6ccef43df |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\sRGB.pf
| MD5 | 1d3fda2edb4a89ab60a23c5f7c7d81dd |
| SHA1 | 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e |
| SHA256 | 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
| SHA512 | 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf
| MD5 | af0c5c24ef340aea5ccac002177e5c09 |
| SHA1 | b5c97f985639e19a3b712193ee48b55dda581fd1 |
| SHA256 | 72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244 |
| SHA512 | 6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\local_policy.jar
| MD5 | 57aaaa3176dc28fc554ef0906d01041a |
| SHA1 | 238b8826e110f58acb2e1959773b0a577cd4d569 |
| SHA256 | b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7 |
| SHA512 | 8704b5e3665f28d1a0bc2a063f4bc07ba3c7cd8611e06c0d636a91d5ea55f63e85c6d2ad49e5d8ece267d43ca3800b3cd09cf369841c94d30692eb715bb0098e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\content-types.properties
| MD5 | 95ae170d90764b3f5e68c72e8c518ddc |
| SHA1 | 1939b699d16a5db3e3f905466222099d7c29285a |
| SHA256 | a2b31e9cbceab296a5e1cf056efd953ced23b888cd929b0bbe6eb6b53d2bf861 |
| SHA512 | 87e970beac8141c757d622fc8b6d84fe173ea4b134afd8e2f979714c1110c3d92f3ce5f2b9dc74804dd37d13ab2a0edf0fca242f61cf8ed065ae81b7331f8816 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf
| MD5 | c1397e8d6e6abcd727c71fca2132e218 |
| SHA1 | c144dcafe4faf2e79cfd74d8134a631f30234db1 |
| SHA256 | d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff |
| SHA512 | da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf
| MD5 | b75309b925371b38997df1b25c1ea508 |
| SHA1 | 39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add |
| SHA256 | f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde |
| SHA512 | 9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf
| MD5 | 793ae1ab32085c8de36541bb6b30da7c |
| SHA1 | 1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7 |
| SHA256 | 895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c |
| SHA512 | a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_fr.properties
| MD5 | ffe3cc16616314296c3262b0a0e093cd |
| SHA1 | 198dd1c6e6707c10ae74a1c42e8a91c429598f3b |
| SHA256 | 3941736bef6a8e53d002b6b67ece4793c2f3f34bcc1ecb271684eb3f73fc4103 |
| SHA512 | cd3a9329f405ca14e11cdbb74d467b31a31530cbf00537b16fb23aebc6c07eb268e9624fdbc997aa0cf4852dac288e1d011e2fc392d71e25dbdf52e359ba9d4e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\management.properties
| MD5 | 054e093240388f0322604619ef643f18 |
| SHA1 | 6e110c2a5d813013e9c57700be8b0d17896e950c |
| SHA256 | bf41d73eab0da8222fe24255e1bbf68327fb02b1a4f1e7a81b9c7b539033ffb2 |
| SHA512 | bd60c6271cdeffff4563e6e2cf97c176d86f160092d1ffcbe7eefe714ba75ddc5fb4e848a5fdbe7a1d1510720d92af6a176a76de2cc599f27e4beae8e692c5d3 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfont.properties.ja
| MD5 | a38587427e422d55b012fa3e5c9436d2 |
| SHA1 | 7bd1b81b39da78124be045507e0681e860921dbb |
| SHA256 | d2c47de948033ed836b375ccd518cf55333fe11c4ced56bc1ce2ff62114cf546 |
| SHA512 | ea6ca975e9308ed2b3bbcce91ee61142dab0067ce8f17cb469929f6136e6b4a968bac838141d8b38866f9ef5e15e156400859cccc84fb114214e19556f0dc636 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\tzmappings
| MD5 | b8dd8953b143685b5e91abeb13ff24f0 |
| SHA1 | b5ceb39061fce39bb9d7a0176049a6e2600c419c |
| SHA256 | 3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272 |
| SHA512 | c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\default.jfc
| MD5 | 23aa3364d2ad1a2fc01fe9632b3b657e |
| SHA1 | aa73c9d419da1237450d85a8c14fe8473fc96a0d |
| SHA256 | dc59d905640c4931f45b14d24a08757a3108597a07eaefc5317c52681797139d |
| SHA512 | d882bcbc7eb8372758467c211c6b1d00ce76ecb3579bd6682ec84d63472b9164a9c9ba27d6b88e779c726d90c8c7bc364ccbe37dfd514c638f24fa79d6478e31 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\hijrah-config-umalqura.properties
| MD5 | 6e378235fb49f30c9580686ba8a787aa |
| SHA1 | 2fc76d9d615a35244133fc01ab7381ba49b0b149 |
| SHA256 | b4a0c0a98624c48a801d8ea071ec4a3d582826ac9637478814591bc6ea259d4a |
| SHA512 | 58558a1f8d9d3d6f0e21b1269313fd6ac9a80a93cc093a5e8cdec495855fcd2fc95a6b54fe59e714e89d9274654bb9c1cd887b3fb9d4b9d9c50e5c5983c571b8 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\sound.properties
| MD5 | bb63293b1207cb8608c5fbe089a1b06d |
| SHA1 | 96a0fa723af939c22ae25b164771319d82bc033b |
| SHA256 | 633015ad63728dfe7a51bf26e55b766dd3e935f1fcccffa8054bf6e158ea89b2 |
| SHA512 | 0042debe4a77da997a75a294a0c48d19aed258eeb3cd723fd305037df11f0a5073a92cc54967b8b541e1afc912f36481d0b0f68477b8156e52e15093722b7c32 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\meta-index
| MD5 | 91aa6ea7320140f30379f758d626e59d |
| SHA1 | 3be2febe28723b1033ccdaa110eaf59bbd6d1f96 |
| SHA256 | 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4 |
| SHA512 | 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf
| MD5 | 5dd099908b722236aa0c0047c56e5af2 |
| SHA1 | 92b79fefc35e96190250c602a8fed85276b32a95 |
| SHA256 | 53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee |
| SHA512 | 440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\cursors.properties
| MD5 | 01b94c63bd5e6d094e84ff3ad640ffbf |
| SHA1 | 5570f355456250b1ec902375b0257584db2360ae |
| SHA256 | 52845deb58038b4375c30b75dd2053726872758c96597c7cc5d6cef11f42a2ba |
| SHA512 | 816be2271cf3ecf10ee40e24a288ce302b2810010bef76efc0ce5746591955921b70f19005335f485d61a7b216dcce0b06750831720dd426d07709154d5fac7a |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif
| MD5 | cc8dd9ab7ddf6efa2f3b8bcfa31115c0 |
| SHA1 | 1333f489ac0506d7dc98656a515feeb6e87e27f9 |
| SHA256 | 12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338 |
| SHA512 | 9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\ext\meta-index
| MD5 | 005faac2118450bfcd46ae414da5f0e5 |
| SHA1 | 9f5c887e0505e1bb06bd1fc7975a3219709d061d |
| SHA256 | f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8 |
| SHA512 | 8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\GRAY.pf
| MD5 | 1002f18fc4916f83e0fc7e33dcc1fa09 |
| SHA1 | 27f93961d66b8230d0cdb8b166bc8b4153d5bc2d |
| SHA256 | 081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424 |
| SHA512 | 334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\logging.properties
| MD5 | 0aa5d5efdb4f2b92bebbeb4160aa808b |
| SHA1 | c6f1b311a4d0790af8c16c1ca9599d043ba99e90 |
| SHA256 | a3148336160ea7ef451052d1f435f7c9d96eeb738105ac730358edada5bd45a2 |
| SHA512 | a52c2b784cf0b01a2af3066f4bb8e7fd890a86cfd82359a22266341942a25333d4c63ba2c02aa43ade872357fc9c8bbc60d311b2af2ad2634d60377a2294afdd |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_it.properties
| MD5 | bf5e5310b2dcf8e8b3697b358ad4446d |
| SHA1 | c746ac1f46f607fa8f971bea2b6853746a4fb28d |
| SHA256 | cc9ad73957535011ee2376c23de2c2597f877aceba9173e822ee79aad3c4e9e6 |
| SHA512 | b6c61d38b0acc427b9b2f4c19dabd7eacbe8eea6b973fd31b3555c4c5b3ffaf1ca036b730359346f57223b44cce79e04a6d06bbc13c6f7dd26ed463776bb6dcc |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_zh_CN.properties
| MD5 | 823d1f655440c3912dd1f965a23363fc |
| SHA1 | 50b941a38b9c5f565f893e1e0824f7619f51185c |
| SHA256 | 86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7 |
| SHA512 | 1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif
| MD5 | 694a59efde0648f49fa448a46c4d8948 |
| SHA1 | 4b3843cbd4f112a90d112a37957684c843d68e83 |
| SHA256 | 485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198 |
| SHA512 | cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\CIEXYZ.pf
| MD5 | 10f23396e21454e6bdfb0db2d124db85 |
| SHA1 | b7779924c70554647b87c2a86159ca7781e929f8 |
| SHA256 | 207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c |
| SHA512 | f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\blacklist
| MD5 | 3f5dc1d941e8356ccd04454ac0a7a7d2 |
| SHA1 | 3698f9afd870c7959e2d8a0da0a97b4475554831 |
| SHA256 | c48d57d64ed98f8f174a4f6873f536ae03b41a63f67079d7c2f7140950a1c02e |
| SHA512 | 65319a4ef150884f7e67c6f96085a996c9b32dcf9a539c4eb7af77b1b46cdd90f1e83446f33da14467ea37d0628c9411323f5c3d3cefcf03cbdfa186eeb2bd3c |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\snmp.acl.template
| MD5 | 9d9ec1bb9e357bbfb72b077e4af5f63f |
| SHA1 | 6484b03dbe9687216429d3a6f916773c060e15ce |
| SHA256 | 8b02a29bc61b0f7203df7ca94140f80d2c6a1138064e0441dfd621cf243a0339 |
| SHA512 | 5fe39bbfca806ce45871a6223d80fa731efaa5d31c3b97ee055ab77eaf3833342945f39e9858335d9dd358b4b7f984ffade741452e19b60b8e510aa74ac02c00 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\README.txt
| MD5 | 4bda1f1b04053dcfe66e87a77b307bb1 |
| SHA1 | b8b35584be24be3a8e1160f97b97b2226b38fa7d |
| SHA256 | fd475b1619675b9fb3f5cd11d448b97eddee8d1f6ddcca13ded8bc6e0caa9cf3 |
| SHA512 | 997cee676018076e9e4e94d61ec94d5b69b148b3152a0148e70d0be959533a13ad0bc1e8b43268f91db08b881bf5050a6d5c157d456597260a2b332a48068980 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\PYCC.pf
| MD5 | 24b9dee2469f9cc8ec39d5bdb3901500 |
| SHA1 | 4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144 |
| SHA256 | 48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0 |
| SHA512 | d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages.properties
| MD5 | 2eb9117d147baa0578e4000da9b29e12 |
| SHA1 | 3d297ecf3d280d4aa3d1423e885994495243f326 |
| SHA256 | b8d9c69ff7f4832a9b365d4a43cf66dff9847051752b13eedf024caa9c1ef46b |
| SHA512 | c3f7730767941b3c8f6f53d4686e9f898d1907d978f6d1fa35ba02c3fcd8306335406a5f9abaa844f27f7afd9e548810becb9ec3e6b84888ea5eac57b6ed6fdb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_de.properties
| MD5 | ff9cfee1acfcd927253a6e35673f1bb7 |
| SHA1 | 957e6609a1af6d06a45a6f7b278be7625807b909 |
| SHA256 | e130fbd5fa378a380f46f42981f2c97bc152059c27120204ab4da47079d31513 |
| SHA512 | f42601092436d7af30ccd81126185232d9d643b195d3d4619aec451e3e2a60e33e6378e770dd1a4cdf7ab20cb749371665a992ca73d2842a7102f3fb34b6b9eb |
C:\Users\Admin\AppData\Roaming\ff60a168-f63b-4214-9ce3-35cfbcd5aae6.tmp
| MD5 | 050445f361673df6b448e8a85bb845b4 |
| SHA1 | f8ae63dd6cb0a271982653a09583fc5eb6427892 |
| SHA256 | a69310493fe902acbde001b22ac7e2e4db9823b097e286d30da21b0b6a71f083 |
| SHA512 | 56ab0ad126529507d892224dde021c000c3e26eabfde3fc015bd06581a1bcf057ec1cbbb8ce4b38d256865ade734df3ba91046ee1de91a0ec45a5fa5bc6f2eb1 |
memory/5104-4698-0x0000028900BB0000-0x00000289012EF000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.policy
| MD5 | ec90fd04c2890584a16eb24664050c2a |
| SHA1 | c7fe062eac95909ec6a5ea93f42dda5e023ad82c |
| SHA256 | ced51e3926e6b0cfec8ecab3b15d296fdcfae4d32046224814aaab5fd0fed9c0 |
| SHA512 | 8da494925b3b5aae69a30a8b5f9732e64edbae39c968229d112185e349c410a0f5d1b281a4e44718e0120e910820b15ca878b2ed1cf905dfc6595f1ba34b85d3 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\java.scripting\ASSEMBLY_EXCEPTION
| MD5 | bd468da51b15a9f09778545b00265f34 |
| SHA1 | c80e4bab46e34d02826eab226a4441d0970f2aba |
| SHA256 | 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b |
| SHA512 | 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.management.jfr\ADDITIONAL_LICENSE_INFO
| MD5 | 512f151af02b6bd258428b784b457531 |
| SHA1 | 84d2102ad171863db04e7ee22a259d1f6c5de4a5 |
| SHA256 | d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83 |
| SHA512 | 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.attach\LICENSE
| MD5 | 663f71c746cc2002aa53b066b06c88ab |
| SHA1 | 12976a6c2b227cbac58969c1455444596c894656 |
| SHA256 | d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80 |
| SHA512 | 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\conf\security\policy\unlimited\default_US_export.policy
| MD5 | 1a08ffdf0bc871296c8d698fb22f542a |
| SHA1 | f3f974d3f6245c50804dcc47173aa29d4d7f0e2c |
| SHA256 | 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9 |
| SHA512 | 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.javadoc\jquery.md
| MD5 | 8ef4ab67241efd69eaa3df9871fa0dbd |
| SHA1 | a20a019c3b06d4263b00f5e89ed394a52b8c1981 |
| SHA256 | 0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e |
| SHA512 | 1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.sctp\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfontj2d.properties
| MD5 | 17b15d370018acc01550175882c7da91 |
| SHA1 | 4edd9e0fc3d30fbdcabcdcaab3bc0b3157fc881e |
