df1dc6af8819034c43c6e0b5131ef552e119b017ca3b7c0ef50d162a8a5afa51

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Badlion Client.exe
Size

168.9MB
MD5

8ec84e9c59e29b954a4bc1eb559ff4db
SHA1

a8ac6061240aca6ed6625558e0abd7e61c98f7dc
SHA256

f6a14bc4f038640b5823b50515d933691cfe77a86bb78044f5e1a166507b49f4
SHA512

9ef1261f118e8afc39aa3fa3464e10a12649e21f05be00ca906b9382a33ec26866bbf7043f3663a0b686fc21dd41141ae2a7abae8d8ef8a97a15553b874404f9
SSDEEP

1572864:RHHt7MS+5eN4KyKpaRpOxS/krGAbJr3OIrMrpA98836lPCXg+ir70aDmyEgiAKLK:5ZMzBOBylar+

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\Drivers\etc\hosts	Badlion Client.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Badlion Client = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe\""	Badlion Client.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Badlion Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Badlion Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Badlion Client.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\shell\open\command	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe\" \"%1\""	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe"	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\ = "URL:badlion"	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\shell\open\command	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\URL Protocol	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\shell	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\shell\open	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\shell	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\badlion\shell\open	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol"	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe"	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\URL Protocol	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-418076578333851669\DefaultIcon	Badlion Client.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Badlion Client.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2216	Badlion Client.exe
2216	Badlion Client.exe
2216	Badlion Client.exe
2216	Badlion Client.exe
628	Badlion Client.exe
628	Badlion Client.exe
628	Badlion Client.exe
628	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2744	Badlion Client.exe
2744	Badlion Client.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe
Token: SeCreatePagefilePrivilege	2716	Badlion Client.exe
Token: SeShutdownPrivilege	2716	Badlion Client.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe
2716	Badlion Client.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 3032	2716	Badlion Client.exe	86
PID 2716 wrote to memory of 3032	2716	Badlion Client.exe	86
PID 2716 wrote to memory of 3052	2716	Badlion Client.exe	87
PID 2716 wrote to memory of 3052	2716	Badlion Client.exe	87
PID 2716 wrote to memory of 2216	2716	Badlion Client.exe	88
PID 2716 wrote to memory of 2216	2716	Badlion Client.exe	88
PID 2716 wrote to memory of 628	2716	Badlion Client.exe	89
PID 2716 wrote to memory of 628	2716	Badlion Client.exe	89
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 13052	2716	Badlion Client.exe	90
PID 2716 wrote to memory of 2744	2716	Badlion Client.exe	96
PID 2716 wrote to memory of 2744	2716	Badlion Client.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Checks computer location settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2784,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2776 /prefetch:2
  2⤵
  PID:3032
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --field-trial-handle=2868,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2864 /prefetch:3
  2⤵
  PID:3052
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3412,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3604,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --field-trial-handle=4264,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:8
  2⤵
  PID:13052
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,5432238799243798934,12813768507120255074,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x498
1⤵
PID:13156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Badlion Client\502c4543-4a6d-4434-8267-02ed4c65b17f.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.crypto.mscapi\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.internal.le\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.javadoc\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\logging.properties

Filesize
2KB

MD5
0f00ec3e7a7767a4efeae1875fb5f3d4

SHA1
167808418571e9209b952188ddab2f4e62920e68

SHA256
b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f

SHA512
e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.access

Filesize
3KB

MD5
5880f5255cf159b204761cf24be76061

SHA1
db484eb763831db19c089c9820a54cc875e4f624

SHA256
0c25d26ee212ca1e8c33f67c3c460d43fe849c3a1d23dbe341148517602b280c

SHA512
64d33add796d2d3df7ad37aa452ee1d106174be1ade3063d73ba416211629a9a9b05177969404fdc92fcee8458450c9de4a6195744b93131303208cb6f1416ad

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\jmxremote.password.template

Filesize
5KB

MD5
ad773cfd53efe03e662f1cf23561f725

SHA1
3bad5b040b6d7117df4c40609ea0f8074339ee47

SHA256
0273b6a6b9e20e6ce54c5aee70164028e0395063b2b7d39060a40b6495543dbf

SHA512
e6794168ba80a8ff733d8c1771930ae8c8fc33030e5e9ca02700f326c88a2f68ff09bc734bfd1e492ef15705b288c7918ce1f3f7174742dee6a62dfe086abd65

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\management\management.properties

Filesize
14KB

MD5
1e236f07e2b653fafe2c0ecd3eb815e1

SHA1
81c332967eb7424827e9a570d845f7d48930b35c

SHA256
07dffdd85b01c19bf46ca320a699aba48dd6b01043eb0bd6a9528c7993312bad

SHA512
4fae4e2b5f7122cd80c03b3d04fca5c4b9586be6c712dfdb729f5e85d6e71a86addfdb975be4ee7e250e28643222687f834a6456054e38331bd978aba79dae71

