hxxps://medal[.]tv?premium-invite=Gabrielloginek

Analysis

max time kernel
900s
max time network
905s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://medal.tv?premium-invite=Gabrielloginek

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 23 IoCs

pid	Process
2388	MedalSetup.exe
6372	Update.exe
5760	MedalSetup.exe
7668	Update.exe
8044	Squirrel.exe
7500	MedalSetup.exe
7968	Update.exe
7908	Squirrel.exe
3452	Medal.exe
3776	Update.exe
2160	Medal.exe
2800	Medal.exe
1236	Medal.exe
8056	Medal.exe
7240	Medal.exe
7460	Medal.exe
1936	Medal.exe
8084	Medal.exe
5412	ffmpeg.exe
4308	Medal.exe
5004	Medal.exe
8048	ffmpeg.exe
7136	Medal.exe

Loads dropped DLL 22 IoCs

pid	Process
3452	Medal.exe
2160	Medal.exe
2800	Medal.exe
1236	Medal.exe
7240	Medal.exe
8056	Medal.exe
8056	Medal.exe
8056	Medal.exe
8056	Medal.exe
8056	Medal.exe
7460	Medal.exe
1936	Medal.exe
8084	Medal.exe
1936	Medal.exe
1936	Medal.exe
1936	Medal.exe
1936	Medal.exe
1936	Medal.exe
4308	Medal.exe
5004	Medal.exe
7136	Medal.exe
7136	Medal.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
6740	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342567177260964"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\shell\open\command	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\shell\open	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2109.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2109.0\\--squirrel-firstrun\" \"%1\""	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{D60DCE8A-7019-492A-B6E3-76DB0242CFBF}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\ = "URL:medal"	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\URL Protocol	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\medal\shell	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{B4CFBCED-5BF3-4DB5-8F44-53EF989AFB0C}	Medal.exe

Modifies registry key 1 TTPs 7 IoCs

Modify Registry

T1112

pid	Process
4600	reg.exe
2020	reg.exe
5704	reg.exe
5592	reg.exe
4252	reg.exe
756	reg.exe
7732	reg.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
8040	chrome.exe
8040	chrome.exe
7668	Update.exe
7668	Update.exe
7668	Update.exe
6372	Update.exe
6372	Update.exe
7968	Update.exe
7968	Update.exe
7968	Update.exe
7968	Update.exe
7968	Update.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
1936	Medal.exe
1936	Medal.exe
1936	Medal.exe
1936	Medal.exe
8084	Medal.exe
8084	Medal.exe
8084	Medal.exe
8084	Medal.exe
8084	Medal.exe
8084	Medal.exe
432	powershell.exe
432	powershell.exe
432	powershell.exe
2800	Medal.exe
7136	Medal.exe
7136	Medal.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
672	Process not Found
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
6372	Update.exe
7668	Update.exe
7968	Update.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe
2800	Medal.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2548	1708	chrome.exe	44
PID 1708 wrote to memory of 2548	1708	chrome.exe	44
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 884	1708	chrome.exe	87
PID 1708 wrote to memory of 2900	1708	chrome.exe	86
PID 1708 wrote to memory of 2900	1708	chrome.exe	86
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85
PID 1708 wrote to memory of 4024	1708	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://medal.tv?premium-invite=Gabrielloginek
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe38159758,0x7ffe38159768,0x7ffe38159778
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:2
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4580 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5516 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5340 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5200 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4712 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5752 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5592 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4640 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6016 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1676 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5208 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5856 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4648 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6196 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5820 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6564 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6504 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6888 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6700 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7268 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7424 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7272 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7676 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7884 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8036 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8300 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8576 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8452 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10012 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9756 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9584 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9172 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9292 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9180 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9168 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9020 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8872 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8720 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8020 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10688 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9004 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10696 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8148 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8600 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9456 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8888 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4896 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6688 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8312 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8708 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:7956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8296 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10952 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 --field-trial-handle=1884,i,17196573336185087113,897222672909462864,131072 /prefetch:8
  2⤵
  PID:712
- C:\Users\Admin\Downloads\MedalSetup.exe
  "C:\Users\Admin\Downloads\MedalSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:2388
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:6372
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Squirrel.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      4⤵
      Executes dropped EXE
      PID:8044
- C:\Users\Admin\Downloads\MedalSetup.exe
  "C:\Users\Admin\Downloads\MedalSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:5760
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:7668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4b8
1⤵
PID:3632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7196

C:\Users\Admin\Downloads\MedalSetup.exe
"C:\Users\Admin\Downloads\MedalSetup.exe"
1⤵
- Executes dropped EXE
PID:7500
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:7968
- - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:7908
- - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --squirrel-install 4.2109.0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3452
  - - C:\Users\Admin\AppData\Local\Medal\Update.exe
      C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
      4⤵
      Executes dropped EXE
      PID:3776
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1772,i,5257311791844012743,16116470952074285660,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2160
- - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2800
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2109.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=20.3.8 --initial-client-data=0x474,0x478,0x47c,0x470,0x480,0x7ff7a68b68a8,0x7ff7a68b68b8,0x7ff7a68b68c8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1236
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      PID:7128
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:5404
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      PID:7352
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        
        PID:6656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
      4⤵
      PID:7672
    - - C:\Windows\system32\reg.exe
        
        reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
        5⤵
        Modifies registry key
        
        PID:5592
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      PID:3256
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8056
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2004 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7240
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.Medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2744 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:7460
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal
      4⤵
      Modifies registry key
      PID:4252
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version"
      4⤵
      PID:8052
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.Medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3776 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1936
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:4568
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:8104
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
        5⤵
        
        PID:5856
      - C:\Windows\system32\reg.exe
        
        reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
        6⤵
        Modifies registry key
        
        PID:2020
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version"
        5⤵
        
        PID:4780
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.689.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.689.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -
        5⤵
        Executes dropped EXE
        
        PID:5412
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:7732
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:4600
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.Medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2064 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:8084
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:2508
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:5668
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
        5⤵
        
        PID:8068
      - C:\Windows\system32\reg.exe
        
        reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
        6⤵
        Modifies registry key
        
        PID:5704
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version"
        5⤵
        
        PID:4440
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.689.0\\MedalEncoder.exe" get Version
        6⤵
        
        PID:6484
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures""
        5⤵
        
        PID:7840
      - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures"
        6⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4168 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4308
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4164 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:5004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
      4⤵
      PID:1308
    - - C:\Windows\system32\cmd.exe
        
        cmd /c query session
        5⤵
        
        PID:3224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
      4⤵
      PID:4008
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
        5⤵
        
        PID:3788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
      4⤵
      PID:5532
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
        5⤵
        Enumerates processes with tasklist
        
        PID:6740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.689.0\ffmpeg.exe" -version"
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.689.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.689.0\ffmpeg.exe" -version
        5⤵
        Executes dropped EXE
        
        PID:8048
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
      4⤵
      PID:924
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=2168,i,10710469390734831305,17399287275074461907,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:7136

C:\Windows\system32\query.exe
query session
1⤵
PID:4820
- C:\Windows\system32\qwinsta.exe
  "C:\Windows\system32\qwinsta.exe"
  2⤵
  PID:2208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
1024KB

MD5
46ba20017e7bd1e8964f4f1be02adb10

SHA1
98f2dbe6f83a035b8d56db4799fe94ddfb459c65

SHA256
e8b965811e33b46889f55167d9a75d8be22b7511bef50dea8b7f724110a5b8da

SHA512
364059e9ada32dec54713f0e2fdf097b90f5ac5571c0999d5f92a85cebca59f5e10680a07cab1c50bbbb5d58afa1de8b7906bba9b88ab8865d8878c309b560a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
24KB

MD5
2a9616447f755c0a64443305564b5f66

SHA1
d1cf8f24624b9927c96db980753533bc61cf9446

SHA256
43237596e4569cd72a783c7bee001e992583b47e1c6d1410c19378f8ea4474c1

SHA512
a4141dca7f15fb6e7e919ab26c680611eb5263ab92c362106ee66abe53044a4b72b160d2b787f9e408a5dfe626f27c20ad01539ca99f064d9e2a3555b48b4110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
39KB