| SHA256 | 780c565d5af3ee6f68b887b75c041cdf46a0592f67012f12eeb691283e92630a |
| SHA512 | e4ee92d4598385cb2f6f3a4db91ddabd7e615dc105ed26cdc5b5598d01c526cea7726ff93f92a308350229f2e5a5dd64cc0c38865dd97666368a330b410d4892 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.jdi\ADDITIONAL_LICENSE_INFO
| MD5 | 19c9d1d2aad61ce9cb8fb7f20ef1ca98 |
| SHA1 | 2db86ab706d9b73feeb51a904be03b63bee92baf |
| SHA256 | ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9 |
| SHA512 | 7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\colorimaging.md
| MD5 | 0889fd01a6802a5a934572d9bd47f430 |
| SHA1 | 7a7e547452ee1c72e8b0d96dccbe315f62d5b564 |
| SHA256 | 04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189 |
| SHA512 | f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.attach\ASSEMBLY_EXCEPTION
| MD5 | 7caf4cdbb99569deb047c20f1aad47c4 |
| SHA1 | 24e7497426d27fe3c17774242883ccbed8f54b4d |
| SHA256 | b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a |
| SHA512 | a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\jcup.md
| MD5 | d19594fbf6eab2242dc29257905d8ded |
| SHA1 | fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c |
| SHA256 | 8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf |
| SHA512 | 7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\logging.properties
| MD5 | 0f00ec3e7a7767a4efeae1875fb5f3d4 |
| SHA1 | 167808418571e9209b952188ddab2f4e62920e68 |
| SHA256 | b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f |
| SHA512 | e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\jvm.cfg
| MD5 | 7ce21bdcfa333c231d74a77394206302 |
| SHA1 | c5a940d2dee8e7bfc01a87d585ddca420d37e226 |
| SHA256 | aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0 |
| SHA512 | 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\management.properties
| MD5 | 1e236f07e2b653fafe2c0ecd3eb815e1 |
| SHA1 | 81c332967eb7424827e9a570d845f7d48930b35c |
| SHA256 | 07dffdd85b01c19bf46ca320a699aba48dd6b01043eb0bd6a9528c7993312bad |
| SHA512 | 4fae4e2b5f7122cd80c03b3d04fca5c4b9586be6c712dfdb729f5e85d6e71a86addfdb975be4ee7e250e28643222687f834a6456054e38331bd978aba79dae71 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzmappings
| MD5 | 4c30d7867505379a18a27d0e8f03198c |
| SHA1 | 0cc871d5bd91e061d676a861749af68bbc0ca9c6 |
| SHA256 | b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab |
| SHA512 | 873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.localedata\thaidict.md
| MD5 | 2ea6eb55ca40902554aaf2fd20a76ba8 |
| SHA1 | e5b9e88e174c797c313d6739e7e34772b723bc4b |
| SHA256 | c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a |
| SHA512 | 5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfont.properties.ja
| MD5 | d4c735bf5756759a1c3bc8de408629fc |
| SHA1 | 67c15e05a398b4ce6409d530a058f7e1b2208c20 |
| SHA256 | 5a4bd51b969bf187ff86d94f4a71fdfbfa602762975fa3c73d264b4575f7c78f |
| SHA512 | 8124b25decfa64a65433ff2ce1f0f7bdf304abe2997568abc35264a705f07152aa993b543da37c4132b4b1b606743c825c90a0eb17b268518d478f5cf0889062 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.access
| MD5 | 5880f5255cf159b204761cf24be76061 |
| SHA1 | db484eb763831db19c089c9820a54cc875e4f624 |
| SHA256 | 0c25d26ee212ca1e8c33f67c3c460d43fe849c3a1d23dbe341148517602b280c |
| SHA512 | 64d33add796d2d3df7ad37aa452ee1d106174be1ade3063d73ba416211629a9a9b05177969404fdc92fcee8458450c9de4a6195744b93131303208cb6f1416ad |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\exempt_local.policy
| MD5 | 4cbb03f484c86cbea1a217baae07d3c9 |
| SHA1 | ee67275bc119c98191a09ff72f043872b05ab7fd |
| SHA256 | 8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9 |
| SHA512 | 2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\wepoll.md
| MD5 | cef1d92ff8ace278bd32ac5e18735b86 |
| SHA1 | 6c7d15e2b8f3e99527458c8ea33420ee1d34af7b |
| SHA256 | 3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0 |
| SHA512 | 12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\ADDITIONAL_LICENSE_INFO
| MD5 | 71bb3ad0017bf36d14bb96a8d4b32c45 |
| SHA1 | 1a5c553e71bdb7d94995b206bc9eaa49abd1e888 |
| SHA256 | a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916 |
| SHA512 | 9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\sound.properties
| MD5 | 4f95242740bfb7b133b879597947a41e |
| SHA1 | 9afceb218059d981d0fa9f07aad3c5097cf41b0c |
| SHA256 | 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66 |
| SHA512 | 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\README.txt
| MD5 | 3d47d94bc4f19d18bcc8b23f51d013af |
| SHA1 | a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb |
| SHA256 | 6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5 |
| SHA512 | 68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.dynalink\dynalink.md
| MD5 | 7c3773c14e9de1161a33902d64854bde |
| SHA1 | bee6874bd3625623c939441c9269f9c6239a9247 |
| SHA256 | 17312591cabee3ef6c34ed8897d92e4e361ba9cea41ec00dcd61a322a8fc2cdb |
| SHA512 | 86ee77d8e129b78173964461cd27200aeab7fb6417fe0f4982d9b126ed2292216d08212be91b53eccb26dd6a8b3e1aab1d1dbab85c2133872ac0027dc87a8223 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11wrapper.md
| MD5 | b77d1951df7a8488eb84ce1d25486a14 |
| SHA1 | e35415235ec3bbcb92beeceb03a9a8e7c13a6fce |
| SHA256 | 371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d |
| SHA512 | 759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\lcms.md
| MD5 | 04a8a77cafdd6185a3506eccf7a83346 |
| SHA1 | 1acbec21e9eab8bd2bee9826353c1e768d5457b5 |
| SHA256 | 8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782 |
| SHA512 | a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\security\blocked.certs
| MD5 | 8273f70416f494f7fa5b6c70a101e00e |
| SHA1 | aeaebb14fbf146fbb0aaf347446c08766c86ca7f |
| SHA256 | 583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58 |
| SHA512 | e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\dom.md
| MD5 | 13952c46b3867103ad7d1e9c6c9e906c |
| SHA1 | 4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb |
| SHA256 | 6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148 |
| SHA512 | 8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.internal.opt\jopt-simple.md
| MD5 | 4f3f190fd212329afc39442174ca4b3a |
| SHA1 | d7e25adf223e68d06276ae7666bbc96590dda442 |
| SHA256 | 99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05 |
| SHA512 | fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\aes.md
| MD5 | 2e33468a535a4eb09ef57fc12a2652d0 |
| SHA1 | e64516f3fa1e72f88caa50f14b8046dd74d012b6 |
| SHA256 | 45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d |
| SHA512 | 4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzdb.dat
| MD5 | 2fd920c56de68f65493ba6962fd079e1 |
| SHA1 | 1e79bff02711d3dab3c75e90d4bb08f8086c9626 |
| SHA256 | b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93 |
| SHA512 | 958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\LICENSE
| MD5 | 3e0b59f8fac05c3c03d4a26bbda13f8f |
| SHA1 | a4fb972c240d89131ee9e16b845cd302e0ecb05f |
| SHA256 | 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 |
| SHA512 | 6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\net.properties
| MD5 | 385443b7e4a37bc277c018cd1d336d49 |
| SHA1 | b2c0dfb00bf699e817bdd49b14bc24b8d3282c65 |
| SHA256 | 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08 |
| SHA512 | 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\zlib.md
| MD5 | 440321d71d082c9f04a9995b613bdff2 |
| SHA1 | 9af688d499b3026ec8e5a2e266dc4b9b4884a87b |
| SHA256 | 81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285 |
| SHA512 | c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\c-libutl.md
| MD5 | 2e89a282a50f8702e52703464e6937ca |
| SHA1 | cfc22a6f5b17cd539234d5b3160a5224abefadb9 |
| SHA256 | bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9 |
| SHA512 | ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\giflib.md
| MD5 | 867001e2a577f88cfc856f45959502aa |
| SHA1 | 109c11cec13349212ba94b9f3eb7d0943229938e |
| SHA256 | c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8 |
| SHA512 | dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\unlimited\default_local.policy
| MD5 | 2a0f330c51aff13a96af8bd5082c84a8 |
| SHA1 | ad2509631ed743c882999ac1200fd5fb8a593639 |
| SHA256 | 8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a |
| SHA512 | 2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md
| MD5 | fa24b7e2a61a7045cb0c6c385000681b |
| SHA1 | 869fc0b687986ea26b8ff63c137e03c92234a5c8 |
| SHA256 | 262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811 |
| SHA512 | 2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.password.template
| MD5 | ad773cfd53efe03e662f1cf23561f725 |
| SHA1 | 3bad5b040b6d7117df4c40609ea0f8074339ee47 |
| SHA256 | 0273b6a6b9e20e6ce54c5aee70164028e0395063b2b7d39060a40b6495543dbf |
| SHA512 | e6794168ba80a8ff733d8c1771930ae8c8fc33030e5e9ca02700f326c88a2f68ff09bc734bfd1e492ef15705b288c7918ce1f3f7174742dee6a62dfe086abd65 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\mesa3d.md
| MD5 | c7e0d19c8f4eff11e97f0eb9afd3f7f4 |
| SHA1 | 6a98ee2703132e181f37d162452f073fb64ced83 |
| SHA256 | 63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152 |
| SHA512 | 9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\default_local.policy
| MD5 | 6d7b4616a5dba477b6b6d3f9a12e568f |
| SHA1 | 7fb67e217c53a685cb9314001592b5bd50b5fbb9 |
| SHA256 | 2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441 |
| SHA512 | a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State
| MD5 | bdba1dccce6bc58eed28b6a2bc148cd8 |
| SHA1 | f3ef5f6c12588e4c126fbf5b2f28915ee33f22c6 |
| SHA256 | 34c49e5963d600ebdd6cefeaebe75332eefb0ed855d636ab4346a646179c293c |
| SHA512 | 59f6b25f96f965848c783587cc0f4ede9cb4e4df21e8763c5b21a2ca1c4cdcb7a1084b8898171976ae4ebbd2987eb6041f68949ab2f8173cbb8f2083f580d5d5 |
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:18
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
172s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 142.250.185.138:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:18
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
167s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-interlocked-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240419-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
92s
Max time network
100s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1556 wrote to memory of 2424 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1556 wrote to memory of 2424 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1556 wrote to memory of 2424 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2424 -ip 2424
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 624
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240220-en
Max time kernel
120s
Max time network
132s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe | N/A |
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe" | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\discord-418076578333851669\shell | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2056 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1828 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1764,1406405331406856961,14354547430192381405,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature 'C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\temp-Badlion Client Setup 4.2.0.exe' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }"
C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe
"C:\Users\Admin\AppData\Local\@badlionnative-desktop-updater\pending\Badlion Client Setup 4.2.0.exe" --updated /S --force-run
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "Badlion Client.exe" /fi "PID ne 3700" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Badlion Client.exe" | %SYSTEMROOT%\System32\find.exe "Badlion Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Badlion Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Badlion Client.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | launchermessenger.badlion.net | udp |
| US | 44.220.119.182:443 | launchermessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | cdn.rollbar.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| AT | 3.161.119.113:443 | cdn.rollbar.com | tcp |