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\net.properties

Filesize
6KB

MD5
385443b7e4a37bc277c018cd1d336d49

SHA1
b2c0dfb00bf699e817bdd49b14bc24b8d3282c65

SHA256
5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08

SHA512
260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\README.txt

Filesize
2KB

MD5
3d47d94bc4f19d18bcc8b23f51d013af

SHA1
a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb

SHA256
6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5

SHA512
68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\default_local.policy

Filesize
647B

MD5
6d7b4616a5dba477b6b6d3f9a12e568f

SHA1
7fb67e217c53a685cb9314001592b5bd50b5fbb9

SHA256
2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441

SHA512
a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\limited\exempt_local.policy

Filesize
566B

MD5
4cbb03f484c86cbea1a217baae07d3c9

SHA1
ee67275bc119c98191a09ff72f043872b05ab7fd

SHA256
8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9

SHA512
2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\security\policy\unlimited\default_local.policy

Filesize
193B

MD5
2a0f330c51aff13a96af8bd5082c84a8

SHA1
ad2509631ed743c882999ac1200fd5fb8a593639

SHA256
8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a

SHA512
2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\conf\sound.properties

Filesize
1KB

MD5
4f95242740bfb7b133b879597947a41e

SHA1
9afceb218059d981d0fa9f07aad3c5097cf41b0c

SHA256
299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66

SHA512
99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\ADDITIONAL_LICENSE_INFO

Filesize
2KB

MD5
71bb3ad0017bf36d14bb96a8d4b32c45

SHA1
1a5c553e71bdb7d94995b206bc9eaa49abd1e888

SHA256
a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916

SHA512
9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\LICENSE

Filesize
18KB

MD5
3e0b59f8fac05c3c03d4a26bbda13f8f

SHA1
a4fb972c240d89131ee9e16b845cd302e0ecb05f

SHA256
4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726

SHA512
6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\aes.md

Filesize
1KB

MD5
2e33468a535a4eb09ef57fc12a2652d0

SHA1
e64516f3fa1e72f88caa50f14b8046dd74d012b6

SHA256
45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d

SHA512
4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\c-libutl.md

Filesize
1KB

MD5
2e89a282a50f8702e52703464e6937ca

SHA1
cfc22a6f5b17cd539234d5b3160a5224abefadb9

SHA256
bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9

SHA512
ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\wepoll.md

Filesize
1KB

MD5
cef1d92ff8ace278bd32ac5e18735b86

SHA1
6c7d15e2b8f3e99527458c8ea33420ee1d34af7b

SHA256
3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0

SHA512
12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.base\zlib.md

Filesize
1011B

MD5
440321d71d082c9f04a9995b613bdff2

SHA1
9af688d499b3026ec8e5a2e266dc4b9b4884a87b

SHA256
81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285

SHA512
c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\colorimaging.md

Filesize
167B

MD5
0889fd01a6802a5a934572d9bd47f430

SHA1
7a7e547452ee1c72e8b0d96dccbe315f62d5b564

SHA256
04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189

SHA512
f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\giflib.md

Filesize
1KB

MD5
867001e2a577f88cfc856f45959502aa

SHA1
109c11cec13349212ba94b9f3eb7d0943229938e

SHA256
c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8

SHA512
dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\lcms.md

Filesize
2KB

MD5
04a8a77cafdd6185a3506eccf7a83346

SHA1
1acbec21e9eab8bd2bee9826353c1e768d5457b5

SHA256
8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782

SHA512
a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.desktop\mesa3d.md

Filesize
5KB

MD5
c7e0d19c8f4eff11e97f0eb9afd3f7f4

SHA1
6a98ee2703132e181f37d162452f073fb64ced83

SHA256
63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152

SHA512
9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.smartcardio\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\dom.md

Filesize
3KB

MD5
13952c46b3867103ad7d1e9c6c9e906c

SHA1
4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb

SHA256
6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148

SHA512
8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\java.xml\jcup.md

Filesize
1KB

MD5
d19594fbf6eab2242dc29257905d8ded

SHA1
fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c

SHA256
8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf

SHA512
7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

Filesize
3KB

MD5
fa24b7e2a61a7045cb0c6c385000681b

SHA1
869fc0b687986ea26b8ff63c137e03c92234a5c8

SHA256
262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811

SHA512
2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

Filesize
2KB

MD5
b77d1951df7a8488eb84ce1d25486a14

SHA1
e35415235ec3bbcb92beeceb03a9a8e7c13a6fce

SHA256
371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d

SHA512
759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.dynalink\dynalink.md

Filesize
1KB

MD5
7c3773c14e9de1161a33902d64854bde

SHA1
bee6874bd3625623c939441c9269f9c6239a9247

SHA256
17312591cabee3ef6c34ed8897d92e4e361ba9cea41ec00dcd61a322a8fc2cdb

SHA512
86ee77d8e129b78173964461cd27200aeab7fb6417fe0f4982d9b126ed2292216d08212be91b53eccb26dd6a8b3e1aab1d1dbab85c2133872ac0027dc87a8223