MD5
d89708f99f5c1cfcb5b5536d815fa046

SHA1
b4ce428d9c0db5b7aba145eff229ed569b5371e8

SHA256
27db44f114c1209491806222707af32e6d5d593c3c4a962653dccfc66b67ae7b

SHA512
3e801148525e4e034957b06200faf0a084dabe4810077a14a89d63adbd6587db13c84699ebcaa7f3b90a5c362e1a23255aa30ea9f0353b32fb62c71745c3abf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
46KB

MD5
ef328c93caff99cd513b01a13545f1c7

SHA1
b4422ed80240708cd364b1bafdafbbbc44556409

SHA256
594de17b4d6c937ff3e62f4b1394310ab86d9cbff3b5dbd8df1276d68db12c4c

SHA512
362d1ed29a4aed48152ca05baefc00db4e1ce520e40bf55f1aba5dfdaa1909a0b9d1c42b80617e1c89b2ba9d94161d61b8816ee1d62ea8f3eaf69f45a2d30f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
0f762fb8aab7fc403a92bbac25d29507

SHA1
d3c3fd01c56441a9879c576eae6cbdd9c8368431

SHA256
925bc63a358aa3ef45b75c1d63e7cba3fa87977ffbe91cc19dcdcfc959c78fcf

SHA512
c4ea58d03fb255f3273d93a9b7a5570a6dc4068c80a68c83401a52c58f07fd9bc309b49ea3d03eba884ce7a032817e121cbada4d6dd1a7f578fe864b57195ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fcede4af4356e2c1c2576c45a9779f28

SHA1
bd7fad477a9210faafa43a7cf7b07378474f349d

SHA256
42cc2487cf5997a25c8c4dafbf409820ad3d25e458825d22028151404e626e54

SHA512
5203ae8c4a0e5ec3ee5369af41b561a97950f6dc696733c069710276141c6c26d81fca1ac1c4507474e81d27f0b03c023b0bf6389fe9d277e5da5f0072db3617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
37136cf2c5b4b25b3fc319c01f4cedae

SHA1
91e4a46f3b12c1f364b89a2eb53d1dede2a5f621

SHA256
41ab3af0639311bdcd79dec9d20ca363561e45691d2911654b3f571b4e2ae9e6

SHA512
5d6c1f978eaddb9d99ca0ff5e7d5f3fd0a70f1cc07cc41a96aa19a93f641f3fe77a1f807521a290c8917818c0f083ccd598d6a7e65fcdd5fa427c3f704e446fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
befb463fe81bdcafb7b950fed8236331

SHA1
eda62af88b9ce04864635597326425c266e716bd

SHA256
1d886f0e0368c26aca9a94135ba41f87f497b7bcbe752f2e47e115ed26a4e3ae

SHA512
3998cb9ad58912de35bde5735c0d56adbcb2e94e1e85dbd4105046fc7c5a4e3067ae41956c64fb9282af2b69f01e2e41f18382b89d05a472e5aed8ffc4daf026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
495b4f48738ff5a64033ba6f5e819685

SHA1
a44fef737241a5141886c62bca41c9b755e04eec

SHA256
1fe0f4c3e2c37dd0f23f39ce5493488a998a8c1f82dd19ade0cfcfd40bbb20f5

SHA512
bd9b57abc464eefe92b223b1c41a27bbc4004af694543ca09a64b8b8730b39f8f20d008566391623f99293d1b62dea6305d4b536ded3e16af34d4905db657597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
cfe57c9ec7608eccafbf2282dea32d62

SHA1
cbdb59625faf9e1a8a353d2322ce314694227652

SHA256
73c116e7855c1807ea0cf092ffdd096855b6656451ee281075debd3f671133ac

SHA512
adb74be4df71ea3d98e396a1b7167aae1e5edd1a72eabeacd4b8de45f2c4a9ff42849db31a907e944390c81f00ea1fd414c42ff159b719914aa4f8cbd0acc69c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
76b4bb9c2bc74f0bc77d3e94ebfec682

SHA1
e8b2228fe3a66f9d8eff82dd0acb11396b883aa0

SHA256
c8c455a90d00878d75afbd9ac01315f2a5390dac007c140a182c6ad3d52e7f9f

SHA512
386b1909f29afc1d07cdcbf15168529e78b5359b2aa345627bf2c24f8253966a80620911dc45179114343361fa0b08c16b8f97164796522d0b3396282d8914da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
83e21d092b4c447f126abde13e15867f

SHA1
614eac26e14988fc789f816f8db6603cd867249d

SHA256
e5668c86471d58b01684298a682625f5040dd0d6d83578d3af54d2c5e0d188a3

SHA512
85d7887093a775728f01453973f3a047b1e17dccc92d90eda7c172ce43053531e60d84a43b1f47da829882d83c3167cfd63edcb9111aa4527555fd8553100ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
6c4429a79abfcdd396a8c6d939783eba

SHA1
1fbb4c71cf2464b5547ecd6568638575717b2ea3

SHA256
f7dd604c79ba4ff41a86976a516783700c2212a3a7b53a67ca7cae8d15cdc0ec

SHA512
163c248e72e911e2d60f2abaf4cacd8c78b71d7077f8b9002d87a78aa2a2f6470720e2fa999a69414fb9bcc82143eb92bf5b4d522d5382d7bac32d30ca53e1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
46218a72e75c30c3a4f16bd8a0c1baf1

SHA1
b4bca36b45cde7add07b50de55d5ffc2a154fc2a

SHA256
51a05f83615beab2d87f9a3711b80ac518dfc52725f3fdeebb3e5acf0af0836f

SHA512
11332be92c7abf3c062f2027fd2c4972a5f384c343685b21e1e46bddf1f25206eafac991137130144ff3804740c80cdb0ee4dafe99ae8f41c2c18d1e66bd8bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9a10b85a879b6243412e25f9c09a8910

SHA1
f9618359f2c5fc646c9ba0b2bd4050219d779529

SHA256
3a6bbe51886a9e7a73305998b9e96631479e98b2e8aae04fd18d890abdc65ad9

SHA512
8025ad282d1728d65ec94bd8a784654a9e93d8844cf22df46f8f8e2fc4c42f0187e427e535aa158a476da05cb5bf6c5a2d88014bd89a2140552383e0efac7375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2b73bddf6ea217317c285b9319a11544

SHA1
6a8ff95f150f1c077dfac44e00e3074874ff18f4

SHA256
003364cd29c91a2a49486af88d8becb48ea076acbae634cce27b3563009dcd69

SHA512
4264d32ce1b450af045486161f8af9d872850f407a0d06d93a7412e9a971e6450ca44a005053b3911e14157ef59c2094c2e5a8adf06a9e1a995305b851128942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
cb5d28beab6cf4b7fe645d0e8f4466ae

SHA1
a89101489eaf87ea2e284f90f848214d1bdd14ec

SHA256
093de736e3561aba6902c4e6cc37ef006ab75a1c9bea5535de5580896ae1708a

SHA512
d55475b69c7a3ce6723d19c747e07f81584cd328baff4d1c093734195b70bd15615732cc8380b603ced1e4f511b2037ccc5e9877146ed79445ee1b8ba5efb434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a00cd8580b91f5a14557a1cdde735751

SHA1
9374c0d0868856d10b9bc48cfd80fdaf7099be44

SHA256
9384a05cab4fcc9a6d2fb51b5aaf953291e5d6fe834b1d644b366167f54ee305

SHA512
9df16290ee4f5d5e606d7a03ca65155cf9bd56c2c8932241c058f7cdc1cf941c60699a0b85ec46b38a8e3de1d3f85ae77677caa29bd21d4b838175bb19c04c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
06511bc9a6a6c9984022da839bea14b0

SHA1
279f5227cbf24e02afe32cb4ed12f6e2d0ca3bfc

SHA256
adcd2d9a09434d921601e7dcd2e24cf970b0966a7126b9020193b9f5710b87c8

SHA512
0cfb5762643a1467faaa9ff4fb5ba616e9c1f474a9b527bd27db8cbc77a8271cc18066c1de13fe1ad576b6b4ca481fe41dcf7c22cf307b6204caea1ca64de8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
52359ecad605bebc45c6f37a60c5d58c