| AT | 3.161.119.113:443 | cdn.rollbar.com | tcp |
| US | 8.8.8.8:53 | owlmessenger.badlion.net | udp |
| US | 104.16.147.116:443 | owlmessenger.badlion.net | tcp |
| US | 104.16.147.116:443 | owlmessenger.badlion.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | assets.badlion.net | udp |
| US | 104.16.148.116:443 | assets.badlion.net | tcp |
| US | 104.16.148.116:443 | assets.badlion.net | tcp |
| US | 8.8.8.8:53 | client-updates.badlion.net | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | udp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | api.rollbar.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 35.201.81.77:443 | api.rollbar.com | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 104.16.147.116:443 | client-updates.badlion.net | udp |
| US | 104.16.147.116:443 | client-updates.badlion.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.4.4:443 | tcp | |
| US | 8.8.4.4:443 | tcp | |
| US | 8.8.4.4:443 | tcp | |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
| US | 23.220.113.200:80 | download.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3B7C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4011.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar414F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 79742862b18fb88cfe2b06203c6b3b9e |
| SHA1 | 1d9365894a003e43b5112c63419dacd8f37b0600 |
| SHA256 | e94b0c28327020c4cde9b9dd8ff77112c954227392423739447cef550588f80b |
| SHA512 | 7636a51ede5fb1acec52330ad78a6c678ec793c9a899f7df5a607eff1bb07d4644ad851115a38f9a9ddceadfa151c2c36fe6b19bc53219cb711b4751b7507130 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 53316bc0c42b9d65743709021f1d03c7 |
| SHA1 | 44cfe377bf7fedee2ce8f888cfacefd283e924e6 |
| SHA256 | 600d914eb6b9ffb387be5b7300ca138192a4e86c4679c9bff36bcf0364e74b36 |
| SHA512 | 9b390f6d7955413c8d63d02dff6988442cf78bbfb72e12f7deab56b190c1a7f455c5af3344ee5a1f7477d383c24e567af4fb7639ab6d9f014935418bf1cf00f6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | 62d5d73ee869a0a2654d8fd554aaf742 |
| SHA1 | be1d557c26633ffd5edcb5caf37b2a09f47c6667 |
| SHA256 | 9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59 |
| SHA512 | 8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550 |
memory/2488-514-0x00000000775C0000-0x00000000775C1000-memory.dmp
memory/2488-482-0x0000000000060000-0x0000000000061000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c47f2478f6458700756e25ca28cdb83 |
| SHA1 | faae98cbc98adeb01fafffd3f515c4448a8fb17a |
| SHA256 | 4c60c1a3f69c3811423ebab1426981ae04cc814a3986c6182cde5aebc31110de |
| SHA512 | 0db72179a5e401a4df8031d2a81409d8e545ea92b2fcd669a7d7fce1426ad2df6466fb790988eaff8208f08b96caa1bcfc99cb313503504c3b35ee025541c292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0248a686e0be68d498620acdfed1dea0 |
| SHA1 | 04517a5f7b5df88c69e2715b6820dd1c579ad166 |
| SHA256 | f347e6b45a6e8b7d712595b8f3156a00cb67911efe29b00311b4c05b863c2ff3 |
| SHA512 | 522fb112b4f11258911afdc6c93d16a189f7291489460b5e8f999ea15688a800ebe7c3a37207b34dee8a0f4217e79825c908db2a13b2c3a57c8f95de53fb9018 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e0941c3ef712e912bc012f118dd5bc00 |
| SHA1 | 67f14968d46ca7d56db1269000b5d89968c78869 |
| SHA256 | 22579a347237a66658d456cde186e74a44b38285333b1dc0c31b4459b98a0d46 |
| SHA512 | c1b54215e9fee3f812042f1dbce205a7aa2492299568d707cd3fb680048f1fd0c740e24ed50f9563ebe0a9a7e911c2a3b685fa979f4dfa32e5ce116f22f43f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-53829248454ea407
| MD5 | ffb98039924220fb33837a443cdc5f51 |
| SHA1 | 4731fbc7a581df4e0abc248aebc158fb377213a1 |
| SHA256 | 9a41ec4fbdfa1329a945cc71da90f33605f5b550c8a5ffb7de31f1dd04b095ba |
| SHA512 | e0e1011075b3da237776210fe81511177d093e8e64f3f241ca16f299a3e7198d7431b9a1a705a42073d8524ff77c7d09f0d5094f5cec689c4ba197e7dcf9b70c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29dcd7fd07e19727a73af769d35ff8db |
| SHA1 | 90198cd5baab3b4c08657a4f534a0a85e343d0ff |
| SHA256 | 0a1c49724ce7fe88607053cbcb298b04ee89ddefa3f82ef175584ce3c25d3ec3 |
| SHA512 | 3395da34445fd2aaceb61a5741e3965673203e3adcca0e30c2d7fdf85e84c35bd32fae15dad6bffe196ccc8761641d83cc7c13a43a18739d6a4ce249b7815e46 |
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json
| MD5 | d2da35e826a1e6af049f99048b4fb6ec |
| SHA1 | ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e |
| SHA256 | 21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227 |
| SHA512 | d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32091680d205b2cdd283243807c35c50 |
| SHA1 | a7731d9df9b7053bc397ae846aab76177bd71b25 |
| SHA256 | 1799657d54be1c8f54248c9dbea445ba02d708946a9d8b47c743ad38bf5f549a |
| SHA512 | 630899bfa735d64936280ec963c2b472c31903f1fbf54d87bdf37c4bb8699dda52db81acef8f98627083b7b242992793faabee65ea4251117841b2b40f13e420 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09ae742410f25f5d7ccb6c2847733823 |
| SHA1 | 9a4270275403a1aa2fa3f418b655c2ca2a6c5701 |
| SHA256 | c2d46140ca6fc88065a2a111f48671a90e5d264a45735c6fb16d29e44d48d10b |
| SHA512 | 3d6a4e047b80f50bb7f87a3e25d513cf0382580657a41e645604315dbab81e128101b4a1ea4b6914b225b2c05d8b4269d6c4b64ed59e12075156e5981dd85b92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74a23d7b204c91fdd77b73f18481e39f |
| SHA1 | 422f8b060dffc0c102f3aeced987cff49c4c5114 |
| SHA256 | 4233d901624074c00cc7dd85a219c4d705cb89fa6ac284d6e24a64e2544675cb |
| SHA512 | 127b7596fb97b39a89b4ba6d265b29f8068100a119a2efddba86e0bd4f5c6f5dc288e503dadea492055c7a3f9a7f35367e7505d097b22e496520b8752acd0b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe85b46c728a45f21d8c06b6c74dd4b9 |
| SHA1 | a03b04c534ee40be2c9419cbcd1d9a0c9e1417db |
| SHA256 | ba000389517f8f87828470574f5ff284bfa206aa7f89cbd6cc77301110f0a4f2 |
| SHA512 | 08c24340af88bcaff5d66c983681e03d9facb0b87f0ef76b7043fbb9068a554ac80a5912fb7df6307b3410a54928a860c9498063a6bbbe6a5b14498c789fc70b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51376d8f9f151ea9802e3a1cc993f6c5 |
| SHA1 | d157cf2d73d30ed470c9d1b3891067024f86e894 |
| SHA256 | 75c20dee3f3a3a6bbf23bd4bf7e81a332784363b6d723a1d9c326380d3fd5d3f |
| SHA512 | a964e97d30394fe270fb7bacea7d053eb9ed31c95cb98efb259fb859a2b26884bd2b88f959b3f38e597faa481e12e04095eef94d0763aadf10367c4f7403ae1f |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | aba36324838ec90a86f551dd8d5b8bb1 |
| SHA1 | 1b276a09dc93ca519d313c2063c12a83a99b3362 |
| SHA256 | 62c0678800b1495c125fdae39d7f3510b4437d0b4df5c5a37c741070fa160ee2 |
| SHA512 | b02d8447fbe3329b502d5a54e71167015100c97e9cf358732798797c215e3d178e5e0885c915127221807bfe7f9df40bd7be82e861d6d2e76f3ce45af8facc06 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | 4d6ade88bd9ba437e88810b2931fb07f |
| SHA1 | b8c881560099c08931fe9e389ca89e819b58bee5 |
| SHA256 | bcfcf450e16cc0950730e99ebf3e373caa2d1533608fb5e978b5b3ed74290f63 |
| SHA512 | c329230b37ddb376a5456058bcda6bad944d3ad51613ec7e3a84a71a5f8db213ed7e6dc13b0c4a531ced8a105029d215de4aa1580e686f4ab0ee6f36336b95d1 |
C:\Users\Admin\AppData\Roaming\Badlion Client\70c18255-ab5b-44dc-be48-dc70e1453b03.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\57c8da57-a1c5-4f22-a5dc-cc945c35c1af.tmp
| MD5 | f6337ef8fe190bb703d73f50e46e2e36 |
| SHA1 | 2b720a67d0ffeefc8715a83ce107f91efb0e6ae7 |
| SHA256 | e404f3c7e58f54cd4ab5bbc169c8fa71a9059ad5c88162ba0ea9fc57844ed3bf |
| SHA512 | aeb7fa616c0703fbefba33936c8c2b1dd77e03e6a96e0dc498de27bf03d7ea048448aa77f8bf34fe9241a43c42c0d87ca2b39aed6987c894fcdd7c3f81871e21 |
memory/3932-1593-0x000000001B730000-0x000000001BA12000-memory.dmp
memory/3932-1594-0x0000000001E90000-0x0000000001E98000-memory.dmp
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1
| MD5 | 36e4e73541b9dd86e0fcd81746f062a0 |
| SHA1 | 3ddd99f2826259511d6aa4eb86ead41f07c5e360 |
| SHA256 | fc3763a48770173d3fe1b36e546e276d7bb5015a637e262fe19ecf6404035c3f |
| SHA512 | d4b930146beb7ea5b904dc9c2fb7dd1bb330165e33fc8e2b68e2dde60b8dad71af3b3001546af9bb84f7e3cdcb1168ab067c0a35f282475f2f2d1d293d6e33b9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat
| MD5 | f6290118c4ede2f15bcb188c720a613b |
| SHA1 | 5e06b55d85c6a3af9b6383db755512b4ac6b2004 |
| SHA256 | 9ce6500ac068c39adf1578618f5b1a611d36093bc1e1fe5cdcea79fc9b3045c3 |
| SHA512 | 07ecdcbbef71c15528abbbac3ec62096ef4bc278123e404eaa8cf546dc291dcae0c04dca6e430545fccee74c51c54ae8ad5b3af81a2ecbb807d191b6c243fb76 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\LOG
| MD5 | cb08a4b8f84b3d81f1d8db93fbfbaa0d |
| SHA1 | 0f6716bec1c09a36ee87eff4f647e290c6e77bc4 |
| SHA256 | 9360f529ebb138b5007aeda4b196906991e576327bd45ae06faa2f9b3af2503a |
| SHA512 | 1c3a6b27547eae1b12c26c66a3901933032a7bbe94c98352139a4beee890d248e34fa292eb03387b34aeaf8150dd34e19ef2540e4d3eb10a32f71a3f6be0b5f8 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\000003.log
| MD5 | 7f2681f894a1cd39a64c48ac6e7f3969 |
| SHA1 | aecfd7074e3b4adb31c715aa1b7be70439593d4b |
| SHA256 | fde22fa01e0421169d887dc9730158ef8c3e26565354c30ed41276a485a15654 |
| SHA512 | 758b5057940f20db05263164129eafb4243d4faadcd978a3a48c3e579ad38fd78ec0d928c0496b32f2653f95165f3f39e8a20fad0d682082c5064f74753f15b6 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log
| MD5 | fa64cebeda4d8181046b4bfbafbbcb02 |
| SHA1 | 63a7e821f146c79cc9ddd976597a477fd853a3d3 |
| SHA256 | 4201d4224b3e11326ae7ac4ca375d469913c83953d05e0eef6bff97996a84220 |
| SHA512 | 75f5be1342ee27f732a4acd148ace19a659f66224413015493dc2ac952a6fefa39f0eb5dccbd6e26c4d120b35472fd52e2581b8c272c29fea584df01cc25c922 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log
| MD5 | c4881f361f2b2d805bb865e620d89be1 |
| SHA1 | 6c260c9e59d3b91625c1ed5cd05b2467551e3167 |
| SHA256 | 5c21360435eed8cc4c358d7095dba15dc2210c147eb9e20bbfb9a725041edb32 |
| SHA512 | 196262b3e8047d1f15c4b3b23908de3dba9e94bd3a6eba676afcdcfc708d133d392f2634652ca822301ffc280dc3d522598b681840bf4e486a56521e53b08950 |
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\launcher\launcher-2024-05-10-23h-15m-17s.log
| MD5 | 95166c021d42630db843f1947d24aefa |
| SHA1 | 91f93558fd124bd220a188a857082ffbcd0e2f7f |
| SHA256 | 71df7d2cccc68b0305ddaec7da23318fcb624ffbfe831ef101b5408a8ba04037 |
| SHA512 | 1cf952c841965881958c85cc9650b445faf929150eceb0c2213e846f4bd79fb1671a0498b5750aaf5f7a204d245047a1af6715e3af0b3be2458b064104daff2d |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local Storage\leveldb\LOG
| MD5 | 6dcdadf40edd2f85128edc4e94bc1aca |
| SHA1 | 156924a013358b8bcb37335e61d2e91875cc0764 |
| SHA256 | fa7c333516e3b8e894a84d6ef4a3366fad1caf3a321b75b75bc9ded426aba223 |
| SHA512 | 0f5420f13ffbf83a751c48cba39efb72b3c63abd6495f4b86df6905637e00ee6397e317e0834dd50ff3453c5b9b7d197e9404d29d41007d13c8faba70ebf430b |
C:\Users\Admin\AppData\Roaming\Badlion Client\Local State
| MD5 | c6a5a4201cef86f117a528ad481c619c |
| SHA1 | 2e1791fceb59ad7e14b05689c58bc9e741a2c780 |
| SHA256 | f0a7622c943b82f4e5ce0ca194e25b77059230dda4f607fb678e15acd1d8449d |
| SHA512 | 694e44db09f331539e753e8124fe4ad0f315a5535592fe5be36dc44c2cbef600b242a8616d6ae321cb6546f0095e803f0cc780712a8116a5c9f9035b4f23b5c2 |
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\index
| MD5 | 32fb2d47424bfe034836bbb4d7c5a74d |
| SHA1 | 1126bb34ddca2768927d3ec01c99c26a82632b2d |
| SHA256 | b110a53b9744e794d5e51e2489dda8a9ce6c394b62d3b32eb012cf2c9545557f |
| SHA512 | adcee1e7e64680e929157e3e37760b85df67cda18b378ac6f257ac6fc90975f3dda0600040dbb08d4ae89eafbea114b530580cf1e74e20b06584606cc0d2e9c4 |
C:\Users\Admin\AppData\Roaming\Badlion Client\FontLookupTableCache\font_unique_name_table.pb
| MD5 | 52b43a858c24f00363413039b51b11d3 |
| SHA1 | 4b02d3aa85d8da8e6d771f0e18c30112fca4e630 |
| SHA256 | 997db37a632e6a1a8814026d3b3febc0714383dfb26599524a2558960774dc51 |
| SHA512 | 96c017473290b157403ac87c4d5c83f9e7c80ffa694113d4c521b39525307e06b14e2b8c077a7783338830a24e31b43de1358216fd5e2acf5697b4bcfa8d8f43 |
C:\Users\Admin\AppData\Roaming\Badlion Client\en-US-9-0.bdic
| MD5 | a78ad14e77147e7de3647e61964c0335 |
| SHA1 | cecc3dd41f4cea0192b24300c71e1911bd4fce45 |
| SHA256 | 0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa |
| SHA512 | dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Badlion Client\Cookies
| MD5 | 76304179fbf6b60eefd5b5e535483137 |