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.internal.opt\jopt-simple.md

Filesize
1KB

MD5
4f3f190fd212329afc39442174ca4b3a

SHA1
d7e25adf223e68d06276ae7666bbc96590dda442

SHA256
99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05

SHA512
fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.javadoc\jquery.md

Filesize
2KB

MD5
8ef4ab67241efd69eaa3df9871fa0dbd

SHA1
a20a019c3b06d4263b00f5e89ed394a52b8c1981

SHA256
0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e

SHA512
1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.localedata\thaidict.md

Filesize
1KB

MD5
2ea6eb55ca40902554aaf2fd20a76ba8

SHA1
e5b9e88e174c797c313d6739e7e34772b723bc4b

SHA256
c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a

SHA512
5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.management\ADDITIONAL_LICENSE_INFO

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\legal\jdk.net\ASSEMBLY_EXCEPTION

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfont.properties.ja

Filesize
3KB

MD5
d4c735bf5756759a1c3bc8de408629fc

SHA1
67c15e05a398b4ce6409d530a058f7e1b2208c20

SHA256
5a4bd51b969bf187ff86d94f4a71fdfbfa602762975fa3c73d264b4575f7c78f

SHA512
8124b25decfa64a65433ff2ce1f0f7bdf304abe2997568abc35264a705f07152aa993b543da37c4132b4b1b606743c825c90a0eb17b268518d478f5cf0889062

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\psfontj2d.properties

Filesize
11KB

MD5
17b15d370018acc01550175882c7da91

SHA1
4edd9e0fc3d30fbdcabcdcaab3bc0b3157fc881e

SHA256
780c565d5af3ee6f68b887b75c041cdf46a0592f67012f12eeb691283e92630a

SHA512
e4ee92d4598385cb2f6f3a4db91ddabd7e615dc105ed26cdc5b5598d01c526cea7726ff93f92a308350229f2e5a5dd64cc0c38865dd97666368a330b410d4892

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\security\blocked.certs

Filesize
2KB

MD5
8273f70416f494f7fa5b6c70a101e00e

SHA1
aeaebb14fbf146fbb0aaf347446c08766c86ca7f

SHA256
583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58

SHA512
e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzdb.dat

Filesize
101KB

MD5
2fd920c56de68f65493ba6962fd079e1

SHA1
1e79bff02711d3dab3c75e90d4bb08f8086c9626

SHA256
b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93

SHA512
958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-21.0.2\lib\tzmappings

Filesize
21KB

MD5
4c30d7867505379a18a27d0e8f03198c

SHA1
0cc871d5bd91e061d676a861749af68bbc0ca9c6

SHA256
b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab

SHA512
873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
4287d97616f708e0a258be0141504beb

SHA1
5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

SHA256
479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

SHA512
f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\LICENSE

Filesize
41B

MD5
67cb88f6234b6a1f2320a23b197fa3f6

SHA1
877aceba17b28cfff3f5df664e03b319f23767a1

SHA256
263e21f4b43c118a8b4c07f1a8acb11cafc232886834433e34187f5663242360

SHA512
4d43e5edecab92cebd853204c941327dccbfd071a71f066c12f7fb2f1b2def59c37a15ce05c4fe06ec2ea296b8630c4e938254a8a92e149e4a0a82c4307d648f

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\README.txt

Filesize
47B

MD5
4bda1f1b04053dcfe66e87a77b307bb1

SHA1
b8b35584be24be3a8e1160f97b97b2226b38fa7d

SHA256
fd475b1619675b9fb3f5cd11d448b97eddee8d1f6ddcca13ded8bc6e0caa9cf3

SHA512
997cee676018076e9e4e94d61ec94d5b69b148b3152a0148e70d0be959533a13ad0bc1e8b43268f91db08b881bf5050a6d5c157d456597260a2b332a48068980

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt

Filesize
177KB

MD5
ea05cfe64caab3ac7c6ce79163faf3f1

SHA1
e7798b9f64d07b359e9efd3723c64c0842c3bd69

SHA256
8091d955ed8fcc8c87e83c9d582692662aeb79a5a87b431e92ddb187cb32f835

SHA512
836d99f3109d2a3538c8f94c7c66fc9e8584cb1e15d5a187325663109b6ee8624e0f7b257e54ec6b28d529518a59f5772f3a2b39dd99273862829565a36f5325

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\bin\server\Xusage.txt

Filesize
1KB

MD5
f4188deb5103b6d7015b2106938bfa23

SHA1
8e3781a080cd72fde8702eb6e02a05a23b4160f8

SHA256
bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763

SHA512
0be9a00a48cf8c7d210126591e61531899502e694a3c3ba7c3235295e80b1733b6f399cae58fb4f7bff2c934da7782d256bdf46793f814a5f25b7a811d0cb2e3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\accessibility.properties