SHA1
704e48f7069b7dee494e219f94631e6acbc0affd

SHA256
f4121e395a750c473b81419ef4298b093995a67039ab1b8089a7e48da488532e

SHA512
326cf702a05ba5587565e7ed8816ee3a0da05cc23e539692fe81185ff8f9a534bff11ae939a17225967f79d38fa94606d97a155e9a3b6fdb6685db67c8bb57c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
d59617d7a4f415c626777972e2715b4c

SHA1
526946f790a3fdc0badeab4c70ab8fb27402c2a6

SHA256
298c13bad091fb20381d7180d78512b4f18af6a7271242bd16f79f649f5a0916

SHA512
6fb811e5c9593135d43cba6ab29ed9a8019c11411ebb5a5957decd4f30b2c84592bc5dbfaa78ddde3bcebc2100dd65da686540d542609c354bef069ca0111d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
7d071b21d6cf172488f035042d66ab61

SHA1
55393653827d63ddc1ee3edceca490b95d358fda

SHA256
55ad4508d00a36df12f9a57788eafa751fc306ed0c9267664f50cdf916fd7b05

SHA512
1a3c64c1f06d152270af02a5387896ad69a95b03fb2f88bea4c2e0148db9e50bd2bdb70f1afff516fde0700215c736dee23f0f27e38be6d6472528c2d33344a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
7a77612f1d91476e48b83cb762281983

SHA1
1e4b9ecea01c7b4ff32bc1f2faf17d46ff4961cd

SHA256
800753b3b7dab21d6191dc0ddeaabdf0f1b4b353dbf5d89987a3df3966b10e46

SHA512
bf79fb5ef3023ee8a36a6e748271c384ea3eded02ad44e3acb400fcec5bce7404cd415c0b1a70c924d54012d0a6dac82f95d464b69bc49c3a8692c4ecca8dcfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
3475b7eb31be9ed169758bfbd9f79cab

SHA1
7f03f16caaed90b65df84f02a2e17ff5b5ad7ed0

SHA256
c2e8c58899bc7d0aff05e27e23b0ebd88aade216d20181674eddb0761e87922d

SHA512
a363b2e9664257881c7a1b523fa1a3b2dc910bba6b87af01c5b58933dec13977cca5d4ba4236bcb8b8e3ae508adc0a294bcbbe32c49269f62953d2f91083acf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
479d0616ca0c228a0c92a620c3c73e57

SHA1
08f6d320b67e6de005b2aa32d483f9cc54c6be1a

SHA256
9987509b1b3d51eca7b0325d45a66a9ff1ac671b8a33ee16f65f40cce859fcd1

SHA512
a36aec88dfb52dac091fe7dfc7501965bc666a4a9e954426c7511b55e6fef2b25082939bd141775cabd6e6e3fbfe29558a7ec861d1de082b679490d295cf6ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d799d4b8f4c52d6209db5c00412f1d3a

SHA1
6b5f5918e44dd707f8124ef05f6d687d872012f9

SHA256
90f9794016184fc5f2c030db4e341f66d112c60ac2b5a330bdc33aa7b2f10f07

SHA512
296e53d1e7a62457b680af22bc498bb3c768354064cde1bdcab9941c8701ec448d79810af26d6c5a2746a96092cdfa1f3a83955ef1c0437c8118e85eafdfdec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
eafaf905652677f27360045529133fe9

SHA1
f7b02f933754b2a228c7dacc53cac8e1dd873827

SHA256
0c1cd2cbe84ec787dd2cbfdc4c2ac7128eb32968e55980d74cf399717a9aaa13

SHA512
7a29d7bc172e3b87a28f2aae44680f55afd78b91d0aa48cc4b3ef8f5d7b01dfdbd45f3b50ba3c119ab073c70c4eb284b5459c831bfb9544113fae1411f810c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
2441a85971e64c4b0775f0f39d395f09

SHA1
d93c51e8a6ff3f731030763fc4de3f0fd638b943

SHA256
65202d155051c81e9a16f515034ba63820309544bd011ac3615f105bad883e55

SHA512
78c6451fc088f78d8ca7cd67f433119a4922e28df4d2008dc18623a8a883f41866925c118d7b2bdd62c4369fb00b66defa62005ea405ca8ff15c04abd1ed4b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
659080ef835dcfd7d49648b6089e3ed3

SHA1
eab543dc247ca323bb70b60a3c5d400ff6834fc6

SHA256
c0e4f682e1c19cea98e2549533676d7244ce87eacede35ead236f78ceca57174

SHA512
0d4747b6dda75a0d2ca9204386f4ccdc64650f3ce94fd9049b6db3d51373cd577a7261b48efe48812955699f033aa653231dea8056f1a582e583338029bd56dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
20df0034a72b0758224f3fe76960da3d

SHA1
749e7a4ecde97bf68a2582b251b941d0b01c9496

SHA256
7cfe5e621eb9e9ba11bb025d93038bd8fd9dcda533fc421143c5e4e45975e153

SHA512
99c4b7aff50c684b025914aeb983a7f5e0a339a011363490967e7a8ba3bcc460817db77fa7b1a40023027797a6948d0a6bf0c5d074d5c9e6bd96b44418ab1785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a3f6caa48a10717f77f09c41957a5b5a

SHA1
e3e92b5d99b3ce628069478e56c3953b1803d009

SHA256
3f035654d0c0003e8baf9ffa48ec425682094a897da5d151ae79647901ed8f44

SHA512
76f3473741bc4e0a8e56fa2235d729c16924b6d979acb83d4c49d2060d654bd98de68c4e3025059533c3dc3fe3ece413d9654ff48b004f0f75ee2db91e59b4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
242dc88382499981c22594c2feec3326

SHA1
0f2f856720f8122977b65647c38f1d7b3c772654

SHA256
473b9a466de7bdab42ae750542510381180de88d3eae627470f41f35c914b752

SHA512
d0068f779268c0a65742eafcc905569fc923e64dfd64fe1ea54787530b1470fb43c6fa2f185189291e7a25752ce7c55d9a38988398d24cea362eda6284f1d520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
aa50dd9795a8ce533be095f65b31572f

SHA1
970dd9d13cf15588f7db216776ae583d8afd7090

SHA256
6cd683a753295d4bc982a0837031cf0d45bf26f86de1e476ddde383dfc410e58

SHA512
4bdfdaca196ff6d651c81dd936590abb234398764e8e2c38802b812945c0610571cb3128eab5055071910012a35bb5615fd585760f0186786a0a5eff5e8550d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
54ec6d6f3b4c67de7111aec55bc72461

SHA1
ebbcde5c49a5ff9eee11e5c163971c25625b58a9

SHA256
04c65dd33284b6ad867defee7278d0dfa148dc7115de19ae0983496a9ee5215f

SHA512
12fdc5f802fc4f6543bf4449ae9aee1e9e7ba53d41e2f3fa913e6ad641c37f71ae98b17a421329ee82534cc9afb491e0ff1f53b233bad77815da3b3b1d73296e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f9feeea3cd7c33f49a6db98d6c31564b

SHA1
b27e52bdc809f9e82b848a99f3b29ccc3470687b

SHA256
6e83b69b7b2ff93055c0353b47037601e1359daa0df7597215bde173b7c49b15

SHA512
25e97c1923581dedeec854042d7f719cb1f8893d9512f1a56df8987382e31d6b4e2ce28c6c176363fb4978edc9430c74fa9d8a017a891a61e32fcbe3daa01a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c708633d0f4117368fed176b12c347cb

SHA1
94aa3abc167337a9e853bd490391f70d14fa6e39

SHA256
607f06edc1568f89f0b956c4436a23c133c0f5747f00ec34577eb31451281340

SHA512
02b75d51e13be0e632cd591e42fb136c3e12f02571d7566f9d68c43b6c8cfc94b76d81c234cc4bd25be1ad26f8f147ee5bbd10f147186d7d6da5ea92ee10d34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
60c8a6a78bf0be4a1d9308e64ccae790