| SHA1 | f5ca1a5705a2cd3df231e593dfb3741ea820cd52 |
| SHA256 | ab6c5722e81996003e350548b8a0932989b4a644d7c6dbab23a4bfaa771073a7 |
| SHA512 | 53ee111c966b9bba1c6d6ed4176428b68e003b93aad5bf70ada64b44525b3c028befb2a457892fdd6b7d232287133463a4c0d7ece62fc756afe3535cfc58b7f4 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index-dir\the-real-index
| MD5 | 23070aad9d4aa482158e8522e3456c3c |
| SHA1 | 0f4d4e96c69dfca340bb2ae1b901a4a823813a96 |
| SHA256 | f7e1270930d8335fa117ae026dab1959a4d69ca45b673a7cd58ff8e12c741ed9 |
| SHA512 | 23ebfeeea94c9983a6d500b17615cfc62219bf5951e9047f594ced92268c2699af379e77e6d06d83a0ebadd1178a12a7855cfb30c5b17b70fae2fbb8d0a19eb9 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\Badlion Client\Code Cache\js\index-dir\the-real-index
| MD5 | db61248083dbf1cb4ecee5c858c087b2 |
| SHA1 | 64eb92e3949ff45655aa7550f9bbaa0bfd5bdeae |
| SHA256 | 0f05c293ff1349be4b525aeb644c3207b4723bf07306404a06eae75132f0be38 |
| SHA512 | e5f51a11bbbebab708ccf6a01dd8c61a4bfb57b5581c97d4b09b4d640866356151a40d10ed956374d122ce821eec3e5515f156d3232da63832e73c70bd45d622 |
C:\Users\Admin\AppData\Roaming\Badlion Client\.updaterId
| MD5 | 1f5a92beeac6abcf2eb9d52db5b40701 |
| SHA1 | a12053b676287b46545c223891c110540d0bb279 |
| SHA256 | 58fd0b0009caad3725d0acc7002f55cf0178891d8b7f86d4fddc48520531d4a1 |
| SHA512 | 010ed41c3f5012c70b19001822f7c7850649149313fd345e49155bde86b15166d900f08da2d6c700c806a130625cf41de08281afd4d7a54316abc304094ea178 |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\lz4-java.license.txt
| MD5 | 0ba5044c64ef53cb0189c9546081e228 |
| SHA1 | c8bc7df08db9dd3b39c2c2259a163a36cf2f6808 |
| SHA256 | 49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e |
| SHA512 | a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\notoseriftc.font.license.txt
| MD5 | bec6f772ed2e38634da53c388c30437d |
| SHA1 | 43513d1f6a1329962106efc212457e1d6ef9e980 |
| SHA256 | 7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb |
| SHA512 | de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-console-l1-1-0.dll
| MD5 | 3463d82d90601b441cf024c92abe4acc |
| SHA1 | eac8fdafccbc1beb17386552922770bfe12ec1eb |
| SHA256 | 49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e |
| SHA512 | ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | ac3c4cafa028297da5037781f1156220 |
| SHA1 | 937c2b11c7fe4effc16e67af716563aee2419a0f |
| SHA256 | 0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40 |
| SHA512 | a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 8c0531639f58f79b5b67b52edebb01bd |
| SHA1 | 866f3ca8819440e0ba67eb935e688509f86ce1e3 |
| SHA256 | a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956 |
| SHA512 | d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | d6db1a6b5087a82e766fe7e9f818c135 |
| SHA1 | d786b2d8ab10edf0e893fcfbf52b03bceb15f53a |
| SHA256 | f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d |
| SHA512 | 6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 2a3c5cbe313f4105dce8a79f533e5959 |
| SHA1 | 26e6768280c83217ccbe36f3a405381defec12b9 |
| SHA256 | 79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e |
| SHA512 | e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l1-1-0.dll
| MD5 | 4215700161720c767e725b1f7fc358ab |
| SHA1 | 6e31fa39775c1c6c60fe8869761c31148b0a8019 |
| SHA256 | 38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a |
| SHA512 | 8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l1-2-0.dll
| MD5 | 285e3257c5a12d3384cd3f5a3ae941b2 |
| SHA1 | c05f6a72b73bc7ec8409ed42ccd947f501da0166 |
| SHA256 | 8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb |
| SHA512 | f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-file-l2-1-0.dll
| MD5 | 72d542226f067dae07562fd093b0f5f0 |
| SHA1 | c0f7f85753bb351c51dd8e36ca2366a3b24c73ba |
| SHA256 | e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6 |
| SHA512 | 2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 3b620d81c727a8aba6dc6895af695d35 |
| SHA1 | 21641bc6c802d0ada3121d14c2a8de4e708c74bc |
| SHA256 | 9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0 |
| SHA512 | 54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-heap-l1-1-0.dll
| MD5 | d54e0da17090c6911db3fd0770faf91e |
| SHA1 | 5538096f53b4160ef2e91987d57d2da0ddb9b6ba |
| SHA256 | 17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618 |
| SHA512 | 680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 2ca477f1799fc97d6bd05437bdfd0017 |
| SHA1 | 31feb0b42e9237cddc5e47c3f4a076de86ca600e |
| SHA256 | e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227 |
| SHA512 | c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 55902b92bbbca7a2d11a946297f583e6 |
| SHA1 | b6158f009d98a98ed2e56d377f9c4b6323b852fc |
| SHA256 | 2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98 |
| SHA512 | 85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 8fc176a3a6550f90e73d6da8445e8780 |
| SHA1 | 5d249243678a789ce56037d0d1b36420d97dce06 |
| SHA256 | 65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467 |
| SHA512 | 808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 27a8f9e71a2f2d134c55de62fad6cf0e |
| SHA1 | b60944dbf9a50a166b71fbc58305c3d559c4157f |
| SHA256 | a319a14b76d8d67272128461f1cf53924dc2759ac72a76571f8b31e2f737553d |
| SHA512 | 3904895242acccec14feea4b7bda654a0eca3ef716df560764ca28f97eaeed10e94f5a0d46a633fa0671682188e4bc7b99b13649354bc26a88ca8211ee36307a |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | ef80685a812d9c252de35fc9b38bad11 |
| SHA1 | c641bf0f41d0617b25aa20d63b033236ad3133ac |
| SHA256 | e17aa51c5520a623dd530889838c54ddea91e06e235003833e019095f5458ad0 |
| SHA512 | 431ea4ae368b2cf55542ad614cca8e24fa2cecf0c5163bddc3742412a6e43f53ee69d7cfd1931e59eae9ee8671598ea35d0936850e6b733af14a4a5ecbd79437 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | ed69bc0f310c5ce427e25973a0a52c31 |
| SHA1 | 0bd1683418c952490f6a791a044b5840f5dc90b5 |
| SHA256 | 6bac5963da125b3e314beaef5903d37316e162eb92e7c0f0b9946044eb0bde01 |
| SHA512 | 4fe23992c6ea37a2f88cd2e3519559b08cb302f51f35b1524816a6e29e1412c2e6e1a214fff6d6ff50d0f7b410591abd57fd7a87c987f18106c6ec44d991666b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | d2eeb9f6789213bfda7fe6bcb2a1540a |
| SHA1 | c330267c8abd56c04204deee9aabd566268daf97 |
| SHA256 | 0ec2b6ee5e8ee5ee22b810795d097dd769ef054eb394355eecac1a1fdc18c971 |
| SHA512 | 7795e972f46ec84cb1709354a40684593947cbf6b4df373cd823134a0b2deec7e5dc738a74c13c2accb74c467892d9a2375a96ab85147ae42fadc627a0f7e2cf |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 46361d1f7b60b86f128f4e23c95cc3e6 |
| SHA1 | 8c621d8dc4ec4fe3a9f40d25ba3dc26a19a02994 |
| SHA256 | 978419fea728f20a4df8046e75b880343cd425548f8bc38e8c0a6e8c315c4310 |
| SHA512 | 25f033816b7dbd387134fbf72f5c6ee351bec480a4975659702b0912d204486826e64612b94646056d97111612fa8a322547aef8755469f8a6edc45fea534322 |
C:\Users\Admin\AppData\Local\Programs\Badlion Client\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 210b0178e7aca6b9444e2d10ac6ee054 |
| SHA1 | 2ea3c9d780f6c3dc60b6247b3fb0dd5a8dc638f3 |
| SHA256 | 7857b0c9c6517102ae5e047d7fe1cb0f85424f1ea01fcdc66afdc231f3127906 |
| SHA512 | 3b3d10262bbca6559b2223be60f0d61a77ada9c147b167641de58b418634963bcdfc37fb4b11cf65517f5a3e29adb785e83c379a056c4992ffa59a468ec393f2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-string-l1-1-0.dll
| MD5 | 7f8e52ff5a64d2d471413e288a591866 |
| SHA1 | cefad6219c916307e0bf7ef1382512c2cd4c2d5f |
| SHA256 | 952b0ef3b3cc8d15c91e4e6605d49ea6bcee1459f465b99dd22decbce69012fb |
| SHA512 | 7e9025f0eee30552e24425c0d7fe441264a905469755f2aa94863d68f8d53da654a83b4146695d0320f5ad3538a2fd716619baf615d9b29d8767ef6296088253 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 599025b219fb4f70b3f93eb0d4d12bb1 |
| SHA1 | c1ceab162231476cfa9aa35a54400f3d959369bb |
| SHA256 | 6defa74d4bf10f95815d965547065b5af5fc4154d93757735ebbe6aeca570ba8 |
| SHA512 | 1b4e6af508ac9d353b0e2d02344181ea57ee654f505e04d3b6a7d758fbc0a72875d72ec185c138e69e1d7dfee3459e96c64cf6a2436db1c7425748556f99b922 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | f58fd490561921c154c31c05bbb63a3e |
| SHA1 | d5f009e7cbb070b35ed81acd68710716bf971b7a |
| SHA256 | bc7203c7c0c539fd225701e39f1e430367376cd580af52cdf9dff680046027ff |
| SHA512 | 8389e2834559681accdc3ded3a8be06028e5e3fb8d62cafd218c545dff052604bd0b0c14a4956eeb7653522c05b45d05d072e44c4f125b0e5567d3a23318e8ae |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 8f469c5b261e003ed991f570aea8f29f |
| SHA1 | 848046907a02d605d53a31748d8dcca18d11259b |
| SHA256 | ae460b343b6fad12d26feeee14e68efb97e59686dbd2cb22ab228619508944c6 |
| SHA512 | f393b8c9ef4cbd6f660093016fd5a3267b5afaf4c26262f2fc3c52351c697ccc38744e530f779707f802398aa01a7eaec191497949d2c1fa5b34b8d33153beea |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | f2d0493794b45c6a2629fc9c5c80f832 |
| SHA1 | 12460ab8f625ecd0e0a02b4fa82061c2ff4644b8 |
| SHA256 | 8c2d7b0dca0702b8f1870c9c404f41e00624132b239deb7917096dfed8ca1507 |
| SHA512 | 4f44ea443413c3709c1521de0b9dc5c05ef9a4f853062e44658d7bc54663115afc1f04927797a5406b388cd5c9e226c9fea1f73f0c288999105d9db42fa257e2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-core-util-l1-1-0.dll
| MD5 | e0b524ff31e7c651eee7d83b1c7cc2d5 |
| SHA1 | d29f001b843e452cae91a2d01ef338373fb24763 |
| SHA256 | b4afba280abaf5dd28d92d452b958e440c88a26ab7359a3200876a35775a33b6 |
| SHA512 | 4d3dfbcefb85b8d6ef874cfdf04594ea4d6c58ae7de544588a9cf8646897aaf9b46bdccfe9e6f7cd87d00a58d5c595973493fa6cd6d82266b1a27736d4e15ded |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | d2de2615f123ce2bed3332d505a99385 |
| SHA1 | 9f2ea75348020d271222fff7984c8ef21aee460e |
| SHA256 | da36262bd3865024a6ec9726b8fcd0764ef3ddafe21387314c0bbb89a478e4e9 |
| SHA512 | a5e99e724a847c2193ce052dbedf0cd19a8765e3561ec028cd28e5972c8f004e257de0d5dd3870d41213a6cc84492ad488bd05106d2b5d3aa19f808eec820d51 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 66a41a8156a7f9cae4a7977cb8084fa7 |
| SHA1 | 4c72b0d8c90daf993fa0371269af04703a81fe4d |
| SHA256 | a454bd7a8fb18d19e3264855ec7ade9820b54fab31f9528bf1abc8cfe32e064b |
| SHA512 | 989ec1a0deff20bc9b3099a21bf9d45bf821e94eabfc1b18ba4ece1689d0cbcf83b6206bcf64530a55aac1d4165a54c395f8db17fe5d68778082dfb1db4f0d10 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 89abe10555d85e9bd183fae2c37d7aaa |
| SHA1 | 05c72b53f7d7b0667ff6cb14255e5c6453f1f35a |
| SHA256 | d524f5aff8a3deaf37899187fed40b821c5e79251b99d0a8571b62ad87adffb2 |
| SHA512 | 7b9c38e5270c401acb1b51ccf82ff0249671c4df905c31bc934d8d0b15a6eae22d3d82381199e4d61ac717bbe72726bd2f9b6c4b2fc930b39ec2c31d9fb1147d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | dedf6460cb6fc8229b3e889d1b32f75e |
| SHA1 | f47e35654cb90ed4505ba49a92b2fdc661c0fe8a |
| SHA256 | bae857fe8e162640032aa8d7a88217a021810d305bc58b8f27409155f2299adb |
| SHA512 | b1ce0119c2eb87ee36fe566477d14d317d01465319b72f7afd2f83a88f82591afb6f795eef76b20c0b13060530f67a4dc07923fd2f61922fdea06973c70f8352 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 7dbc1ca1f1103cd971a67709d5203dbd |
| SHA1 | 717e689b96a5d029558e7cb663d5c7cda840b780 |
| SHA256 | 88a6dc7c08725b447dd1b7061990977246dc62b7282dfb50fa36659627079fb1 |
| SHA512 | ec58c7bb26f669f5b90731ab8c787b3b4e4131d7a9450dfae4d74ef24541a51c98ee8cc71dd4744a242dfde2f75feb216727daccb18bf745e2539546fef746d0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 21f5271a151394a654b2f1c44fc44049 |
| SHA1 | 1d2f98700ee87fc747b230b908fea133b730bf0a |
| SHA256 | a7a987527a2f7ad4474cc5be04e5bbc10375e072573b13a2cf3fe705789bf822 |
| SHA512 | cc46e3bdcd25f2d72802581955ee69af97781b19a40a51fb318206ca6916f188f40dd94a7a5e6bc2c4c2ce211229d03e50729b168ed771e52cee188d0c30638d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 514a74d1050e7bdcbb1f422fb571c351 |
| SHA1 | 5a82976e2456fe3f215316a85301460c6af389d7 |
| SHA256 | 62e97230bbe85c0e2930d16cadf830acdbf9f2bccedd3d51fa8ee0c5102ac63a |
| SHA512 | f2b19fe5fc4f95ec3a1b0d76e8e6767234c83a8b8a08ec6a2ba9b3620c08f67132fb7629235aee27ec172d6efa5260209e005564467abe3ec06f1a7756d21da0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 3e4803f97b89adbaa575b45aac0dd4b8 |
| SHA1 | d810ed1486f86494828a8cd96f774881a629b652 |
| SHA256 | 2fb9611a4227227d30bc9b8f6d389cd12bc9b38b325d23675fb737470bde27da |