Filesize
155B

MD5
9e5e954bc0e625a69a0a430e80dcf724

SHA1
c29c1f37a2148b50a343db1a4aa9eb0512f80749

SHA256
a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e

SHA512
18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\amd64\jvm.cfg

Filesize
672B

MD5
3bc0c7371c924bf144af8516ba8ba720

SHA1
dcd2c34791a1e7c7d0866d00c014f566d983d860

SHA256
875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1

SHA512
eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\calendars.properties

Filesize
1KB

MD5
92ba2d87915e6f7f58d43344df07e1a6

SHA1
872bc54e53377aac7c7616196bcce1db6a3f0477

SHA256
68f0cf30429a42a6fe78b1de91970e5c78fd03d1599beb080c1c196d5c59e4c0

SHA512
a964e2ceb4d601faf28ecf13fb11777b70708c21cf9ea23721e462b6e911051108b8a42ebf6447fa49cb61d7fa2d79475f50ee791f1121616371e2b02fab71b6

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\CIEXYZ.pf

Filesize
50KB

MD5
10f23396e21454e6bdfb0db2d124db85

SHA1
b7779924c70554647b87c2a86159ca7781e929f8

SHA256
207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c

SHA512
f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\GRAY.pf

Filesize
632B

MD5
1002f18fc4916f83e0fc7e33dcc1fa09

SHA1
27f93961d66b8230d0cdb8b166bc8b4153d5bc2d

SHA256
081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424

SHA512
334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf

Filesize
1KB

MD5
a387b65159c9887265babdef9ca8dae5

SHA1
7913274c2f73bafcf888f09ff60990b100214ede

SHA256
712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46

SHA512
359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\PYCC.pf

Filesize
268KB

MD5
24b9dee2469f9cc8ec39d5bdb3901500

SHA1
4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144

SHA256
48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0

SHA512
d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\sRGB.pf

Filesize
3KB

MD5
1d3fda2edb4a89ab60a23c5f7c7d81dd

SHA1
9eaea0911d89d63e39e95f2e2116eaec7e0bb91e

SHA256
2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e

SHA512
16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\content-types.properties

Filesize
5KB

MD5
95ae170d90764b3f5e68c72e8c518ddc

SHA1
1939b699d16a5db3e3f905466222099d7c29285a

SHA256
a2b31e9cbceab296a5e1cf056efd953ced23b888cd929b0bbe6eb6b53d2bf861

SHA512
87e970beac8141c757d622fc8b6d84fe173ea4b134afd8e2f979714c1110c3d92f3ce5f2b9dc74804dd37d13ab2a0edf0fca242f61cf8ed065ae81b7331f8816

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages.properties

Filesize
2KB

MD5
2eb9117d147baa0578e4000da9b29e12

SHA1
3d297ecf3d280d4aa3d1423e885994495243f326

SHA256
b8d9c69ff7f4832a9b365d4a43cf66dff9847051752b13eedf024caa9c1ef46b

SHA512
c3f7730767941b3c8f6f53d4686e9f898d1907d978f6d1fa35ba02c3fcd8306335406a5f9abaa844f27f7afd9e548810becb9ec3e6b84888ea5eac57b6ed6fdb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_de.properties

Filesize
3KB

MD5
ff9cfee1acfcd927253a6e35673f1bb7

SHA1
957e6609a1af6d06a45a6f7b278be7625807b909

SHA256
e130fbd5fa378a380f46f42981f2c97bc152059c27120204ab4da47079d31513

SHA512
f42601092436d7af30ccd81126185232d9d643b195d3d4619aec451e3e2a60e33e6378e770dd1a4cdf7ab20cb749371665a992ca73d2842a7102f3fb34b6b9eb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_es.properties

Filesize
3KB

MD5
72bdae07c5d619e5849a97acc6a1090f

SHA1
9fc8a7a29658ac23a30ab9d655117bb79d08dc3b

SHA256
821a3452ecb9f29bcec16c0b39fb668c2cc30c7f7283b34bfc5400040723892b

SHA512
67f0d1d60012b5598864b68612aa488af1b5876ff5f347cd98abcf1e3c0d267cf0354d5085bf12b0a09c6ef124fd0117cd16fcc032da2b195d45bab19740bb78

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_fr.properties

Filesize
3KB

MD5
ffe3cc16616314296c3262b0a0e093cd

SHA1
198dd1c6e6707c10ae74a1c42e8a91c429598f3b

SHA256
3941736bef6a8e53d002b6b67ece4793c2f3f34bcc1ecb271684eb3f73fc4103

SHA512
cd3a9329f405ca14e11cdbb74d467b31a31530cbf00537b16fb23aebc6c07eb268e9624fdbc997aa0cf4852dac288e1d011e2fc392d71e25dbdf52e359ba9d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_it.properties