SHA1
b29f300dbe7458a06ee3887f555ad2a60ed45992

SHA256
f7b8c1791456e7ee9ae0e5b648576c1f1ab3864665132780bcd7ec568a6dcb75

SHA512
21677def0f0a40bcd99a8dcd6c1fcfef58364df3bd40c78ea50959ba92b3a5b19677f48417db3348a4b2c80787ece6eac27a7500437750b1423a2016f6f18d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
75d3a6122748256ec3af7d25035982c6

SHA1
2108ba8383eb2e06fae9db8b9c5deddd4e40cfeb

SHA256
98b797a768b31f1a6c629c95eb05f95a7d81f492e2a8e2d688958975447d9a2a

SHA512
3e583d4f77f1c5bff9761f2939f792e5d3c12197f4ad3d1acd2315f7ddc077081ba31757748e65fb3a4bdaac58eaf5135744ed1895adcc86e4513b7efda02092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8066c83e093840ec2f797623b3365a42

SHA1
1922c69296b9bf4e99391beb644777e58f45cd91

SHA256
74bd429198dd020460335b284e98201e723c0982fc6e5e4afcbc8fbc01bf8b59

SHA512
23dc8926d8318f7a90c2f01f171019165f2823a6d8dcfdb46d739133e54de26905d85f08654283cc9de08933067abb4711bab0b22fcfc43ffb65b30ca0970bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
6e270612a31f00288a039e360abf9572

SHA1
e96f3371b0631418c71435bb2dc547b3c3fe30c6

SHA256
f42c9b7d0730d7c4f2028f93240ffc73c3809ace59871027760e09aa766854bf

SHA512
40fe70b1c1040d9535e28b6366708c84aa11b6aead38a0dfc042efa8664611d58483f51dfce035bd62e4b43ea1a0a42b7b82f884ad03c48d707a323fe308629f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
fe5f18cbda9d97110ff947328c2b4aba

SHA1
73e44c178a3ae29c5a4d9630a6f1a2271b6e46fd

SHA256
8645a4ef522e660e16828b4a726808303c0c35dbd5090eda51e02fa883e46f24

SHA512
f85d0e5a27e4c3268f216bfd0bd0c096ab236a7e938914f274137bfdd21f5259b4f4d404b221d8136b53bb90307c939fce277b9d6be87d06da2ee2c5c8134fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a668a76ec147259491ec06cce562750e

SHA1
4f51d48e663cec24fc180107d1daf86ff80feda9

SHA256
20baffac5b9d7e8bcb752f35c89b26e2018535c4456e8c836c2d47913bc6bb43

SHA512
dc1515277407962de8995f71b6daf3b1af46c090fa22edbb984bf3d31b238fedb218bd63b1cb81a0c1a574fb67097dbb29000f94e69445a786723a9ec57cc13d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
5260828a3489b56234afd400352da320

SHA1
46c7270175da332094d5506d494d1b66305c822d

SHA256
d9222b3a6eff77ac19acb32bb1da0604a6d7b4b02f030f9cfad98baf4f8648e0

SHA512
e84a4e9e52487e29423e69f7cc73001e84334f1aeef43adbc429e1360e06f6002997738db4bf9c211b7c4785dc3e5939273b5e8ec5cc008bc3a62633ccf41a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e95a955da21c412a84aea981234c6861

SHA1
c7092793768c644e5cc998e522d5731f987a0621

SHA256
c9b82a193a364ca972298f32bdbf642870c63510bdd28e36bdb9ccf94916def0

SHA512
e43a5bb92a7bf35d42a33959733a143eded30fec0dbfc4909c959dd2dc0ab228359e813b637e9ac592aa8db999d9506442024df68aaee82dbae68a8517f3385b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
e30a9217029d9939fbd419030e69af42

SHA1
d8ca4dd3cc42dcdc639e46f9c35f3122e11db99f

SHA256
9bd1b5d470b735b5762e1a0acd973886f1e1c961ea1eba04fbe91e4cf2d21ea1

SHA512
cdf53496b1bdcfa64d0e9f899b49710ed3198f642737115f97615f1d15d9729f76e2801d93cadb1b8ae0da9ee83a1f6419a07d52e49f99928e56ce9c4aedf477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a41deadc11187cd071e1f9a0ad322e27

SHA1
a0629ec7b4ff09d705abec82c0768845bc971b4e

SHA256
af17d7ffea77625eb643f150267d10370dd466a20490e277f00de224f29d14b2

SHA512
ebad61eb34135b65391cd64ec72b843f208dc92c47b71d0436fbe1d9275bb618b9f595a738927581f59dd1c424be63d99ca058f4c77c2087cd0d42a4ecb87a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
d9bcb32d64117cd37b2df9db827c32c3

SHA1
6bd0ad93be15aaec6a0cec01a0a0a16e6254c5c4

SHA256
aca31e72d6c980c3f5d50223367108245eed990e8566da54f9e8534390657afc

SHA512
5e972888981423ecfbca0b0ea9a09b25b76f3a63efd04536c91a86ac2e413e59757df7477a75566aef6a95d303645f0a05e851ede30d916675e50de5015e10c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
70b10f85e561b44e5b35e55b09f394b5

SHA1
6f837eda6c52bce1e19e6f3b91b19502f011effa

SHA256
ada765ab0694f94e7fd280ba025aac4347794e749bf5d7ba48e48fe6d11e09ee

SHA512
0b6b6eb46905671a2a705600000b5b4d603f44844cafb2de80eac70915d6a2409f4b44caf9611c726a65b7269bf4eaa133b2faa26919fab610b2bcc75dfe3bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43f92d8092fa214da7e7a23616da48a9

SHA1
cfccc30672c9ce39d94722ac9492ac5bfb425f39

SHA256
0ec3bcfa7a678968a3daea7430885e1599db30600d9e2ae29f5da498aa8ca3ec

SHA512
239ce705315939dc22ae6e59d129b689795f6c1c0a0f58ede25ba2332888166401b629f379a46c756aef956185febd986bf70a9a423f63cb6b377fc49d526905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9396048ccb81322c2e6a727ba21b8e44

SHA1
b38e45fef1e04b0a2c1a1680dbe0f3a7d91e9ceb

SHA256
212cf71de83946b17d29992a418f99413df132dccfcb37829243e353e70b3c64

SHA512
21100779df97defc7c5186a0420f8e503e04c8719cf03062fcf4d3533b644b972334f22a9987476cf8c6fd615d80154fe589cbacc9b245b00201617472038b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aefdd07e21a85578d8fa81a6f38671f2

SHA1
575c9e9317b6636ae4608981751af0f3d9510926

SHA256
c1bbd49bf4a4b76023282b89255aa835f9fadb9a3acb0078ff55fdb8394c8d3a

SHA512
6b64e29145878279bba3f95cc9d76ab6efa67e727b36f4a6568b5d8b7a3760e1aabd74acf85f0536a0318afb7636e27beec052b00c17aef3dd5e2a879c7b14b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
75e7527fe3e1d3eaf7fad062ae2bf9a7

SHA1
dfd42356606d219508b5c523c40bbd6a7da75b60

SHA256
261b06a3a2538b405a53c5cece430d2a369f66b5592c5cad790279f3608f1720

SHA512
a6ff348a94340e73dfe1da416b6ab3d76b31dc27c0c0077dbfce247479a748ff2dc4eaeabe276405b64747a4d6627af8a08962f7df55192e67c3b715736efa31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4660599637d65b9fa59256999a2ec726

SHA1
f7f7c7f3128862d7b14227791e484f347f51679a

SHA256
15d2d5e9a2e69b015258706fb674b4fe494c6d900d39433919f609d38d873b2f

SHA512
7bf26d5176d5496c92f813534bb6cb40fcb43470ba57088461bfde11476dd4486706d0d154bf9a8021295e2553bac5f059f69c73a9cdad39585e79491660c1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3608ed11f0e038bba63743d73922d636