| SHA512 | b9824a29e712ae65b27a4ecc68bad7f127306e7c2267e1ca9704c09e15cc6faa0aa7649118d169813172557b6375b72f8e88a587e79bc97f1825b8cd4c1c2dd2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 3d2b4445b9fafaa0e13ae0e126be2669 |
| SHA1 | 3b24c99469ef9a35bf720e711a0b022f2403be22 |
| SHA256 | 6bc27ea87e05b365c74b093f0256d1acf85113ba356ad187886d8adc07526398 |
| SHA512 | 9641d0d9470abc256f44c9d3881a42a674b41992dc25b7bd048a9e2b8d3523de9626460a9f73f2907f73e0be80219c913d33c9684664d6bd6642c06029e5c44e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 90d42fdf308dfd771797dd41585d3baf |
| SHA1 | daea1f05092de97ea558de14b4e112ad48b77726 |
| SHA256 | 404ff7454e8dd3d766e433def1780a265ddc87a07981d223d241a528cc78c0fe |
| SHA512 | e8f35f6087b9601d8a46b2534634f24a2841ff2cde9f6b7bc10326cf2197e98bae9c6ddcb2e53e8f81a984019b72080d1e826731fb6d7c28fdb47373c1e474f5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6856722db8c9e3dbb7fc62938ad2cf1e |
| SHA1 | 6d1aa306d7793916adb30e9aac451b2e43516abe |
| SHA256 | 3d077c3cfa0a54f6f58814deee22d3dcf4bcaad44ae405b8d31552a9afabc086 |
| SHA512 | 87a3c82af000fc1cfee5f12f01f077c2c87638245b2784e8827c587985f8c0014685d0d15a1498a01dcfcfe717cfbb9ee64344ae7a78aa75bdb65e2a0aef07cd |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | dec83f473e43ee78e92a4b682a9a7904 |
| SHA1 | ce5e0479c78ad6ffa7d765479a7e1a7157eca4a3 |
| SHA256 | a5c05a8394c5aa71441ac18e945170a755d1f1ff141e614cdd92dc5737426a5b |
| SHA512 | 60bbd86035bbf3f80c17a01fb44ea5af5c84584a8aa5f34a7e0abf989ccccf8d40bab4d44af364c8ccf62ce4e21df0ed2c51bb70e817b2bf9c5319dbfd4100d3 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 88b5f9bc871438973ef12782e0c8d12f |
| SHA1 | d327208b4f26c1c6f0e9df50ecb22a89b426465d |
| SHA256 | 4691510b2bc2ba15b638a0d1765c2a8826a8b9fdbe3737989d8fea072fe7c20b |
| SHA512 | d4de343a88c9933af67c4599d308f31332ca7a3ea0428fbad2d60e2fa2165eca9ea56410437be1154c551e7263dd6a5773e6f7c4dc5b6952e8b767a3c5b16597 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-time-l1-1-0.dll
| MD5 | f862bd9516845b31973ba98e9f1288b3 |
| SHA1 | ada580fc93b4f5a86db92e1d612293ccc21c72f9 |
| SHA256 | 72d31abee96fb3ee1d90afcf11fdc54ceba131bbb912b994761f32cd7cfc3ee1 |
| SHA512 | bb442aab30bb0d8797586eaafa53a6deaaaff19d41342b9fb828c87fc468d96953f8ed1123ace4c4d371f9eed91c2bf2c42b1d8ca92bbd0a89bc5a27a877a15e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9975d1ae7b84b373d9095d757172ec08 |
| SHA1 | 302edb92e0a6ee621379528fbef9dfcc249b9285 |
| SHA256 | 8d3df297a7da678446dc9689f64dfbff0478cfd2da168180ff41c16e1344e584 |
| SHA512 | fb71a43887ec9675a4e42f2f810d33f6ec4726de5723c935961952f43d45982e5d1156e4d97d4c0c9ac8440fa186b13e1c6387c425b5a774218d6917efbe41d9 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\chrome_200_percent.pak
| MD5 | 1014a2ee8ee705c5a1a56cda9a8e72ee |
| SHA1 | 5492561fb293955f30e95a5f3413a14bca512c30 |
| SHA256 | ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57 |
| SHA512 | ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0fd0a948532d8c353c7227ae69ed7800 |
| SHA1 | c6679bfb70a212b6bc570cbdf3685946f8f9464c |
| SHA256 | 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf |
| SHA512 | 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\concrt140.dll
| MD5 | 14b7a99127ca18df05dd1f5be3ac0245 |
| SHA1 | 991891bb1ea603a002941696697f48cfe52cf94b |
| SHA256 | 511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995 |
| SHA512 | 80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\discord-rpc.dll
| MD5 | 5882c37b79bae47a0d090006564edb22 |
| SHA1 | ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48 |
| SHA256 | 5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b |
| SHA512 | d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ffmpeg.dll
| MD5 | 2fc7f6b0abd1af4988e30e58e8310291 |
| SHA1 | 9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6 |
| SHA256 | b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b |
| SHA512 | cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libeay32.dll
| MD5 | 4b8269a6ec04ec8ac23904eaaee075bd |
| SHA1 | 7e58e27dfd38de0d77eb729824f10c6aa5a0b8c6 |
| SHA256 | 3c3d0df094235029e561a7813aa5835b25a8bb7b38dd77ef8acbd335f6db0485 |
| SHA512 | 82a303b1e5adb8ffaa86c99fd63c533841bc9e3237ea3478584411dd92d60ea573ef063758747ff0497d58dfb085e014be1b234b5902face23a29e842b095d1b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libGLESv2.dll
| MD5 | 640a515fcd8e5d5a332c1d40c47700b0 |
| SHA1 | 0128c9d499deb7866f3d7aae0adab69d9a8f768f |
| SHA256 | 927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1 |
| SHA512 | 792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libEGL.dll
| MD5 | 1ed91477a02e0e2a64e5e9f26bcea438 |
| SHA1 | 8058c2bd3342d8d882768188b1e5c45567a8dde9 |
| SHA256 | a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03 |
| SHA512 | c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\LICENSES.chromium.html
| MD5 | 27206d29e7a2d80ee16f7f02ee89fb0f |
| SHA1 | 3cf857751158907166f87ed03f74b40621e883ef |
| SHA256 | 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab |
| SHA512 | 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\msvcp140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\psapi.dll
| MD5 | 80050af28eb0070a582b33470d20fc91 |
| SHA1 | bacf5fdb74ef5fbaf91d0475736d566ee3babc18 |
| SHA256 | 65e42f8fcd039abaccd6aa815d237f1d6f7ee2067457c8ce235333226cff16b2 |
| SHA512 | 780cc5783d93fd8e7dfedb291f384be4fb1c4022bea22dce991b360a2029ae42f864c540af3d75602a9975e3b66324a3b5f3ce4582ecc32918c35e00f3abf68d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources.pak
| MD5 | f616d69f6e582582930d06c5c18f0f70 |
| SHA1 | fde8e2653f2a5317492105bcabeb3565faaf74de |
| SHA256 | bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855 |
| SHA512 | 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\snapshot_blob.bin
| MD5 | dbe18c25f68d40444ea576a68e78a12e |
| SHA1 | 44453e3fa8400cbe6bb674adaaad4ea09dab0e14 |
| SHA256 | c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c |
| SHA512 | 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ssleay32.dll
| MD5 | c87e22c79b0653a27e0f9e6b1a9ac8bc |
| SHA1 | bd37e85bf38192614d2b8fb5048d7e9f38eb34ac |
| SHA256 | 4a53f602f4891247dec42ce9a79862192cc80e12f40e6b4bb0a8db25052c8132 |
| SHA512 | 97bc98e134636bff81bbfe3275141106377fa4dcf63bd191151a8f6d1c5109ac49eae81a89bdd90e5e2e5aeba274d673f646c0aa65f3dfd673ec2b23067417b1 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 89f5b9dc2c1eccfce7c3681b8066125f |
| SHA1 | 273175d93ae554da7f63a6475426a6515d0c8cd1 |
| SHA256 | 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91 |
| SHA512 | 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vccorlib140.dll
| MD5 | 3d8e0ebbb613cbe80320a61259d18514 |
| SHA1 | a69747866b33159ee14eecc9ac19a0ad1f1db4e5 |
| SHA256 | 8a442077df17ac412be9072a91e4b2b39a69f1aed189034d34fdd79956d3d6b6 |
| SHA512 | 83c72e2db25b86de925ad9711a03943fc4801f77d6950a23917898e877faa3276cc2c5e8605cc0132e48c1bf66cc45b172578f77d075746ac38880257e579660 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\ucrtbase.dll
| MD5 | cca4929ef8dd988d7221ef6ba398f1b5 |
| SHA1 | 1d21e60e56a15038702dc18148be8cecee279890 |
| SHA256 | 4292c29e74d90aef21bbad50e8fe25858c5990846adb629372ca6fd717cd0ca3 |
| SHA512 | d990d1370201541e7a1e1ec9b68e40a984d0195847010919148d0de80d2a2c51bcccfeeca59087fca95ab410c9e170c4585c8daa1383f1383b98500d797a41ca |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vk_swiftshader.dll
| MD5 | 76d3589242fca16d76aff52910e72d7e |
| SHA1 | a88a7495f71b718e127bdfe09e7a279bf05bfceb |
| SHA256 | f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a |
| SHA512 | 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\VMProtectSDK32.dll
| MD5 | 17011601817dd00866b681d4a0bd90f2 |
| SHA1 | d6ad7087f54182b47a9a6776fab90cb03e95f80c |
| SHA256 | 6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927 |
| SHA512 | 1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\VMProtectSDK64.dll
| MD5 | 6540242ff58d08c8849268cf305445b8 |
| SHA1 | ba0d0c8875ed96f137dcb28aeff873373b994eee |
| SHA256 | 889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2 |
| SHA512 | 073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vcruntime140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\zlib.dll
| MD5 | d48c270acab962aac5d222abee92c39f |
| SHA1 | b23f9b747d859856fcad94652ebd07284fbd33c4 |
| SHA256 | 809dd3e4ff98abf54aeac27cec2e0c194550bffd2f55ddfe725ea109306ae49c |
| SHA512 | 32a83196ec83bcaaabd83923409ac98201785a3915293187718d61d2cc6f8b51b10e0c7c1ce765524a8f800a3bb52dcbed430d143fb3357511644b6b666d8ac1 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\vulkan-1.dll
| MD5 | 9663210f63cbf7a8d6b36a95d93dd119 |
| SHA1 | 0fc5c50984b2c9677b8ebce4d4518c1322ce4145 |
| SHA256 | de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88 |
| SHA512 | a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\col_resize.cur
| MD5 | 23633a8dfa3548705f28c83ee9584d6d |
| SHA1 | be5dd224d071d965bc0411206cadf9b33ddb384f |
| SHA256 | d3b49998f6d1039bf8b65f73f5784653164804c72908a40a5cf8ea850978a0d0 |
| SHA512 | 5b0971bf5c7bc17ae746c88e4fe3f0342d9288f8feb3ebc106b6a031d62b48af8843af0079a18c7ffe4a2200e9d6d58f92f1d87987a068bbf8e4bf7210153782 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\copy_drop.cur
| MD5 | f92d1851a489b0af7ab807a2f07ebe16 |
| SHA1 | d97c9d7ab76993448f6240322140dd23c756b6c6 |
| SHA256 | 18920d4ab5cd0b654b1e8bbc33fe5278907514a1b227f701a16b9a3309ee87ab |
| SHA512 | b4494c8da0734ec69caec38324c6b3b91e898ad8b25c9d7dee9ca56c41cdec768c16efc10d71c856a0bc633ff22cc76cb01ee8ef887899e2486fb7f78b340a7f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\col_resize.png
| MD5 | 0723c45d9f82b0e31a1fee26b9b4f53e |
| SHA1 | 5608c3c92d70c61f597d1f1d3aaa85e72ebc4dcb |
| SHA256 | 6ef1e382e5e2472e8426a0f486ab51fa2216cdf929a3b737f78564a8ad57b1ab |
| SHA512 | 326f31b3e25c11fee7c28040252b5eaf183b0380ef87033134ff032eca4d90a28eda08837af833e0d5c9ec06d7e63053f23c64d9fec5fda0038c27546bfc1932 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_out.png
| MD5 | e1a004a51cb04c38f49184333a23379f |
| SHA1 | 5b54adccfebbfe4bb96502db5370c1ab830c829d |
| SHA256 | e7133e53b0ce06b92ef48dcd5bbce4f3d36e6ff8bb69193d3df40c4adf1a6814 |
| SHA512 | 7506d9998cdd5bb75c8b142f8231009f15ad0548a52a037b78b98eff427b50a2a42c16580a53899cf5dd2b41abfb51eb24223c827e5e277dfd295f5510d4424d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_out.cur
| MD5 | 48b46c3e0650d525e715cf9cfa6c67e5 |
| SHA1 | 1ae6e82c4aae58c7e1cdcb1e5e76ce8973f8774a |
| SHA256 | f3829987f7124f73facf282354553b6ef8d9b58b3b02384d92c45421e2443536 |
| SHA512 | e154d7fa552bc78755e6451950a159044fa85f5cea4a6a3a19a88e451962b24bce52a1b46b4b13eaa6b55b2e8be4b9eba0cf16adf1d2200f73be7dd0681b19e5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_in.png
| MD5 | 6a5fbd95c627afe076f43f9254dfe3ed |
| SHA1 | f71cab57e9e80ba792f73f363056f6dede7c8bcd |
| SHA256 | e910c607f60fa385d67624fc7449a05b419718f60a6b93d4be79d6a974bea522 |
| SHA512 | cf73a830bdf76f319db8b34ec8daf70405cc52cee7fe03d4ac75cba1859d007e30993da1c123e13deae6de09e5b234a9dfb02089d546601964d26bd597949b8b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\zoom_in.cur
| MD5 | 77492cf358d8b12629399322926c93f2 |
| SHA1 | 8291ac3dad4e4f33183ccdfad7b92b1594c760f9 |
| SHA256 | eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872 |
| SHA512 | 6c8652770a041084a88f6a535991224423c003ac2b6b5949b515dc03b0187fb4a6cfdf3f39a6279e103601d991e95139e6ef8352e68e5dfd85d99c078e0b4f0b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\row_resize.png
| MD5 | cd9d05d1ce7c942af1ab5e6eafd0a13c |
| SHA1 | d3dc6b0df04e3c6bcf6166984e3738a7651284ff |
| SHA256 | 12f76ebabda00b84c395cf989b92e0870c5a3b678bd6f5ac90b8a6820059e28f |
| SHA512 | 7fa9b03d668d5232b10fb6da719399d808cff95592214c8adc1d00210e4826545d49ccd4c0dc5bfea099db1c8ad4c183778ed2f6517d81b44817a428b488e900 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\row_resize.cur
| MD5 | 70618f41c70238453a7d876bac5ab501 |
| SHA1 | bbf033428d8cf562ac3347440848b1b3ed1b65a2 |
| SHA256 | 241ca59e728f9faaa3ac9c626f44f8387a04699ec1bc468ecdae04c53ae2df04 |