Filesize
3KB

MD5
bf5e5310b2dcf8e8b3697b358ad4446d

SHA1
c746ac1f46f607fa8f971bea2b6853746a4fb28d

SHA256
cc9ad73957535011ee2376c23de2c2597f877aceba9173e822ee79aad3c4e9e6

SHA512
b6c61d38b0acc427b9b2f4c19dabd7eacbe8eea6b973fd31b3555c4c5b3ffaf1ca036b730359346f57223b44cce79e04a6d06bbc13c6f7dd26ed463776bb6dcc

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_ja.properties

Filesize
6KB

MD5
d830fc76bdd1975010ece4c5369dadf8

SHA1
d8cc3f54325142efa740026e2bc623afe6f3acb5

SHA256
11e886336ba51a9044ab1a87c60ceee34c29bb724e06a16968d31531a7001064

SHA512
7b867a50a811fbd7ffdad0b729ca4501e16386ee5c4940a4cf9a805767cc0d10f7e3bdfd6a60204d79292d778d93e3bd915368ac0e9453bbb1010adfd9655f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_zh_CN.properties

Filesize
4KB

MD5
823d1f655440c3912dd1f965a23363fc

SHA1
50b941a38b9c5f565f893e1e0824f7619f51185c

SHA256
86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7

SHA512
1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\splash.gif

Filesize
8KB

MD5
249053609eaf5b17ddd42149fc24c469

SHA1
20e7aec75f6d036d504277542e507eb7dc24aae8

SHA256
113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be

SHA512
9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\[email protected]

Filesize
14KB

MD5
cb81fed291361d1dd745202659857b1b

SHA1
0ae4a5bda2a6d628fac51462390b503c99509fdc

SHA256
9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435

SHA512
4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\flavormap.properties

Filesize
3KB

MD5
b0ce9f297d3fec6325c0c784072908f1

SHA1
dd778a0e5417b9b97187215ffc66d4c14f95fef0

SHA256
6da00c1cbe02909dcd6a75da51d25dbf49bfd1d779c0b8e57b12e757229fc4a8

SHA512
4c774bcb9ade996569c86dd46b3bdb046771ad1bcf9aabb9db86854c83e18015cbe5df73da86ee98e26ba0393f548b1cc09de60bda4248eacc4fc833e23b8ab4

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf

Filesize
73KB

MD5
af0c5c24ef340aea5ccac002177e5c09

SHA1
b5c97f985639e19a3b712193ee48b55dda581fd1

SHA256
72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244

SHA512
6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf

Filesize
73KB

MD5
793ae1ab32085c8de36541bb6b30da7c

SHA1
1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7

SHA256
895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c

SHA512
a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf

Filesize
78KB

MD5
4d666869c97cdb9e1381a393ffe50a3a

SHA1
aa5c037865c563726ecd63d61ca26443589be425

SHA256
d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06

SHA512
1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf

Filesize
336KB

MD5
630a6fa16c414f3de6110e46717aad53

SHA1
5d7ed564791c900a8786936930ba99385653139c

SHA256
0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923

SHA512
0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf

Filesize
310KB

MD5
5dd099908b722236aa0c0047c56e5af2

SHA1
92b79fefc35e96190250c602a8fed85276b32a95

SHA256
53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee

SHA512
440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf

Filesize
681KB

MD5
b75309b925371b38997df1b25c1ea508

SHA1
39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add

SHA256
f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde

SHA512
9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf

Filesize
228KB

MD5
a0c96aa334f1aeaa799773db3e6cba9c

SHA1
a5da2eb49448f461470387c939f0e69119310e0b

SHA256
fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2

SHA512
a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf

Filesize
237KB

MD5
c1397e8d6e6abcd727c71fca2132e218

SHA1
c144dcafe4faf2e79cfd74d8134a631f30234db1

SHA256
d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff

SHA512
da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\hijrah-config-umalqura.properties

Filesize
13KB

MD5
6e378235fb49f30c9580686ba8a787aa

SHA1
2fc76d9d615a35244133fc01ab7381ba49b0b149

SHA256
b4a0c0a98624c48a801d8ea071ec4a3d582826ac9637478814591bc6ea259d4a

SHA512
58558a1f8d9d3d6f0e21b1269313fd6ac9a80a93cc093a5e8cdec495855fcd2fc95a6b54fe59e714e89d9274654bb9c1cd887b3fb9d4b9d9c50e5c5983c571b8

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\cursors.properties

Filesize
1KB

MD5
01b94c63bd5e6d094e84ff3ad640ffbf

SHA1
5570f355456250b1ec902375b0257584db2360ae

SHA256
52845deb58038b4375c30b75dd2053726872758c96597c7cc5d6cef11f42a2ba

SHA512
816be2271cf3ecf10ee40e24a288ce302b2810010bef76efc0ce5746591955921b70f19005335f485d61a7b216dcce0b06750831720dd426d07709154d5fac7a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif

Filesize
165B

MD5
89cdf623e11aaf0407328fd3ada32c07

SHA1
ae813939f9a52e7b59927f531ce8757636ff8082

SHA256
13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d

SHA512
2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif

Filesize
168B

MD5
694a59efde0648f49fa448a46c4d8948

SHA1
4b3843cbd4f112a90d112a37957684c843d68e83

SHA256
485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198

SHA512
cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif

Filesize
147B

MD5
cc8dd9ab7ddf6efa2f3b8bcfa31115c0

SHA1
1333f489ac0506d7dc98656a515feeb6e87e27f9

SHA256
12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338

SHA512
9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\default.jfc

Filesize
19KB

MD5
23aa3364d2ad1a2fc01fe9632b3b657e

SHA1
aa73c9d419da1237450d85a8c14fe8473fc96a0d

SHA256
dc59d905640c4931f45b14d24a08757a3108597a07eaefc5317c52681797139d

SHA512
d882bcbc7eb8372758467c211c6b1d00ce76ecb3579bd6682ec84d63472b9164a9c9ba27d6b88e779c726d90c8c7bc364ccbe37dfd514c638f24fa79d6478e31

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\profile.jfc

Filesize
19KB

MD5
4350cbf99dca8cfcd1075fbbe2ff6c60

SHA1
37e6c871457dc5691a692c9577877d6846e43c6e

SHA256
9bcd76b6dca5ea258edaddd2cfdd0dd93e66e4d9352eda6752c82e0e87be5408

SHA512
1d397c2881de8aa8e77a503a83b7025010c953c8b56a2d8f7b53cee7b7d68451ce0527ecb775df52ecd1d5cf7912b67dc1186ce6a0990ac2d0fe3519321678e3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jvm.hprof.txt

Filesize
4KB

MD5
ad91d69a4129d31d72fbe288ff967943

SHA1
cb510afcdbecea3538c3f841c0440194573dbb65

SHA256
235a50d958faedde808d071705a6d603f97611f568eec40d7444984b984a4b18

SHA512
600bee4676d26e2ce5b9171582540021509a4d7888c9c7badc14f0fad07007e4ce2b4c007a8eb15bd0d977722b8b34442012ea972ffbd72797475a56cdfd86ee

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\logging.properties

Filesize
2KB

MD5
0aa5d5efdb4f2b92bebbeb4160aa808b

SHA1
c6f1b311a4d0790af8c16c1ca9599d043ba99e90

SHA256
a3148336160ea7ef451052d1f435f7c9d96eeb738105ac730358edada5bd45a2

SHA512
a52c2b784cf0b01a2af3066f4bb8e7fd890a86cfd82359a22266341942a25333d4c63ba2c02aa43ade872357fc9c8bbc60d311b2af2ad2634d60377a2294afdd

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.access

Filesize
3KB

MD5
41b36d832be39a3cf0f3d7760e55fdcb

SHA1
e706e9be75604a13dfcc5a96b1720a544d76348b

SHA256
71a930cbe577cbabb4269650c98d227f739e0d4b9c0b44830dd3d52f5015be1f

SHA512
41e6b8639c1ceb3d09d2fdeeeba89ffa17c4ed8b1ad0df1e5ab46c4bf178688d5504dc5a3c854226f7da23dfa0edab0d035d6b56495829f43aaa2a7babec4273

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.password.template

Filesize
2KB

MD5
5dd28aaf5a06c946df7b223f33482fdf

SHA1
d09118d402ca3ba625b165ecace863466d7f4ce9

SHA256
24674176a4c0e5eefb9285691764ea06585d90bbdaf5bf40c4220de7ca3e3175

SHA512
13c6f37e969a5aece2b2f938fa8ebf6a72c0c173678a026e77c35871e4ae89404585fb1a3516ae2ca336fc47eab1f3dd2009123adba9c437cd76ba654401cbdf

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\management.properties

Filesize
14KB

MD5
054e093240388f0322604619ef643f18

SHA1
6e110c2a5d813013e9c57700be8b0d17896e950c

SHA256
bf41d73eab0da8222fe24255e1bbf68327fb02b1a4f1e7a81b9c7b539033ffb2

SHA512
bd60c6271cdeffff4563e6e2cf97c176d86f160092d1ffcbe7eefe714ba75ddc5fb4e848a5fdbe7a1d1510720d92af6a176a76de2cc599f27e4beae8e692c5d3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\snmp.acl.template

Filesize
3KB

MD5
9d9ec1bb9e357bbfb72b077e4af5f63f

SHA1
6484b03dbe9687216429d3a6f916773c060e15ce

SHA256
8b02a29bc61b0f7203df7ca94140f80d2c6a1138064e0441dfd621cf243a0339

SHA512
5fe39bbfca806ce45871a6223d80fa731efaa5d31c3b97ee055ab77eaf3833342945f39e9858335d9dd358b4b7f984ffade741452e19b60b8e510aa74ac02c00