SHA1
4b1d1df1f245238be30892d975524a123ef66231

SHA256
c832ad756de2d3692c90801617cd6c3af9d02cee9143b4bffe15433c5a2e5484

SHA512
ad96bae68d042a79a443bdaf2d02ee5c6fa3694c5e637d7c4572b45efb8664589ce03c317d8ffce2506e81298634fb12200558d687dd92a794227a736bbd5f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ade38986242cde4c6f06287da0dd417d

SHA1
1a990a17ad841672f0c9d83dae1d4d8e11de26c9

SHA256
a453be7f319ef63927471dfa4db4fd030d6c736514a67341ba68398d9cd0dc71

SHA512
940f7a4a019b8345a96a3e4940f4c86db83d29d58ba353a49b47e0dd6d86c2189e6cb8b19e637c08d29f904be2190d1546786ff70c987ac7d75d0be61d9e4697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e8f86c781f79a61ad77faf81c8737a71

SHA1
662a6d5f914411d54398061c9da608f46492975f

SHA256
153edff8d151c44c55ff9ef05f2ab3c164ee893ad4c4519e9f0015347689ec30

SHA512
382fa0eb32782b4c8ae6f934fcff04c81922721950847178f365394e55f02cce115ace08a274e0bf5d3fa79b7317acb6e138f920708b1641ec6056d13bfdf0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b9cb1091ac2ca40dd4f1fc468303ce15

SHA1
2e51f903b755383ab61c6261425e23e93b88c523

SHA256
8dc0c47f6d92dc74d3e581887bedef7a77c3d695d81d683a5e80882a105e01c1

SHA512
2a21db8d92a73dec4c81520d429357ee5614cdb799e6c43e8cb97cded9bc53285704c577b3390e68daf592d7fc0a435cd30ba627c8cbb2d0c0a8225166adc0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
875fd21042ac3bf512c8db9495d5a0d6

SHA1
a51dfeddc1c2156b08f67b96e90fae57ef62269d

SHA256
5a982127984f2174ecd667121fd37c6271051e6203ef0ea8493150c5d66d7036

SHA512
a2ce091d78f4dde205d7aed94555707a43a48db5906b183238b5ae23432e7e5b39cedfcbaa79d77b959d403ad57e27103279182c3bc9bb4893c807010a895056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
ebdb179811580afa396fd4c14c67147a

SHA1
e5017b810c68cecc9dfb76c51d8759ab58ed8c0f

SHA256
3185a9e590d4004407ea88db3339c23615c6edaa30cf78c55bce2eeef4746a97

SHA512
81335f575904206e64d0d5fdf85426554d0c30df6fa67985ffb8c663c48ba3a111dcb22e019f990ea98a940ae0754bd2025fc72a2d7fa4504e122ee9f19e23a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
7f6dcb9a01efcaba4441fbcc4729b345

SHA1
ba5e3487de6e650f08ed268c9bc056ea60585b2b

SHA256
04e660cd2662d8df822ec33fa7a26b0daabd0abdc3a0e592850ecb838b305f9f

SHA512
5415ea33f1728b955c16c2b894b2b849c24e8272388f2ee14d41db18f974ac3905f0bfe78ecf3a6fc7f26152d9436e9ee0014e3a5df2aef3d6d04557c0996f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
9218b4f08317da69a60945486f6e9f76

SHA1
d19799e3be192e9182daebf007b5f59eb8d345b6

SHA256
d6fadacade4a6bfb274e9291bf8f3d0669c54d22b882bc2ec2671e69f51ff82c

SHA512
8a85d9ad3fe083a208045160f9c5224c91548eaa8658f8cb8858df8acb05f75c6e73ae7edfaec823aa48eb9be05191be68791df3b95b13da05f3cc0ecd1ff74b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591bfa.TMP

Filesize
101KB

MD5
14e3cf72911be0377812f2a8feaf734b

SHA1
62eadd0108f53690a2e4bb77fac74db56afe3dad

SHA256
2fdcd079dddb506257f702aa3f2114320c41abf2b225ae5d462424fde5f4a841

SHA512
36c07ce6e11726f7aea1bd0c25ebb9bcf70d84ad2ef72e90ee654bc90ca691857a256a82e15470eccc418e25c4d0ceb99aa8aabb720ad979ee1c024437723e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\Medal.exe

Filesize
144.9MB

MD5
054e789724f0b380d2f7bcc5631b0006

SHA1
05b12b9097299a73bab13883361c913b7a483b4d

SHA256
b9129313a553d8368df65072af756bc80b38969ea43473548ae66a29c2a29334

SHA512
b7fb9ddf8e96130bcfdfdff8d98e1dce8f2c500e386ea24413303ef9dd3f61216b26f0cf71fd1dd6f60aee6ac5002b03cebd2a52704abbfe17d0c97ae8112da8

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\@get-wrecked\iframe-editor\build\app\assets\img\inline\back-button.svg

Filesize
579B

MD5
b43088f037596ab4e63f80fc8096a56f

SHA1
fed79df8aef9952aad72d5f9a43582675b7d0b83

SHA256
1e80025a22e0abbc83e5a9beb1ea7c332a0c5b3662db0fb7282007f1cfa00485

SHA512
910a2a4dc659b734188f52eeede07235ac1697b0794872b3fa87cb227c1ce6917e55e8ac4a2e6e2677947fb67bd50bc99a330e7d939c2a7da05171e6a4253dd9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\@get-wrecked\iframe-editor\build\app\assets\styles\bookmark.png

Filesize
61KB

MD5
c19b7ab1aecd23d2318ab2cd9e6a75f6

SHA1
b8a1a55183dd3bcf847542c9d7adc27ea8f857a0

SHA256
4fb172ec705555b0e6397a09176fd044012920abe2ca2d685c822d9c14bd1f0e

SHA512
e90922b2d6b60b73b601a2fe479c86e0a5a34d75dc3643aa3714032a6231642212f12f73fe102ad0db05c2813f9360afe207cb514811c9c79195a882e3287d09

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\@get-wrecked\iframe-editor\build\app\js\npm.angular-2e7c25159e7378324e72.js.LICENSE.txt

Filesize
103B

MD5
69441bc04631f13edb6d072553fed9b2

SHA1
6089b22faa270569cec1608b30bf593dc28091b9

SHA256
50740e5ff2c2eb5c46fdc3a5d1edcf3685e236b3b71d26daf712157e0843c166

SHA512
f3f852de3ec2b584947ecd7e2a8fb2dcbdca1029bda1e1f0293cbdcf6ed51ba4c22eea86f9f6860c55c7390e9efd74beb32eb99ef3f3e617357da91e654dbb40

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\build\Release\.forge-meta

Filesize
8B

MD5
da8c8ea5f42bc3fca4aa1cc9c2001a09

SHA1
67440bbd38ce7f4c8ceaa49fa1d3f9061b489fef

SHA256
f1ba8ad66bc664e6c26c2a132b1257702ca3085ec0fa715ed740eaece57a1135

SHA512
2aa65ede458a98dc53731784d7c9437afa7a51b6fb7c34433eb0e9a73f61748652968552ddc17710edc2ff39cd8c9706d6ec1e33064202c7be1682193f563a41

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\build\deps\libffi\ffi.props

Filesize
2KB

MD5
3f0d761fe677d5e2dfb66e5133f75a61

SHA1
a28701574216b53da77190a0da5173f987fdfb02

SHA256
a7122745f284248c87c685f7cc827dbfcea0ff6adee8ccf31049a2163c72564a

SHA512
92ebd686b042889e8fad204527e83ec7aea3ec50156f25cf6fdd04872ec7eda7c29e906673899365d9937ed114d38eb8221ecb032563e0a5121ffb65a9f9a076

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\build\deps\libffi\ffi.targets

Filesize
6KB

MD5
36cdab0ccf1d673eb98d6cc308a53c2b

SHA1
0dcad9115ae6a3b56e30757549408e724cc8e24f

SHA256
1475f6a76679bdc8127f52f105fc000a91a63e77ac6edb9ccce26348b2163ed8

SHA512
9c70eb1a8061fc2cd3bc88823308b62235fd2107573eac097d961dd06bc5075b66ee4ed4ebbc405e580b4ac016246d84813a3626f0d05eb643c4c610ad9717f5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\build\deps\libffi\ffi.xml