| SHA512 | 513dfa3e15b887f4e785da9dbe04cff591a4ae3bc6d5f4b14d7dbfd3695221f6448b0d67132dbf80b1e36d9fbc2d245df23c1135d4dfa33edca3706d23bc89a4 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\move_drop.cur
| MD5 | 63942f237ac6b11d62adf014d2cbdfbb |
| SHA1 | f8b582c7d8edf28c2637d5f0f27f2586cc92bce8 |
| SHA256 | 1ba52f630ff570480f920d13d04b7cf5e4d993c68b5f4d183a6c75c87bc22b6e |
| SHA512 | e87f7e95e49513ccc75195976fe8b8926269bfaeb766fe816fcc0de603bb55b936ce1a59964022e7438c0c3b41bc28abe323fbaff5b0a4583ed9cbf24c450fd5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\link_drop.cur
| MD5 | 66e13793e687bdb92c09e0ae7964e194 |
| SHA1 | 71019343b1747c19503e935aff3c7aba1fb70541 |
| SHA256 | 49d5f9b95e9968ba54ef9457f89386fbb29d7492fb9db1af920fd3433aae4a67 |
| SHA512 | 19dedb36b972ab005f01deb6f1eae1b9c0609f3312fd3f70dff93285390fac7b535e5d181f4a7cb25bd4f5933538ad7ebf44154f9d6d3eb04e412144926c4143 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\invalid.cur
| MD5 | 2f8b93325987b4eed575ffe251c67751 |
| SHA1 | ad1c4ee2358fc0f84d2ac2d17890822ff51ae725 |
| SHA256 | 669c9cfd524f924b4358caf1fe239923473e87e2a01f388fc5247a60fb6253bf |
| SHA512 | 307e2608a66357b2dc296492a0dfa2b27c64e9d1b2009d9370c76ed7b24c8115c3dfdd675bea3c244c3a07d672fd959c3d31b5c8134d1591c0c554adc4f4e405 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grabbing.png
| MD5 | ddbc22bda750215abfc73d75e1105b17 |
| SHA1 | f8dc1196227d95b7630dc85a3543c6db853f65cf |
| SHA256 | 0e6c5b2ec6b01b9a0c52dd26dafd1c969cf073c6d47e9db8e53fa05912f73cee |
| SHA512 | 5d1a6e89a1a96988230cf30fb156c166e26fc832affc5e7eb39ef974e69008403d54463a4b4a40c55c0ad8eb90e438c31a880f613d1ff42fc966ec961d396240 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grabbing.cur
| MD5 | 8605cf2c21985f59d2480da72aebe3aa |
| SHA1 | 1b8137afa3dd66c23af9e40e75339d2f0174aff2 |
| SHA256 | 22e823e71c106f338d42932c13c16e05a8310b3bdec18a89cc5ca197408cf11a |
| SHA512 | fbbf45bb20f27c9faebd34101db1918c2ca0384a27e6502eea59c170fdc553ad2647ceaabf82cb0dc5662d277ca6eba70c6b615c79218f3de2e5822299399c76 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grab.png
| MD5 | 7be75a54023adbe7d6b48260e4e8d032 |
| SHA1 | 81f20b4e0ca495e393748e0054d9ba12b6179196 |
| SHA256 | 8d8b7205410e7d0e32bd6b81769d7853025f5a1b2235e93088fd327c039e6b1e |
| SHA512 | 2724620cb131b175b22e405bad2c7b6f2b771cae8f8402d85933a93aad409a6d5d2c01a534ef4f10900130eec6e394b470c2451ebbae76a950f15c46229f80d0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\cursors\hand_grab.cur
| MD5 | 3f37213b8c0a7374308b2ae99d4eefa2 |
| SHA1 | b72b9901b3fe6fc8693d67cc5e419e494afddbb8 |
| SHA256 | 3df4009e28e365e1666c868aede15239c75cbb6cf710cd691997b722c3eea7f0 |
| SHA512 | ce33a5698bc937ae0ba3da69fe7d4f9e15cee08e45451b7a21d17b5a2133a1b6579d622bd9a749612e15359abda4871335d60ce47545699326648df8b4b6fd36 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\caffeine-2.8.8.jar
| MD5 | ddac1f8f76743255084022ac6f06b7cf |
| SHA1 | 298bb2108157513a39a1a52a686a1fe8b57cc973 |
| SHA256 | 7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73 |
| SHA512 | 6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\disruptor-3.4.2.jar
| MD5 | 6895a3c4f54cf92eef6530e9e2cd3c46 |
| SHA1 | e2543a63086b4189fbe418d05d56633bc1a815f7 |
| SHA256 | f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0 |
| SHA512 | da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\optifineinstallwrapper.jar
| MD5 | 8967319339fd7ff2a67b3a9eab3e4b93 |
| SHA1 | 03e69508f50bffba71390c367fbc5e8c00d07335 |
| SHA256 | f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0 |
| SHA512 | e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\joml-jdk8-1.9.25.jar
| MD5 | 9b868b921d0490b417bd594984b680b1 |
| SHA1 | 7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da |
| SHA256 | fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28 |
| SHA512 | c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\libs\lz4-java-1.7.1.jar
| MD5 | d56d86823662a663a4d614dd5e117eff |
| SHA1 | c4d931ef8ad2c9c35d65b231a33e61428472d0da |
| SHA256 | f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac |
| SHA512 | ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\autotip.license.txt
| MD5 | 5b0b97f483331418e30c469af896d87b |
| SHA1 | 3e0ae2526e0f2809c81d524b8507fb64fc2bb4ae |
| SHA256 | 09716796eb67471c518f3f4e567377d5ea5179c36e10bc0b30afe1261b770442 |
| SHA512 | 5882826f7f2c9921d5c309aaba79ea30bf57f95816058b2f1c26c3ec9848c8dcdae91d58512092dd7647f41f74f57975aadd9d048e18d8567dd3ed8a5b28b12b |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\badlion.licenses.txt
| MD5 | a2ed77a24bd53e33a3fd458d99e9be0f |
| SHA1 | 07af4fb75f3122867c9e3255ad6d1e11fca88808 |
| SHA256 | 803a15fe94c8ab1f4adf1a62fa043d414d3e4c1281c74cee57e6976474bbba05 |
| SHA512 | 8649571f5670a36e7fd011e533c394b0f28f51045abcdcb3928d731f02366cbc286b88cb4463d86e07e92b967d81cacda74a58f658843d89669045530324524d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\autofriend.license.txt
| MD5 | 318bceaa1151b1b6bffabad8dae01498 |
| SHA1 | c776fc09a2e25058149deb3bfa163c0053860a90 |
| SHA256 | ddae5748ee219e263f4239460d07d38a10852fc1f6693fe2765e28037783dd88 |
| SHA512 | 60c8960d6fdeb04711f6aa2713a66b05d3f7008ee33c4d762fe30f98f266b81a6c198a68aa0ea73bcd1ff4eea88db56ccd1a680c11db4ebfc444896da6b80a7e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\aperature.license.txt
| MD5 | 1837a1eb671079c67ed2724719588c48 |
| SHA1 | ed2c02b395fdeb3b56d0d4258c677a1329e78e54 |
| SHA256 | ca1baea19e60be57dccc08a4cd82e75eca24ca683980cb1ff212824a964fd6b6 |
| SHA512 | 1df4217f219e0826c07d8bd8ebfff17d2cf34691c3450c23f84edf2bb35886bc6244b1897cfcbbc6b47f4c70e1c84a698bd48177c2fbb2f2154d2c005305e506 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\cairo.font.license.txt
| MD5 | 5a540f4d98fc81713b81aeadc530c6ed |
| SHA1 | 273c8a98fc1b2709cfce81d7f6960b63326e5485 |
| SHA256 | 17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727 |
| SHA512 | 12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\chromium.license.txt
| MD5 | 8694b4a605dcd105b40d081ad09f0f46 |
| SHA1 | 6666d31977554cf9d1558cbc63c339e8b07e3c94 |
| SHA256 | 73392d01c89eff27363d32973ba9fdce354b4bd82f90192bf8773174e358538a |
| SHA512 | 17c5eb20d00902789d172c78379cc80b0c77696f3d2e076af79a056d537e2a0d68a0066a8fd132b3b7b20186dba509b1833128c2f082f2fb97058070336baad6 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\discord.license.txt
| MD5 | f8cba3d1a6a62d09224f131fd3054008 |
| SHA1 | 661a941700833f7229cb17d206f1d25e23301a2d |
| SHA256 | cc981e3b2afd06ab5a1cdab7ced3cbb8a69145b5e2388485b806f6634313ff4f |
| SHA512 | 4517c0046d156c67f3d7fb37e5985904de476cdb75ad7114eeb2fefd9957b67b07ef1cff02cae1ea37503e34eb0d7cd0bdba03fad5aadeaf6d070855e481edd8 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\disruptor.txt
| MD5 | ae32a12a5be0d4878506f2c7927826c7 |
| SHA1 | ef0f419dca631ac1219e19af5b4a5a0875f68da5 |
| SHA256 | eaa350f6f6982e086b1ae1c3b70743d1f3653164b4a4832f02d7baa134ef028f |
| SHA512 | a80642b73b5b968c1e8b44449972449e17e6c3e46c2beffee1d524faa363b48d2540c0d7db6289183065af975aec1e8c45833ac1e1cd3e2c85f5fdae955791c1 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\ffmpeg.readme.txt
| MD5 | 46efd225e4f70c87659ee3728c4cc352 |
| SHA1 | 3772c422a0f862d32a0cdd082479e432051f17e6 |
| SHA256 | 20243b750670270b8cb8cfa8b44f120814751d744c973ebba52284968b602544 |
| SHA512 | 3a7ab5b99537984212d204aa83b0dbce97afdbab9f8dac554d9afcd506bed6e4617e72be84bbb710e79352caeaaa6ebcc728b19c12ada7574c0817d35640664f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\freetype-jni.license.txt
| MD5 | 5db6495b17d58ad312a32e5791c61097 |
| SHA1 | 428650191730f35163e8ec78a25126869b2ab1e2 |
| SHA256 | d10f28ec38b68a33bd4deb7239ba86e2f43a26f81dfa2d53f2ac89a88e2685aa |
| SHA512 | 7520cd5dc59f6899bd542a713ca045f64a9dd90751db7e5ab197d1c8a25e94aaefb9eb8d69a6b3c9ff5b1d433c85cdd67d36cd333fd33c824ffff53bc187cad9 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\freetype.license.txt
| MD5 | 02891d3fb5adadff2546b4279649112b |
| SHA1 | 1b299099e16ad96ebf53e67391685d9d0a51b368 |
| SHA256 | 650737ec7589c35600de73b0db88dafb314f7e32e7e3cf38d0c87ceb1a7ed31b |
| SHA512 | 630d9247498b84bb53e2c2ea4165994c141791675c192860127cdcd1ccbabc80a331604c6ae185531abb0eb3fdefe6637643e0d3f11b751e79b076b5da4f30ec |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\flag-icon-css-license.txt
| MD5 | d0bc1323b617fbb4d3232b745ff45dfd |
| SHA1 | 5c11645d0455590741dacb68d3eb1d253a5ec106 |
| SHA256 | 5f6432917a260a6e8f7022742bb6cb8761b1d17cf45083e30174908041405225 |
| SHA512 | dec0dd099dd2a778f5afd129750175e42335677b199f1d5e2ad10ec2459c803e3168c6e89f44bc9544fe8a5513b85eb2d53db65b3ad6ccfe77ea0a8ccdcdb131 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\ffmpeg.license.txt
| MD5 | e62637ea8a114355b985fd86c9ffbd6e |
| SHA1 | 1eba7caf09a39110ad2f542e3ed8700d1a69c6d3 |
| SHA256 | 230184f60bae2feaf244f10a8bac053c8ff33a183bcc365b4d8b876d2b7f4809 |
| SHA512 | 714d66c4a17e6dfc1553521af2be03f4579fac64048c0b96c592177562b01fc70a8e184bb21725e11ef96a54bf466ae1abd4992b8940f0fe2c0859d6a166a2ef |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\licenses.txt
| MD5 | 4a9c8bbed40470a9ffb7db1d63bbcb9c |
| SHA1 | 88a83ce9d6734d54139ee7cbfab63253cb73b415 |
| SHA256 | c0aaf6703c87055786772878c27e8d3c4ccff0efcd088d5dcf77a2fe8146c44f |
| SHA512 | 12c3b1e11dcb90c5e4ff426c1a8bec314efeef9e5b3eca1840460f1a1fe894aca4c1755b599d460e995e7f477b69887089a93dac67da2016d8c84bd98f841039 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\lunatriuscore.license.txt
| MD5 | ee99c1f26cd4e6a2bda84ac34b9ff861 |
| SHA1 | 0327523304d63b6addb96ba18abb6c47a3fd684c |
| SHA256 | 7a1d05e596d50dfabc0d3e206861cb778252dedb87b48b9dc7dd9cda24f5dc22 |
| SHA512 | 14774897b95813736654e850fb328e7fc0a19c076417fda35a2a57e284b54fbde6619fe6a1ba953300bb54ea77ca90fa93fac4a03914027bcf186d30f645230a |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\licenses.dependencies.txt
| MD5 | 2053245129c2910e9a1a854dcf69ece1 |
| SHA1 | 294462e57e57fc416d28ef2ced053f97465e3fc1 |
| SHA256 | 9b78cde2913327cb5ac2dc6f53f430b6233c52bbf3e156e969737d87cca51943 |
| SHA512 | 1387d33cdc715b006844579b90137aeea7b9dd7899542667c988e8c565866d26f462e60a0d5b26bb94113291f1db659c08a4cb4a2f8a9ba32c6b5af8ddaab48f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\mclib.license.txt
| MD5 | 12873b817d4334eac6197edbc5956864 |
| SHA1 | 20a910d495a276c23bc9b43faa7994338f51ce69 |
| SHA256 | 5f6ad061e9e7dd5d3bfaaf8d065f14f863897c276d217c94084603680a324e72 |
| SHA512 | 0323a87ba5c5f9ac5b049b6770a78590e83e74a9fdc0076b67f3669c4f1b43db240b5a86390191d3c19ed9b6d9e9c6000cbdd970f2db458252321a5fb106ec85 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\nan.license.txt
| MD5 | 895f9d80d77e26153e48525caeb23827 |
| SHA1 | 3d7128bb4973afb706aa1f67493b537006d79937 |
| SHA256 | 0bfcb5e608c491edc1621ec2d842ce5b683e05db6b38c6eded10b0630c59d2f1 |
| SHA512 | e0c278c0da87f33202bddddf739fa5f511c0b5f3176854d4f382d40dc8cc0767e71c622368561d40a2b4a37c1a9b79fd845096073077be03c6a1cf35fc152cfc |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\notenoughupdates-repo.license.txt
| MD5 | 3a5337edcf43176e258e1a5ed8baafd7 |
| SHA1 | fe2b722844bb6331deef47fc5192c1e742ab5caf |
| SHA256 | 282d4b11d651c5fab2a4cb55568aa36b80eecd47ae3ac9f4c2c7978a3be53dbc |
| SHA512 | 8bf297651f29f33800793dcd1d9b26ddb9fad75a625514fb558e5b964eac5f8b760597d76f43feced41001bc0196f116fce12e0c9f17216d3b04569fa651c1d3 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\openjdk.license.txt
| MD5 | 8425bcbfbe27f7f8ec1e46e9f0ae0c99 |
| SHA1 | 5898367b940826f516f625dbd78fb8957f3be986 |
| SHA256 | 1bd89daf45a5b68234c32104bbe9903c6c6d2d7798d61a36f21ad85482945f7b |
| SHA512 | 0323a715e5f65027a66738c1db24d2e4f6240095f710a2c06a67bc70b59e4185bb026ce7438dbeedd6cc95af8cfc0ae9259b3aa8e7d84692bf6b2b7f5a655149 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\nativefiledialog.license.txt
| MD5 | 292e3e89db90cb0fbffba767983a8f55 |
| SHA1 | 36c4792a78a72fb5c6e315c62c4e8358b6c8d2ec |
| SHA256 | c894fd883a9af3a9174a4ee9897451d4fc9fd56c2985c872cd37eed4a44156c3 |
| SHA512 | b21c7123f5f214a0d19497f62f9cc461fba59edf64bd1c4f5557c9d2af69cb7ea6afff8d75aafbdc6631f9164e69dd547d3265d2ae8e237a9ea39ddb9dcf705e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\quickplay.license.txt
| MD5 | c3e1cf1c2620ba0f75411f66deee382a |