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfont.properties.ja

Filesize
2KB

MD5
a38587427e422d55b012fa3e5c9436d2

SHA1
7bd1b81b39da78124be045507e0681e860921dbb

SHA256
d2c47de948033ed836b375ccd518cf55333fe11c4ced56bc1ce2ff62114cf546

SHA512
ea6ca975e9308ed2b3bbcce91ee61142dab0067ce8f17cb469929f6136e6b4a968bac838141d8b38866f9ef5e15e156400859cccc84fb114214e19556f0dc636

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfontj2d.properties

Filesize
10KB

MD5
66b3e6770c291fe8cd3240ffbb00dc47

SHA1
88ce9d723a2d4a07fd2032a8b4a742fe323eec8f

SHA256
7ea6e05d3b8b51d03c3d6548e709c220541df0f1aee2e69b9101c9f051f7c17a

SHA512
d1b99aa011568affa415758c986b427588ae87fe5eb7fc52d519f7167ad46bbff8b62799f14d8dbc7c55deb6ff7259445d6e8882cc781d61206ed1b79b688745

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\US_export_policy.jar

Filesize
2KB

MD5
ee4ed9c75a1aaa04dfd192382c57900c

SHA1
7d69ea3b385bc067738520f1b5c549e1084be285

SHA256
90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870

SHA512
eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\blacklist

Filesize
4KB

MD5
3f5dc1d941e8356ccd04454ac0a7a7d2

SHA1
3698f9afd870c7959e2d8a0da0a97b4475554831

SHA256
c48d57d64ed98f8f174a4f6873f536ae03b41a63f67079d7c2f7140950a1c02e

SHA512
65319a4ef150884f7e67c6f96085a996c9b32dcf9a539c4eb7af77b1b46cdd90f1e83446f33da14467ea37d0628c9411323f5c3d3cefcf03cbdfa186eeb2bd3c

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.policy

Filesize
2KB

MD5
ec90fd04c2890584a16eb24664050c2a

SHA1
c7fe062eac95909ec6a5ea93f42dda5e023ad82c

SHA256
ced51e3926e6b0cfec8ecab3b15d296fdcfae4d32046224814aaab5fd0fed9c0

SHA512
8da494925b3b5aae69a30a8b5f9732e64edbae39c968229d112185e349c410a0f5d1b281a4e44718e0120e910820b15ca878b2ed1cf905dfc6595f1ba34b85d3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.security

Filesize
23KB

MD5
b7aba3dfea0468195be1256c959135e6

SHA1
8c30082493935efda5ba54489d8605199c976b29

SHA256
c50c923c2b0dc5a3c598671be2cd980f7f06e7254cce04a1fe498f6e17fce3ec

SHA512
c91e110a3f3fc74596d22ee9f59bfa952be75b1b87fdb0e7ca8f188671c8e1d22bf02bc0c0b9f1321ad4df0c8c8db6f660efbba513888686b5ba9f86d7c30b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\javaws.policy

Filesize
103B

MD5
e0c4ef8b210c0ddfee01126e1aca4280

SHA1
f1cc674f447045d668454996d5c3c188884762cd

SHA256
e5cd7f9fd43084674aa749bc8301f28de85eef6d01bd78828f72fa32377a3368

SHA512
4820074f15520ad099193b27a673499c31544a7279279efcb6131d53fe997438a96e1c5b386c233385004f7a2fbb775d4cde3c0272a196b54c0d8ee6ccef43df

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\local_policy.jar

Filesize
3KB

MD5
57aaaa3176dc28fc554ef0906d01041a

SHA1
238b8826e110f58acb2e1959773b0a577cd4d569

SHA256
b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7

SHA512
8704b5e3665f28d1a0bc2a063f4bc07ba3c7cd8611e06c0d636a91d5ea55f63e85c6d2ad49e5d8ece267d43ca3800b3cd09cf369841c94d30692eb715bb0098e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\sound.properties

Filesize
1KB

MD5
bb63293b1207cb8608c5fbe089a1b06d

SHA1
96a0fa723af939c22ae25b164771319d82bc033b

SHA256
633015ad63728dfe7a51bf26e55b766dd3e935f1fcccffa8054bf6e158ea89b2

SHA512
0042debe4a77da997a75a294a0c48d19aed258eeb3cd723fd305037df11f0a5073a92cc54967b8b541e1afc912f36481d0b0f68477b8156e52e15093722b7c32

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\tzmappings

Filesize
8KB

MD5
b8dd8953b143685b5e91abeb13ff24f0

SHA1
b5ceb39061fce39bb9d7a0176049a6e2600c419c

SHA256
3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272

SHA512
c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Network\Network Persistent State