Filesize
7KB

MD5
455a25f71fa2cf162e57338434c66a4e

SHA1
72cd59ee7bce0e70f204466fd6b83db50275f190

SHA256
e13d590dc137391670357d4848cfe5acded3c5a2aff876f1362ad8d7e0cb708b

SHA512
fe4852fa7d39e1d1fda5ffddd23c0d77a918362bceea581eff540fc5ed0fa61b054ca7a9b53fc5b8fba05b1126751882d00b09e49c31b715fadf6024dd9954ee

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\build\node_modules\node-addon-api\Release\obj\nothing\nothing.tlog\nothing.lastbuildstate

Filesize
236B

MD5
fb7b285d87d23eaa9d61f8581dc103da

SHA1
58d3d637a4655219a78c199f17dd74b86c90e537

SHA256
8ade3d432956284866829b338b38ec7476c0cfecf64ae3abe338302b23e8093a

SHA512
51e4c2a4c9e4a5e1bda5a0a9531bbaa59a5d9a7f71393a44e82e4a27a803689fc76462ce4cbd536ad2a011730a99922d2b01bab5138781a6ce198b6934f0bfaf

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\deps\libffi\config\linux\arm64\ffitarget.h

Filesize
2KB

MD5
6d7be2b919719556ad555cfec199e8b5

SHA1
7c65acf1f8136706014b0b08c427e11e9a506d85

SHA256
ee109c2bc130655caedd91d71543428fb133146c3a0a33c51bffcfbfdacfa2f7

SHA512
0ecc60bf79136c05afcf6a9996148d6313641613a5faf38995e50aa3b8563a40994680d0037fefb8b97e50e07fd791f2cabb9c830921f2723ed14bf7cfba2600

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\ffi-napi\deps\libffi\config\solaris\ia32\fficonfig.h

Filesize
6KB

MD5
f6d178e7b3c398248834f542ebd6b4c4

SHA1
1a1e4734e026709affad4b3da326b765848f4a8e

SHA256
c13eb6f3cd50f9160605e31aabd6a78ea0426884374099ace61ba49e93d6fd2b

SHA512
56fbf5e6f7f5eca0ee77fa977e4e975881039ae9c474614ed1056ca0f577cc728b59615f8658642ab1e05461a7247f9b1dbc68994c622b1fedaae775bb56b81b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\lodash\fp\prop.js

Filesize
35B

MD5
ebb08110bff348df334274bd1d79e025

SHA1
563c5eb1769785a3350bfd1cb2b4e090a650c994

SHA256
af3533640c8af8f6804e9df53cabeac7767cddf1a619236e7226a784a2e9101a

SHA512
5f613471f700f4d36a3847f694774f9db9b7ebafd5037c00268af6edbf762bdad13a713dda2f93ab5f02bb01e8cdde2d6919f33a1bd1d74899bf1bf130b3fc73

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\node_modules\lodash\value.js

Filesize
44B

MD5
3b889e721c9c14f7a5cd312bb476f2a6

SHA1
dcaa02fb24d8915128f62a50e2782e30d7d4fe8e

SHA256
469f0f647beaf4eeca8d316133bcd0a0b3f5e55a4c1a391da1f10baba824ca9d

SHA512
3590cd3433b362223d3256d29a851a056c09d0fc0f4414d194cf39b64d166841dffd59f3029c352991682e9ee8e06fc97855fa1cefeb209098428dc5c2c7f953

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\version.json

Filesize
44B

MD5
c76b5da0d5eba56c5e7ed3bcb6d221dd

SHA1
744bdfa882d54d5197962a6a382cb356361139b9

SHA256
ba8e6c2f04e7ce0cd43117266dcf7a77ba84ac07b94b6af3da0b7ebf7d17ca18

SHA512
c17509894502681fe121545d2951e8d4f72ce2f443b21fa8e49d68b30f3e3aabef343977da136c96b22f03433c619730f9dac4c409a0131018bd0173d88ec074

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\version.json

Filesize
59KB

MD5
1af4948e0c413511b82c35cf6e6f5fb3

SHA1
ff5c3ecf98e196eb339e1a2cf4ed9596f3116d1b

SHA256
4b18a08dcaa59516354758e32490cbbd425c93a85a1af076c14e01a38779e9b1

SHA512
96f1c1567c4687d6aff48d43df6af36a706ba5edee7a861d374b54e1f541168e93e2319ce0da149edce0021dda814384718cef637e61dd94e8ff1d4dd23acabb

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\version.json

Filesize
90B

MD5
b28ea2568ab7e29ff8de7cd7bf5fc0de

SHA1
b4c0aa39a3015c998948e15bb4e88030cfdd7cc5

SHA256
a14cd5e1b59ffb5d7186bbf9e1838d6d917eb9c1d793b35e0b02eadedb7ab79d

SHA512
bf5e1912420e60e92bc3d004d5b5ad408f5326ae99e4edd01f27faa33cf58e6d655ac573ee891d82c86fa0646d8f9490d0d1af83bca40de898c224411a418f3d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\resources\app\version.json

Filesize
24B

MD5
fbf82b4904c126c875350cf585814f91

SHA1
c6063514a294f0304e5611d85da9c4b6b498c009

SHA256
22748c6a643aaab10725410fb3eb9c9725d3720394f4e45c2296d5c0fe65fd43

SHA512
4f6e788f3bf6cda4707480cf2cf750b1186f9942125eabd46848fef41bcc91587827c203cfdee871b85fd32760f1a69fe45e7624d52ec01733ca1205255a5a37

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2109.0\squirrel.exe

Filesize
2.0MB

MD5
319dbbab82ae16de45cb3377a115f657

SHA1
166bae4034ce9d8c5f86ecf3c608f98d9e6824fe

SHA256
c6c710e77edec3a182e66c92b8f6c49b993d1f28fcb12bde33be1cc36ba7ff64

SHA512
da9854364bd6c21ff92d02550858f777de09e49abe78c7996c584f92b98ff6a6966279d74d550a602d82041c1da1b956d91f8e0c8f0b9f4a06ee3914a687e6e7

Download Submit
C:\Users\Admin\AppData\Local\Medal\packages\Medal-4.2109.0-full.nupkg

Filesize
135.0MB

MD5
5f2b941ec2075aa7dd5dd5212d759ed5

SHA1
4c5981b9cce46db12ba3a21e00298db0e743e505

SHA256
799ba6bb6674d6cd7a7aa7272d3b9ea808eb9dc16d1bb00b8844b9b2751e9523

SHA512
2c9e3474d1f19cbfc71dfbbbb2315dd6c7854d5714ed2a1cd384052526f9c0cfd84019fcd3df951b0c54bbcf4e0a512a4ebb269375cd9e60859914ef07080c73

Download Submit
C:\Users\Admin\AppData\Local\Medal\packages\RELEASES

Filesize
79B

MD5
701537b916e8292879eefae4a0d0baf5

SHA1
6cbd39f0916f7a8d22c18809ca3e72e439c68bf2

SHA256
9ba73037a9b4786ce8c55c9c1bf41ffc46e5032f37e0fbae708147f17162486d

SHA512
44886ca4e21712b1b81251c2e3006ec2150e0000714a7f93674ea737fa355ccd22bfb02b6f1a7741e62c28142141da999852a8818d148cd28d73c61641840e95

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
f1ea5771a0cc073dfb2e89fcf1ae482f

SHA1
7013ff833405535aa6fc69ae7564d4a899416caa

SHA256
46c361b85083eba662f9236f06814bef3aa796ed834328c245f7cbe221865976

SHA512
2f7c8a98eebc2f227542a11da9d4df02822990b980c83a42246bd6d9fe237a52051fedc44c9f18eba1ca8e1b76861d7ea4ab9f0ef3b72c11d3feba109bb65a23

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nxmffjnh.pg0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Cache\Cache_Data\f_000089