| SHA1 | 37f7156c3c10e3c09169697bf2e42bb7fdab27ee |
| SHA256 | 3cb66d8ea7938893173f73f9e938dd1501cd7d7f50bb091b76a681dc680ccf64 |
| SHA512 | cc445e11f256db1327701c33cf08e531a8c543567af2515ac06dea830ea24b154e46d229f56b25a94cf7f1cf62467bbf1979f4aa524dd65b71f62c4dd183f8fe |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\skyblockaddons.license.txt
| MD5 | b5697125b9a58f980344d778c84eddc0 |
| SHA1 | 9ae4fdf6d1ca59adbc2649667eb03ee12c50c659 |
| SHA256 | 6b3411f158e9c8a7f03632c2977279852a9700f636a7cd93bad8646de6ea65bf |
| SHA512 | 491a8e6a3b5495c518ff11cf4734b546a53c83e5edcd05137c9f263d77a34bb856b05bf2a45fc80519b3c1753d4d97ea707acc7a204693a0fc3b5cf5b74e54f6 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\rubik.font.license.txt
| MD5 | 1a74d7f49b7531048b89d6ee3f49e1e1 |
| SHA1 | 374e9b0f4d9efba8e93d5698b04dc0cdd73817d5 |
| SHA256 | 5797d3461e28e3f3f540ab932fb730d6532ef7233e110b96f0aed9526776c141 |
| SHA512 | 41d0fc489f4eba72bfddf70d56ba34abcc1a9fa5957fa701e88e80289fe74992be774783fc678d434a09404116b6a73f8ea9a3a36867e24ea9268a21cfca8efe |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\tiny-process-library.txt
| MD5 | 52607bf5b5dbb263092f9672eb5b0b1f |
| SHA1 | ac2b9621c7b1649ccfbd31034ebdff57249802c2 |
| SHA256 | 13c053468f9f56ad8f1f2c36ad23955953e0cd2aaa49e7e82b14001f2f322bf5 |
| SHA512 | 88862eb3a57b6a640519e88abb843102da3d98fe228fedcd1f7875fbd2fd9d6e8f93c35aafe0343b8d7e8e1b780862066327f4b9ceed74c1b7bb8c76373e1c54 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\xdelta.license.txt
| MD5 | b743e02a975dc959abb35bcda12cd4c1 |
| SHA1 | 13dd1cc3f00f5ab22dd44c40a0abb13cb4512f2c |
| SHA256 | b0b0442c47b75d2f5ae41c660574d751ccf12fcee6bbc27bde20e208802ed63c |
| SHA512 | 7d14b3253a7fcc594b84af77e9b2a053e720e9b03bf8f4b8afd82c43a1b3f579726b68ad5e688d0363ca7bee8d192cfd6ad40e1ce3819570af5c29d38e262a5f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\xxhash.license.txt
| MD5 | 184732fe7ad572cca839560f13667eb6 |
| SHA1 | 76fcece0f58b529b1ecde86e8bf8f8bb1c652519 |
| SHA256 | ef87b7b79f4c48edd555809ab0e97b780940925589b7d5f9ff26025410c87c4a |
| SHA512 | 71bc6b522b99cf66c764a7554823e7da19ea3924226d67385fbc397128b9dc781e66c457505bd3616eca31f1d93fc25d9eaf67f9c32aa4c599da4c7d2d5c6f30 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\slim.license.txt
| MD5 | b9647dfe37ebff8112b7fb0204192de8 |
| SHA1 | ae084d7c34776826e0398e73eb827682852a4b54 |
| SHA256 | 5e08a239b2c110156929d97ee61ace55adc283456c72f51052eb23e0b7cac499 |
| SHA512 | 3262527cd4df1c45decd80ce733e6280e3f08422daf0079af023a8ab2454c03cbae8a5e944c0fa594c845c2e1148cc531688ba7221f7de3c630b4a4367773fc4 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\skyhelper-networth.license.txt
| MD5 | 27fa1700231bee88a24cd306d673af97 |
| SHA1 | ccaf356f932ddceaa1c59756b2d72c5c21c89fb0 |
| SHA256 | 91b7f048db90b189dadf1db30e5cd0a95a8bbc4ab5437535815359b8186ebcf5 |
| SHA512 | 5025d7044a3ba8e4a279c1dcb5be65675d61c7bca864a5face31fe6ab7a72bc980e412054294f49629a00d6e6c4b753bd1892c991a3408ad850d12a269f5ccdf |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\licenses\replaystudio.license.txt
| MD5 | faddac7574586fc2805a9b3f3365767a |
| SHA1 | bb87c11cb254b9c7693c2e62c051a10596648ecc |
| SHA256 | eb622d5d149ea9b7ebeebededf0b20068d5471a462e0d4bd9e482c9b48f37f12 |
| SHA512 | 545a11e5c6abe6ad060de4f809865acfba9f57c91f1bd3fcdf890a599923207977f429ed3059455c36136f84a937fcdb20033b2bbd2afc653eaf3ec97da0ae37 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\am.pak
| MD5 | 985be89267e0d559bffd4b66380e5e53 |
| SHA1 | fa33e9bbfff5a89dcc26f52634561e27c1cf0e05 |
| SHA256 | bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b |
| SHA512 | 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\de.pak
| MD5 | b48f5b846d1b32f8426255e8a03b4d20 |
| SHA1 | 77272097e67ba495d73e3d82e3100237a1664fcc |
| SHA256 | 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745 |
| SHA512 | 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\el.pak
| MD5 | 9d654962e91275c7538dabdb450a2f03 |
| SHA1 | 3121a84f1035d7b44e4597ebe4857137b7172da6 |
| SHA256 | 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27 |
| SHA512 | 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\da.pak
| MD5 | 42628b87e74b0a3a7cbce510f2ef674f |
| SHA1 | c9fc502eac895690f4bd0bd3cd47b72819bfc342 |
| SHA256 | 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5 |
| SHA512 | ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\cs.pak
| MD5 | 6310a8e1c7e8ca3a1611d78b4d67845b |
| SHA1 | fa8cff4ec0b1cf3aca65e6745d9f31154dc48115 |
| SHA256 | 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e |
| SHA512 | 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ca.pak
| MD5 | 5c5c2e574c8d51a61d9e58547d89b0df |
| SHA1 | 268d6a348c22616432191ae55bb8c34e039feac7 |
| SHA256 | 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73 |
| SHA512 | e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\bn.pak
| MD5 | 5670d1c74a07e5e9bb3853307ea2cfd7 |
| SHA1 | 7cd7568d2bd4c64b8685bf17e3289afe923468b2 |
| SHA256 | 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a |
| SHA512 | 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\bg.pak
| MD5 | 7005e72419774fc1d78ba0718fca1b47 |
| SHA1 | bedcb1e0897a1a47a878bb820735d8e373a4b4f1 |
| SHA256 | 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d |
| SHA512 | 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ar.pak
| MD5 | 5209516dee9d9ce64854b70da199108c |
| SHA1 | 5797e37da5909e47e03d323abf884b573adf0840 |
| SHA256 | 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246 |
| SHA512 | 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\badlion_js.dll
| MD5 | ab83489339535b6fcbad1b70ddcade23 |
| SHA1 | 511d0cd7d8a1c153a774c919d8bb5b943a5fe009 |
| SHA256 | 2ae0528920d1c27337ecfed3719cb294dbdbcee1b6b1fb30aac1403272610d3a |
| SHA512 | 107c734f23c2eaf2214016e881f0d09ce2cd52f5ca24b376d05562cc4366352c3bc04d03fcea2c1fd9b507f3139f898cd33867ebbea11377f9a6ad5c124bd675 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\badlion_electron.dll
| MD5 | 77c88caf62ccf357470d630d9fa4dd7d |
| SHA1 | 1e04dfac643ab7284c529d60ab5be68be172d98e |
| SHA256 | 9bdd94dc645cb5044536dfbd3a5fc51535a63e32104895bc395b2dfdbc4962e7 |
| SHA512 | 74506a6a0ed1cb356a4342e5c06244023fa6712d1b4fda178d48c431e2aeb4098c5fd539c431cc859c6560340ffddfc9c2bfe3dca6a27956611ef3189755065e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\zh-TW.pak
| MD5 | 3d230011248333ed6cee72f667c8df45 |
| SHA1 | 4114f307a31516bb6309fa9fc2572722b8d93d24 |
| SHA256 | b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1 |
| SHA512 | 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\zh-CN.pak
| MD5 | 376ef5a6f076a9757f58d7b10526eb73 |
| SHA1 | 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e |
| SHA256 | f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6 |
| SHA512 | e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\vi.pak
| MD5 | a01c81f3bd56d52c205ce6742dfe52c7 |
| SHA1 | 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25 |
| SHA256 | 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f |
| SHA512 | e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\uk.pak
| MD5 | 6f2f1b073ccef426c7eb49362123f2d0 |
| SHA1 | 048921ad0cba17256e9838257d9f47969cdf6172 |
| SHA256 | 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f |
| SHA512 | cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\tr.pak
| MD5 | a38eea92c514716b8ab019ab792bf541 |
| SHA1 | cae203c3ed63807d4f2d89333540556b5e92e161 |
| SHA256 | 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd |
| SHA512 | 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\th.pak
| MD5 | 687a80e1cb637003c3e5f05d3f4b89b4 |
| SHA1 | 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6 |
| SHA256 | daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654 |
| SHA512 | 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\te.pak
| MD5 | b5e9289d02b4963d292bbb4210e9ab5d |
| SHA1 | 48382ab36b77cbec280833f587450270b5080a85 |
| SHA256 | 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9 |
| SHA512 | eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ta.pak
| MD5 | 7503d3994d48911a38370095f5c83ec8 |
| SHA1 | a98917d5de0cc237d226ad64792fc9840bec0a0a |
| SHA256 | 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33 |
| SHA512 | d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\roots.pem
| MD5 | bec29e7471bdfd13632a88a0e1177a4e |
| SHA1 | f06003491572f8c18b6c18f1857562562eb48032 |
| SHA256 | 00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e |
| SHA512 | 629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\elevate.exe
| MD5 | 59b5872248146319a464c52af7f136a4 |
| SHA1 | d6ac14ce2d602fc3bb3970554b1eece84c3f913e |
| SHA256 | 50fae753983844e20b11f3a8033ec22fbe1168170c98045ea5c6134c8050828e |
| SHA512 | 1ddb200db06453593c9e3fa819c906db6405e3920f8c703f5871a2c65cb7b17f773a90aeffc3cc7d76567739ed985dd77752d6cb9928dc05a2f737f97b1f5502 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\debug-log4j2.xml
| MD5 | dd7150b869964d8a892cdd584948dc55 |
| SHA1 | f8053aba6ad32932509c37f9d06fff2af011ce52 |
| SHA256 | c96f78d1ca05337800a323610ef458796b5b625bd248d40c6f9a6c324509f4ba |
| SHA512 | a31659ef05c55b0df2cde4eb7f3ba5e6f7152af9bdc9e70155469259bd05275a497e751aaa315c7fe2357e6a4c1fa0c42a84a7e4a7ff517cc76ea1d32aa383ab |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\app.asar
| MD5 | ff482968da25d2526453b2ce0230c73f |
| SHA1 | 932c1c3e772de162331fb4626827d8f9dcb799db |
| SHA256 | cc42e22451c3f348f04fd055e96721d36ff6d6b35b6b44d1cc4dfb35e5b17dc6 |
| SHA512 | e07cc5db3977d7c814f41dea66e21582764318bf99dd1484b0024a5060b4351b68864fc193cc4a8279ff07bc4f91ea80cbc240f7d36ee59b550175db38479e90 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\resources\app-update.yml
| MD5 | a85c6f31bef49be88b0a8846daf72dd1 |
| SHA1 | 1563fbe30087d902674e1e6d4ad5d2a94f559fb4 |
| SHA256 | 959ea658d5b7f99fc2e9c8e990f98081e019f5917316ab6c3e9e3e81e4d73c88 |
| SHA512 | 87f6436610c0519daa2580bb08d1a4ca5be5c0a803b4b9db4fd797bedacb28a78d52a9891e891b1c5efa7b09da470206506ce207b61be76025f7b99a34bdf2e3 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\launcher.node
| MD5 | a2cb408235c0d92526e20b6432587d6e |
| SHA1 | aec2b9942857fdb1ff45c699f7e198a7cb72cc2f |
| SHA256 | ebaffc8d4fb76a02ff54f993cfa5d5e90c84e18b597621adbcc51fb165532a77 |
| SHA512 | c5a36201488c5356e4efb9bda73985af74edbad158e8faf79e683f4244a8bbe8516a52a5f273bfb3208b5fe16329cb6236c1c8efb64ca882d81258aa23b5f8ff |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\native-modules\freetype-jni.dll
| MD5 | f6e10c16e1b5a475bb168bb4b32f8b07 |
| SHA1 | 363c51396bcff7216f56bb299349d5151f118f20 |
| SHA256 | 234af7bd598f9104663f824cb65d8ff4a08c33e68173f166bbbb6498de091638 |
| SHA512 | 8044efc568f19e7e2392f0e8961a82c4a650534aceb9e0b91a64b6e38b24b495d2ff830aabe3efc59e05e0814184d92878d93ad49a65f8debb4f7bdaec0a91fa |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sw.pak
| MD5 | 0dad65bd01e92ec4001c8377a3f6900a |
| SHA1 | 91353a816b6b1d0aa5bf5342b8f2bd430da57286 |
| SHA256 | 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892 |
| SHA512 | 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sv.pak
| MD5 | 03154d7a3c69ec91714c799b86267a1d |
| SHA1 | 8671e9672002c58581488416f2320005140adedf |
| SHA256 | 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b |
| SHA512 | 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sr.pak
| MD5 | b2555a29076995ccf01580f0f1b2f766 |
| SHA1 | 284ed665f078620afdd6c7d074a6f9e26dbef1dd |
| SHA256 | 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0 |
| SHA512 | a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sl.pak
| MD5 | 7a75fa0fd3ddd471cdf9b15d3b3860ca |
| SHA1 | f07e3e136768501e69e76529011003bd45fcc0a4 |
| SHA256 | d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959 |
| SHA512 | e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\sk.pak
| MD5 | 9ce4e3abe9d948f6a89759d0ab188dba |
| SHA1 | 447e5c8803d0284c69ffb990ac0060adf93f4d25 |
| SHA256 | 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2 |
| SHA512 | 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ru.pak
| MD5 | 12836eeb93367830b3b88b404449a3e7 |
| SHA1 | 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c |