Filesize
977B

MD5
1568a95607d7a2c8315a42c16f3e1d3e

SHA1
bdffbff48805679c92c2f5d13a4309106d7e3d39

SHA256
0d9d07b6eec801e507505f5f88dacf339e111893475073763262417728d6643f

SHA512
9328700d545c25d14eda8dcf3e339aa874076fa77b916b804da75e16783af6421633b7dfa8f94651ec24b5e566660e15b9e57626ac135bef4510771abe64c20a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Network\Network Persistent State~RFe58cdea.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

Filesize
1KB

MD5
eeae2d1412c28ec72b8f0abc65944e3e

SHA1
a60c075affb23f8a73726f786cb3aaf09354d9b2

SHA256
ca3fb47baa119afb2a0570d16289179cebd41108222a16200f45589a45f36689

SHA512
d616c8dbdc1595286efd7e464ad07b3a9d699ee2a34b165710b6d64012e08cc9555d8d01784ef3651088e1433a0b3e5394cde1fd6eb3e026eed899b84b67be20

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

Filesize
1KB

MD5
a5fb2f2eba3ab1ac28dbf943f3f27dbc

SHA1
e6f58dedfc165bcf6bd512dcb4e898d6684c2f9c

SHA256
cf250dca89be509c3939454a75a32bfd9ac1933c110204785c2c10239ab14b07

SHA512
f106ae9b71748c2ea76c2ef020e81af122fbb68caf03ae26c978a5d1e179a7b2d0095685e3e6869010ba0a7d7d2a23b9ed18d18e91d28b9c94c9c6ff20fe324a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-6714741835df034c

Filesize
1KB

MD5
b968ec7b40254e391a8712a0bdabdc47

SHA1
fc9127693f4fc184f176ec15453d27c01109986e

SHA256
3db25751573dfc989295040729fe17cb85a77019345e92b91c2bb4463110577f

SHA512
a426725cc731ef93cd8e9bcdf9d0a8bfdfbd6c760aae05fedd584679d3be6809b1c2701e7a6bff4d89f19168a182c18e6f5da2684bd586a8b27c2f15e192bd3d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-6714743188bbafac

Filesize
1KB

MD5
ba324e5a2bcca9cd46898883119c53e1

SHA1
40974cae8133ffef16c754f3f14a57c8ded977c7

SHA256
ae370ba2952f369d282a22fde544b67c5aed37a8871a9a7c968e694edd29df2f

SHA512
b063ebe995507a922b3db7249993304a68ba6f55c89fbf153379c0380d43cf3f8741665ec0269cd9ca90b448f4dbbc2168e78e09458888e5065db6eb4aedcdff

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
59ad9d2eafb33a949d848331db8b94c3

SHA1
8db356ccb37dd7ea2779d6e1d9d5758906fd05b2

SHA256
468d0d721f5ab8f933e2e5a619326a874a97f49dabbbb7a8ed31729600424eb2

SHA512
52c734d1385b19bd086a5eef375ed54c2ccbf59c7f87c751cd700bf87067e232afe0b276830fa35f565568874c77765ecf174a8d462ee310ff2449756ae07f65

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
3KB

MD5
c924acc9349783e87bef5e7caac61120

SHA1
1d402ff8ffa8ca0e28b8363788f1ed38482b5b76

SHA256
3d72abe92a7cae6c265cc3fcef1bbc091a6d52621a607a3f349106bd89076c78

SHA512
ea27fede04603a7bbafaa22874fb2b198c94839ef6d24f3dd3e54cc5c160031ebf5bfe18d7ddb7fdf9b413c108c8a0dee2cc454a81a0cd96bba3ad6e16f6b2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
1KB

MD5
d7cad63d6469ff6eb2526f3d9b51e515

SHA1
d96e6595ac4d99896675ea34a8734709c40937c7

SHA256
3d814002ed69578f2c8d4a5b844c7cfbae1ee1a67f5fab9a0c6c73eb8158fc51

SHA512
acd44f5e686b5d31558c0f2d04409f0d3caf84852701e81016bafb7a66202a60de2141e8e94445e9f70150e336389582bb706b8df3c9dc6bb471aa36b574bf14

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\renderer.log

Filesize
296B

MD5
4c39180f74a6136a3c49d043e4cfb223

SHA1
34fa42fb866839bfa91ddf92e076a19eda06b1ed

SHA256
b595888eb273a0a7c1756e89e5e39d0b2b61d6a1a97a7e72b434ae8bf8c48808

SHA512
6f466e0548e29a79144ce0b1df763fe2012c8c369c2c7065ffc3fea930241540dd593566019a3c8775fcedcb77b85c5610fbb2de1b83fe493cc02ef6a5cfab19

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
008fba141529811128b8cd5f52300f6e

SHA1
1a350b35d82cb4bd7a924b6840c36a678105f793

SHA256
ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

SHA512
80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

Download Submit
memory/2744-8756-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8758-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8757-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8768-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8767-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8766-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8765-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8764-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8763-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download
memory/2744-8762-0x0000024AB9040000-0x0000024AB9041000-memory.dmp

Filesize
4KB

Download