Filesize
444KB

MD5
3cf3e767469deef11da59b3d462525d4

SHA1
0dbafd72675689778c7c428306010a8a814471d8

SHA256
8badb5ab65f7ebbcfb7eed53292a048c63691cfd8fc04bb6a8185a2b0edf1c02

SHA512
533a9bac035ab223555abd0f9fd01f135f5d85b1c0505d4d3c2500ab56399e808c05f537b0d4704a1ff5436216d84f39a1cb5d9334d17c7753fdc1dd3320b101

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
894f084ec694fcef3d7df21e77091156

SHA1
ea409fce7d628be0634339b4cce78af8e5baa357

SHA256
3df35f2751739596adbbe5654f89ac1ade6d0fd5f4a6d84e2649503401979ec7

SHA512
3d9fbbd5e20a33c6b90643b5981bf5bcbe2cf2f1c059a2761acc4028876a7cfdcc99e1291e9d0bc7d7a6030ec59087fe5790a64ca32c0c43e41154c59e48d59b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
7e29103d6c7abecfc55c1366f2cb4a26

SHA1
0ffaaf9e131eda85bbbd0eb2a2d4f2bbebf43e50

SHA256
a3bcef0a1e533d02cb62dd71c300eff1f6d6698af9b0bc1282e9d2a611a179cb

SHA512
05070b50a7fbbbe6b3a99ae5193c64c4472b76823b36108e1a7c77b5a88bc333fe2be4c0f343d5b3d29fa7324f4b844e553b103e6641d792b59867a91c1c549a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State~RFe603c90.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
2KB

MD5
110c9d3d65041141a9de8108bd5a26c5

SHA1
0e8307c1c78c68e75c34426c9e5b3eb59e67fa0c

SHA256
eca61959d25a0df2c42185d9c3b81b16eb8433130f5dea2c87a8cf790c9743c4

SHA512
6ade84da380ad49782356157e2f1e1b7d6e18049e1a7176df3c71396c44760469a9d77215a15d702f792ec92a5c4207d6c9277ef6f6703027e21e4ef2b73b450

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
2KB

MD5
19014aaed06a0a2ee4d0e148771e323b

SHA1
125e4d37493c2ac4c3a9e660f9454d388b1bb57d

SHA256
a808b082dd115a65c870629204b7620d552f7c6cbbe7c5ee0384c176e6aeb560

SHA512
b2d3b96ffb4e57f488f255179b84599db01098da15d9faed93a6bfa53213a0ce225b7715ef414f1cfada683d6b960e8a00cf9b4a031e1eac7d148e2b2400b27e

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
2KB

MD5
4c723a4420103c5a90c2792d383aa713

SHA1
246e73bee3e7c2e9658eed9d22ebb400ba46b019

SHA256
45249cb93e45dfea78e9c4102cfd4d1ed7f69563c35b974dd014760320155930

SHA512
f37739385678fc78afd75acb00d145e6c533734a0ba23e3e2750ba5276115c60496f1554d8f951f7ba1d0350e500ae94826160048af03bb3c3c16ad377ad14ea

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
57e4b33c43d1c9c5426b6d5743b02d8d

SHA1
523d9184639ad62a8d43ba53382d3b5dbc63a098

SHA256
77e44a18f09ca38da29704d8d09a78386fc8309d92321317d1c26e3174020128

SHA512
69b773abf3fa131326fa433225039d70e5f2fb75f958f379423a8f5ff13a710b429605f81dc075ddebf38ad93e4d0a23ab461e9819d2fef002463cc8945ca8ea

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
ade1fd231777c1d9926eaaab2148c081

SHA1
ad5b6844ac78a1e71616be33de5c49743922c4e0

SHA256
38c4f6328684573fd01bef071fd578c81cd48955fddd71a30b21abd3e11608a9

SHA512
4693d4601ea8529e20c011f8edc7b9d59d6c73a0f6cbe4a7c4c23fa7dffabe1a90859f94e435982ee109669de8766b132fa09ef54a9b57772e2792ea23303ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
65d645eb7885449c82e2146f58b42362

SHA1
b7c96901d969a426fb857fb8dee0b591ce5e8ccc

SHA256
5587f95100b12909a9ab11cd6b73d0f009c5956236392b7f1a2a206c7cbede3e

SHA512
9ec46a248365e2be0363e15ac6ef7d9adf85dd0ff4fa1bdb04134c8d773ec4e37d57d9effaaead2ad6dad4748c0533316e3f291b6c62faa59ae0b9a2c1241e55

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
2KB

MD5
3727c39e29619936049a6b5503d055da

SHA1
f8e7500e2a86d057427e27bfe55b9a5bce16d1e6

SHA256
bbe8847bfa9c3bbd948372f0866f0d83653247f1ecb588d766bd3b9a07736217

SHA512
6b635bdc592caa0d3ac159cc491aac4b0ff7270e8fb8345200ed41443f16013108a0f5eb8dac0814e39fc581c3de2b4b6aa4bb88c1721d63109648a79ff77cce

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
2KB

MD5
83ffa4565657a3126efbc1367ef9f02b

SHA1
3c45c877c32221c4e73f9b21eb945fe6c0673543

SHA256
bad31dd592897a122bccc280416d4c03737a357db60c1b03c7d7f7661b7743e2

SHA512
e4ad143195af2a720ccb58de0d6d39ef355f1fe2ed97e3377d3ec4e070884570c05b6f2cd2c1272e9fa0b052d1d912af2d2ad78cf1e62242cf04201948e6aa50

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
5293160a21c88e386d9bd613bc0d856b

SHA1
098700430f344d422c487e9bf58305a3be2ea57e

SHA256
6d949171136c70ae9684d8ee91009f4c3c8cbf1f5861991b87e025e8c798f8e7

SHA512
f2307ffb9c8e5061f2a2b4436c53124463d60eda988dda486234bf3b8f29fa01f4fc54d53d9fa46cddaef0c4d3e6e2219a53cd38882ee491e201b356b88bd313

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe5feba1.TMP

Filesize
539B

MD5
6f0bcf8813bfe13bb12885dd31bdf6f2

SHA1
39abeba4356633b65d83e26cc606e8fc9ea1b45c

SHA256
4328b7878a0f92a6cc2ae95a25fcce271fcb5fe4920e4ec89ebc9d4c75ee6e37

SHA512
098b37d731075962b078285632aef50ca37ae7fad2688ef94e298f2f72d94931dbf1c24951b4ae363ef983243703f98724498221bdae227c34c030f1e4867097

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
132B

MD5
f6e9fdf8cc24a4f083b72e1f9f965d51

SHA1
d9fbb74c8818654344b47018abe0903f28ef5313

SHA256
8aacb456a2294b2536b75e1134538188c1fd4e5050c707830a273e3e0fd85b74

SHA512
343200a72384ca836955af9e274cc64eba37f28c44023e9b47f5e3d6b3a17a20331bce3d740664f163b9dff80b5748293c2cd9e428a22b77f59659f240bdbf9a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences~RFe6003fc.TMP

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v2.json

Filesize
22KB

MD5
62e8fc8707eb5437d10bd0ddf60b283a

SHA1
e8e85e36f712a71d6362fcaf68d578b6d166884d

SHA256
e546fa7570db73fe146d0ae4057c1fea069d3d8157ec75c4216519aa956d9ace

SHA512
b847528d9cf55de7c156643fa9cd77abc153207df924dd2e29364aa5eec9be2e46d1e64558f66696cb0e8d8aff7269494301904321c1ed5e67301d26ccf54696

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\game.json.2595062931

Filesize
2.8MB

MD5
2d921388d6ff4dc1870754377496068d

SHA1
a4191b0bf3949a6d2eb6523a7a9687ed65264ed5

SHA256
c5119fc94292ef6f3f94b158edf5fa85e594033a36b4c0d34c1669e1ac82c453

SHA512
17f0de347e9a65be1a22eb2aa55f78e7ad1752c6554c7957756fee9718ecf566365fbeebcb373935349ea441392086c4c6b50453c2fa69d158cc5931c7181f74

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
121B

MD5
a85b70d3a04f44484e0a02906319a2c0

SHA1
d76f340566d6bfee3fe5ab97bb16911394691676

SHA256
f19ff08f4ad256a37d3b028e7a18e74bdfabb505dfd264bdee68dce89c52f822

SHA512
5b1b1646ab6668d0eebcbc1b50c8a3c932adeb1bdc3cfe40465de879ea6e4d74059756bbbddfec081fc8c2e2dd559b27ed9e2f4a354412b624167580eecb198c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
58B

MD5
9b8800caf680ea44c3f942fde7853798

SHA1
21f278c724d1918a3eafb8a49066582d4a2b460b

SHA256
616b246c140a4e0a6297f700f1347be0d99863d5045fb0da61786e0d73c40b2f

SHA512
60c4e9999a13af37439116c7a043d9ee02ad7695b36e820bd30e75e2ef26a6b9ff1fc08965d1f2ac53d71400ed4fcfccaa9655dce70c8c0a2bd0043e817e3bb5

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
14KB

MD5
9badbacb0046fb77beaccd244bc98fc7

SHA1
c11ff4f57f468fd9822a2976611ef3e0bd1fa921

SHA256
07f6c9efb80d0eee3b5e10fdcab9f53a3fb1ab9fff3c1bb4dcfaf34daa5c89fa

SHA512
8fa9b3358cb9ec1e97954af458798fb767e4c9ac02e04ac4fe41b9e2313ea0b3d3c473f04c7fd26f545454f67f9d19e8ed72fbadab138cb6a05de7cc6df3e047

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\user.json

Filesize
509B

MD5
000962aad1a50062b98b1df5215c80a1

SHA1
a74a13835de8888d54618446e2547104cd3a2b30

SHA256
1488e5316cdc8b2d68d6e5da3e292defae8ddf4ee2dab493b5df75d28fe30bc1

SHA512
4bf0185712d54860c968c51afb33ba7aa1267e1e190a0dd0e236b100a943fff2f9253a3c6a18e46db0237573f51d92b7da130d052304c1aa006db7343137b517

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\user.json.3573464236

Filesize
581B

MD5
c20cd5f5b5641eb3b6bf3cc8a328410b

SHA1
3f6c58b9bd349475d09d61516d98492a8792df6d

SHA256
169534092602103ba03ec2c4680dcedaa188edd1dac7d2867e51acbde9fab0a0

SHA512
86a74396fb0cb1c3594f8a8f9fbb7732749b5b4f1a07564a13f0f972026c5b44e882a9e1f4f1beef963d3b9db9090fb935c09233c9e0052da3406e3b27cbc3fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\MedalSetup.exe

Filesize
135.9MB

MD5
6901028c84730073316a833538072307

SHA1
4562047644f0e96cae4bfe77aebb1dd87f0ef87e

SHA256
3e319d83456be9ac65b72d7287bef1b0a50aaeeaa9a7193e7f3ef35ea7d8e676

SHA512
1bfda3a1dd8fb5120629005b5b8abdfe419f60af12dccd912fa3e796bc59ee8cb6077d6a53430da756ed0e97420c036816363beca615bb8e038ead98cd22e1e4

Download Submit
memory/432-8625-0x00007FFE24250000-0x00007FFE24D11000-memory.dmp

Filesize
10.8MB

Download
memory/432-8610-0x000002CCD84E0000-0x000002CCD84F0000-memory.dmp

Filesize
64KB

Download
memory/432-8614-0x000002CCD8A30000-0x000002CCD8A74000-memory.dmp

Filesize
272KB

Download
memory/432-8598-0x000002CCC0040000-0x000002CCC0062000-memory.dmp

Filesize
136KB

Download
memory/432-8594-0x000002CCD84E0000-0x000002CCD84F0000-memory.dmp

Filesize
64KB

Download
memory/432-8593-0x000002CCD84E0000-0x000002CCD84F0000-memory.dmp

Filesize
64KB

Download
memory/432-8592-0x00007FFE24250000-0x00007FFE24D11000-memory.dmp

Filesize
10.8MB

Download
memory/1936-8435-0x00000261619A0000-0x00000261619B0000-memory.dmp

Filesize
64KB

Download
memory/1936-8439-0x0000026161840000-0x0000026161850000-memory.dmp

Filesize
64KB

Download
memory/1936-8445-0x000002617A980000-0x000002617AEA8000-memory.dmp

Filesize
5.2MB

Download
memory/1936-8436-0x00000000702D0000-0x00000000702DE000-memory.dmp

Filesize
56KB

Download
memory/1936-8437-0x00007FFE24250000-0x00007FFE24D11000-memory.dmp

Filesize
10.8MB

Download
memory/1936-8438-0x000002617A280000-0x000002617A442000-memory.dmp

Filesize
1.8MB

Download
memory/1936-8520-0x00000261619A0000-0x00000261619B0000-memory.dmp

Filesize
64KB

Download
memory/1936-8536-0x00007FFE24250000-0x00007FFE24D11000-memory.dmp

Filesize
10.8MB

Download
memory/1936-8585-0x0000026161840000-0x0000026161850000-memory.dmp

Filesize
64KB

Download
memory/1936-8440-0x000002617A0B0000-0x000002617A126000-memory.dmp

Filesize
472KB

Download
memory/1936-8442-0x00000261619D0000-0x00000261619EE000-memory.dmp

Filesize
120KB

Download
memory/2160-7740-0x00007FFE464E0000-0x00007FFE464E1000-memory.dmp

Filesize
4KB

Download
memory/3776-7731-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/3776-7735-0x000000001B130000-0x000000001B140000-memory.dmp

Filesize
64KB

Download
memory/3776-7745-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/5412-8451-0x00007FF6F8840000-0x00007FF6FD985000-memory.dmp

Filesize
81.3MB

Download
memory/6372-4466-0x0000000037440000-0x0000000037460000-memory.dmp

Filesize
128KB

Download
memory/6372-4474-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/6372-1985-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/6372-1204-0x0000000000EA0000-0x0000000001076000-memory.dmp

Filesize
1.8MB

Download
memory/6372-1205-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/6372-1387-0x00000000200B0000-0x00000000200BE000-memory.dmp

Filesize
56KB

Download
memory/6372-1206-0x000000001BC30000-0x000000001BC40000-memory.dmp

Filesize
64KB

Download
memory/6372-2138-0x000000001BC30000-0x000000001BC40000-memory.dmp

Filesize
64KB

Download
memory/6372-1382-0x0000000020DA0000-0x0000000020DD8000-memory.dmp

Filesize
224KB

Download
memory/7136-9157-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9163-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9168-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9167-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9165-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9166-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9164-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9162-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9158-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7136-9156-0x0000023A9B1D0000-0x0000023A9B1D1000-memory.dmp

Filesize
4KB

Download
memory/7668-2193-0x000000001B910000-0x000000001B920000-memory.dmp

Filesize
64KB

Download
memory/7668-4099-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7668-2180-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7908-7734-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7908-7741-0x000000001BD00000-0x000000001BD10000-memory.dmp

Filesize
64KB

Download
memory/7908-7759-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7908-7727-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7908-7728-0x000000001BD00000-0x000000001BD10000-memory.dmp

Filesize
64KB

Download
memory/7968-7756-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7968-4494-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/7968-4495-0x000000001B9D0000-0x000000001B9E0000-memory.dmp

Filesize
64KB

Download
memory/7968-4574-0x000000001B9D0000-0x000000001B9E0000-memory.dmp

Filesize
64KB

Download
memory/7968-4571-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/8044-4463-0x0000000000BE0000-0x0000000000BF0000-memory.dmp

Filesize
64KB

Download
memory/8044-4460-0x0000000000130000-0x0000000000326000-memory.dmp

Filesize
2.0MB

Download
memory/8044-4461-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/8044-4478-0x00007FFE24E40000-0x00007FFE25901000-memory.dmp

Filesize
10.8MB

Download
memory/8048-8591-0x00007FF6F8840000-0x00007FF6FD985000-memory.dmp

Filesize
81.3MB

Download