| SHA256 | f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf |
| SHA512 | 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ro.pak
| MD5 | 06a36fa95702b38e749568037634828e |
| SHA1 | 9c584a9b7a0446fbc44bf5fecab71ab1312a592f |
| SHA256 | 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b |
| SHA512 | 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pt-PT.pak
| MD5 | 553594ab0e163c6375ebe75524095dec |
| SHA1 | 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5 |
| SHA256 | bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df |
| SHA512 | 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7f150a17a11d43e395f571dd23951d88 |
| SHA1 | f8b8d6f89f63d92f04156f2b44b36b6045fd3723 |
| SHA256 | 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9 |
| SHA512 | de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\pl.pak
| MD5 | 31200d5726b3d1cfbe9ac3bc7138a389 |
| SHA1 | e82f0300046e7cc9ffa13223c11cbb94d62c0dc6 |
| SHA256 | 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3 |
| SHA512 | 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\nl.pak
| MD5 | f1210067dc72e8c82444b2ad9a3f7897 |
| SHA1 | 3cf8c6fcb93a5f79fe6190aa0551d673887125da |
| SHA256 | d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9 |
| SHA512 | 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\nb.pak
| MD5 | bc1983b1c86badb361fe07031a93fa48 |
| SHA1 | 5bd14d7d7a335dd6457377fc0eaed07a56c369e6 |
| SHA256 | 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d |
| SHA512 | fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ms.pak
| MD5 | 53e8b7262db4c5b04ba5b39c07eddb32 |
| SHA1 | 9cb8946966547630cee42de04eb8604e6bb5af86 |
| SHA256 | 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a |
| SHA512 | c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\mr.pak
| MD5 | abcc39abc488cdbf73e44f53d74b15af |
| SHA1 | 982f12328342eddbacfbe45be577d839568c96e0 |
| SHA256 | 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54 |
| SHA512 | 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ml.pak
| MD5 | 7dabd95b96d90662432026c0a9ae1c22 |
| SHA1 | 49eb49428d642bd906aed9b0b69870a843326efd |
| SHA256 | 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5 |
| SHA512 | 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\lv.pak
| MD5 | e21a8a96d9f17e1f9e3ede2cb66eea9b |
| SHA1 | e3f456b5d238ce2095e7a51a4250fe26c361bfdc |
| SHA256 | 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090 |
| SHA512 | f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\lt.pak
| MD5 | 6e6993270327064cad2ff0784f20585a |
| SHA1 | 924a2ce4fffee99f29cbee875cd5abab2e814888 |
| SHA256 | 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434 |
| SHA512 | f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ko.pak
| MD5 | 95239fdef6e852df2d2e9d52dd99b622 |
| SHA1 | 360be5e62ac4573ee1a6bfa7effbe245c039862d |
| SHA256 | f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae |
| SHA512 | 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\kn.pak
| MD5 | acab21f3fafc58f1f42016f33d032158 |
| SHA1 | 682f11e3c282724093179c85a7df7d0992495cd4 |
| SHA256 | 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f |
| SHA512 | d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\ja.pak
| MD5 | f8dcd5f1433d83464b44265449de812c |
| SHA1 | 47763205f105e19cadafdeb1cdec6f45001f2c58 |
| SHA256 | f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b |
| SHA512 | 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\it.pak
| MD5 | 812115ccf85cb84b2ea167a16e16587b |
| SHA1 | 317e50a1c4c7d8c46554822b43a81a0d8237dfd6 |
| SHA256 | 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37 |
| SHA512 | 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\id.pak
| MD5 | d0517c1bf9a89e06ed2b510b9408e578 |
| SHA1 | 71494250010ed09b55f3879488d4566808a8398b |
| SHA256 | 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3 |
| SHA512 | 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hu.pak
| MD5 | 14d81146ec6e0ddf4b14fa7b2df372c3 |
| SHA1 | 9c77f0f0c959f2cb21e283b352176596a77992fd |
| SHA256 | 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568 |
| SHA512 | 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hr.pak
| MD5 | 7bee03725ba9ace3cb2aaf64cf0c26a2 |
| SHA1 | 076f0ce744bad1cf242325d5b2378b501e069d38 |
| SHA256 | e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941 |
| SHA512 | 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\hi.pak
| MD5 | 361f04e0a4176ac478b7b7674779388c |
| SHA1 | 68b4e7a9a31e0f9450c856d073b8d03613ae9816 |
| SHA256 | 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c |
| SHA512 | 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\he.pak
| MD5 | 70de839caf5f0caeccc5a2b7dd438583 |
| SHA1 | aa4b932b2313bca859568d62e8c12f9249d7bb81 |
| SHA256 | 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479 |
| SHA512 | 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\gu.pak
| MD5 | 2e015f0ad58e22b8eaf60e4d727aa3a0 |
| SHA1 | dba0b894f32ad6507ea6a41917c0631f06f2c03e |
| SHA256 | 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c |
| SHA512 | 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fr.pak
| MD5 | 9442fbfc2b150479f4836706313e42c2 |
| SHA1 | 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f |
| SHA256 | 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87 |
| SHA512 | 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fil.pak
| MD5 | 919d0bae6d964906176cec8530c019ba |
| SHA1 | ab41e78a91314608ffa0cec927b4e001b3833e4a |
| SHA256 | 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa |
| SHA512 | 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fi.pak
| MD5 | 4215d02d92e1be2e182197a0bb87ef29 |
| SHA1 | 005cc2d1ed5039fc34fc14270344ebc938760554 |
| SHA256 | 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb |
| SHA512 | b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\fa.pak
| MD5 | 00bc7a02631c7de396537ee08deeec7c |
| SHA1 | 063c897b59cd70955cee3ca27d8743a0989f0a86 |
| SHA256 | 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec |
| SHA512 | cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\et.pak
| MD5 | 7c8be63adae41cfa46a1a614de18e842 |
| SHA1 | eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4 |
| SHA256 | 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be |
| SHA512 | 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\es.pak
| MD5 | 2c8b6b9b30b62618c65237943c030e6a |
| SHA1 | 887717930c8d070f0ba965c8a215478653d3845f |
| SHA256 | 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4 |
| SHA512 | b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\es-419.pak
| MD5 | 7b45d7be08eed5dfee3d12f0b7e6111d |
| SHA1 | e14d2e0861d42bc31ea778237f77fd71c5dd32c8 |
| SHA256 | 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c |
| SHA512 | dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\en-US.pak
| MD5 | 214e2b52108bbde227209a00664d30a5 |
| SHA1 | e2ac97090a3935c8aa7aa466e87b67216284b150 |
| SHA256 | 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab |
| SHA512 | 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\locales\en-GB.pak
| MD5 | dabd9d0434e128d6ae3feec3b2c2801e |
| SHA1 | d7a25ac86c15f5d4a3b3d4b713a5302c5b385498 |
| SHA256 | dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835 |
| SHA512 | 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e7c8cd0bc5305a7c3c2a2c1f689744e2 |
| SHA1 | de20c6420bd838e13867bb37256e1b25bf365942 |
| SHA256 | 48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9 |
| SHA512 | 2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0 |
C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | d9a5609d8da5bd558facf2617619ad2b |
| SHA1 | 9debb66a376549ee795e9c049b3a685245e0a4b8 |
| SHA256 | da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216 |
| SHA512 | b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
\Users\Admin\AppData\Local\Temp\nstCC26.tmp\NSISdl.dll
| MD5 | ba2cc9634ebed71cea697a31144af802 |
| SHA1 | 8221c522b24f4808f66a476381db3e6455eab5c3 |
| SHA256 | 9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba |
| SHA512 | dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240221-en
Max time kernel
119s
Max time network
132s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 224
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cc9046f8,0x7ff8cc904708,0x7ff8cc904718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3208425145653367356,16050988939672235052,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_1732_SYESCSGRPIOTXRLY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd390322e950a03ff5a44fdda85a3d32 |
| SHA1 | f1090dac6993a8a5b7d3bce7c5b4f111c59e8255 |
| SHA256 | 26aa916ffc6d128758fcbf1d6382d92c2002e62af5f7c288cceb5e790ccb1a45 |
| SHA512 | f4fdad0c402e52c7ee25c34165e5afc7b6a5175692a4d0a7de2d2a22d54f35f32b4a848406a40e8611ecfc722a6e99df012bdf44fb2769e114d677a8968b2af7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a2d5ffaed1eac33182d5c41689fd211d |
| SHA1 | 9625a7c973e7e38df5099223bf03344fe3102b15 |
| SHA256 | f6f756c2e6e74450089e81f2073e8f8da17223f656299f2e0a19539100f8fa25 |
| SHA512 | df727743d9bf7f98cd0d0efd7a19da0cd6f1ef6d1c6598493d2bb8b3517042c932c5224471f7f6f37b66c69a426fb16b0f4755ade08ac89e6083a4136fa9f105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27a30c1a470aa306b9dd3bcd08a2ddc4 |
| SHA1 | 76b5b59c10ccdc34dd1c29f0a5570c0cec931062 |
| SHA256 | 37d91197cb39b7866f3234079af9511b9701eb49a06e785aecd8148c6b43f165 |
| SHA512 | b769f45ba0ba64fd4badee1eddc5d717d1a92a92d023b42bcd42366770ae50e231511329bcbb76504b9cdb29ee89835826b990feb3ce6b8f40f33bed9a9d4063 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240221-en
Max time kernel
118s
Max time network
133s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2948 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
163s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5076 wrote to memory of 1248 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 1248 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 1248 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1248 -ip 1248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 560
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 664 wrote to memory of 1500 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 664 wrote to memory of 1500 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 664 wrote to memory of 1500 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1500 -ip 1500
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
163s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3908 wrote to memory of 4972 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3908 wrote to memory of 4972 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3908 wrote to memory of 4972 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK32.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4972 -ip 4972
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 600
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
163s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VMProtectSDK64.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
91s
Max time network
104s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240215-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 224
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win7-20240221-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
138s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-heap-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
92s
Max time network
97s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4624 wrote to memory of 1312 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4624 wrote to memory of 1312 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4624 wrote to memory of 1312 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1312 -ip 1312
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
144s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240508-en
Max time kernel
118s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-10 23:09
Reported
2024-05-10 23:17
Platform
win10v2004-20240426-en
Max time kernel
142s
Max time network
164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |