Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
04/04/2024, 13:29
Static task
static1
Behavioral task
behavioral1
Sample
MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
Resource
win10v2004-20240226-en
General
-
Target
MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
-
Size
137.8MB
-
MD5
98b736fc46d30ee201f684dd159ab9d9
-
SHA1
c835e0e3de2feb2ef38290786087abb33311e673
-
SHA256
13cd8411e4cc767181a62da50d8b1b6cf1506c596bc275374a14265195b2143b
-
SHA512
cd26ffaceaba940f6047e6411c6534b61c455b22970252d37eebf55c80e3b0a741b986f2874784a34a2b841de4b501577be560ce7b197412089792854bf5b85b
-
SSDEEP
3145728:uTPGQXtt6Mwtl8DWR33C1aoOHmAVsfYslu4J8Z1OoU7DpvW:uCwYMwTjloODJsu5FqNvW
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\"" reg.exe -
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation Medal.exe Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation Medal.exe Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation Medal.exe Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation Medal.exe Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation Medal.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Executes dropped EXE 25 IoCs
pid Process 2108 Update.exe 4360 Squirrel.exe 2920 Medal.exe 4560 Medal.exe 4984 Update.exe 796 Medal.exe 3612 Medal.exe 1872 Medal.exe 4472 Medal.exe 2368 Medal.exe 3864 Medal.exe 3112 Medal.exe 4016 Medal.exe 3144 Medal.exe 2800 ffmpeg.exe 4116 Medal.exe 3868 Medal.exe 4764 ffmpeg.exe 4072 Medal.exe 2436 MedalEncoder.exe 2796 crashpad_handler.exe 5340 Medal.exe 1864 MedalEncoder.exe 5560 crashpad_handler.exe 2220 TestSettings64.exe -
Loads dropped DLL 64 IoCs
pid Process 2920 Medal.exe 4560 Medal.exe 796 Medal.exe 796 Medal.exe 796 Medal.exe 796 Medal.exe 3612 Medal.exe 796 Medal.exe 1872 Medal.exe 4472 Medal.exe 2368 Medal.exe 3864 Medal.exe 2368 Medal.exe 2368 Medal.exe 2368 Medal.exe 2368 Medal.exe 3112 Medal.exe 4016 Medal.exe 3144 Medal.exe 4016 Medal.exe 4016 Medal.exe 4016 Medal.exe 4016 Medal.exe 4016 Medal.exe 4116 Medal.exe 3868 Medal.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2796 crashpad_handler.exe 2796 crashpad_handler.exe 2796 crashpad_handler.exe 2796 crashpad_handler.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 21 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Medal.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Medal.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Medal.exe -
Enumerates processes with tasklist 1 TTPs 2 IoCs
pid Process 1480 tasklist.exe 5636 tasklist.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open Medal.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\--squirrel-firstrun\" \"%1\"" Medal.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal Medal.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\URL Protocol Medal.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\ = "URL:medal" Medal.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command Medal.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell Medal.exe -
Modifies registry key 1 TTPs 8 IoCs
pid Process 4384 reg.exe 4132 reg.exe 3264 reg.exe 4672 reg.exe 4744 reg.exe 4476 reg.exe 216 reg.exe 1636 reg.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Medal.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Medal.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Medal.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Medal.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Medal.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Medal.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Medal.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2920 Medal.exe 2920 Medal.exe 2920 Medal.exe 2920 Medal.exe 2108 Update.exe 2108 Update.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 4016 Medal.exe 4016 Medal.exe 4016 Medal.exe 4016 Medal.exe 3144 Medal.exe 3144 Medal.exe 3144 Medal.exe 3144 Medal.exe 312 powershell.exe 312 powershell.exe 312 powershell.exe 312 powershell.exe 3808 powershell.exe 3808 powershell.exe 3808 powershell.exe 3808 powershell.exe 4072 Medal.exe 4072 Medal.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 2436 MedalEncoder.exe 5672 powershell.exe 5672 powershell.exe 5672 powershell.exe 5672 powershell.exe 5996 powershell.exe 5996 powershell.exe 5996 powershell.exe 5996 powershell.exe 5340 Medal.exe 5340 Medal.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2832 WMIC.exe Token: SeSecurityPrivilege 2832 WMIC.exe Token: SeTakeOwnershipPrivilege 2832 WMIC.exe Token: SeLoadDriverPrivilege 2832 WMIC.exe Token: SeSystemProfilePrivilege 2832 WMIC.exe Token: SeSystemtimePrivilege 2832 WMIC.exe Token: SeProfSingleProcessPrivilege 2832 WMIC.exe Token: SeIncBasePriorityPrivilege 2832 WMIC.exe Token: SeCreatePagefilePrivilege 2832 WMIC.exe Token: SeBackupPrivilege 2832 WMIC.exe Token: SeRestorePrivilege 2832 WMIC.exe Token: SeShutdownPrivilege 2832 WMIC.exe Token: SeDebugPrivilege 2832 WMIC.exe Token: SeSystemEnvironmentPrivilege 2832 WMIC.exe Token: SeRemoteShutdownPrivilege 2832 WMIC.exe Token: SeUndockPrivilege 2832 WMIC.exe Token: SeManageVolumePrivilege 2832 WMIC.exe Token: 33 2832 WMIC.exe Token: 34 2832 WMIC.exe Token: 35 2832 WMIC.exe Token: 36 2832 WMIC.exe Token: SeIncreaseQuotaPrivilege 2832 WMIC.exe Token: SeSecurityPrivilege 2832 WMIC.exe Token: SeTakeOwnershipPrivilege 2832 WMIC.exe Token: SeLoadDriverPrivilege 2832 WMIC.exe Token: SeSystemProfilePrivilege 2832 WMIC.exe Token: SeSystemtimePrivilege 2832 WMIC.exe Token: SeProfSingleProcessPrivilege 2832 WMIC.exe Token: SeIncBasePriorityPrivilege 2832 WMIC.exe Token: SeCreatePagefilePrivilege 2832 WMIC.exe Token: SeBackupPrivilege 2832 WMIC.exe Token: SeRestorePrivilege 2832 WMIC.exe Token: SeShutdownPrivilege 2832 WMIC.exe Token: SeDebugPrivilege 2832 WMIC.exe Token: SeSystemEnvironmentPrivilege 2832 WMIC.exe Token: SeRemoteShutdownPrivilege 2832 WMIC.exe Token: SeUndockPrivilege 2832 WMIC.exe Token: SeManageVolumePrivilege 2832 WMIC.exe Token: 33 2832 WMIC.exe Token: 34 2832 WMIC.exe Token: 35 2832 WMIC.exe Token: 36 2832 WMIC.exe Token: SeIncreaseQuotaPrivilege 4948 WMIC.exe Token: SeSecurityPrivilege 4948 WMIC.exe Token: SeTakeOwnershipPrivilege 4948 WMIC.exe Token: SeLoadDriverPrivilege 4948 WMIC.exe Token: SeSystemProfilePrivilege 4948 WMIC.exe Token: SeSystemtimePrivilege 4948 WMIC.exe Token: SeProfSingleProcessPrivilege 4948 WMIC.exe Token: SeIncBasePriorityPrivilege 4948 WMIC.exe Token: SeCreatePagefilePrivilege 4948 WMIC.exe Token: SeBackupPrivilege 4948 WMIC.exe Token: SeRestorePrivilege 4948 WMIC.exe Token: SeShutdownPrivilege 4948 WMIC.exe Token: SeDebugPrivilege 4948 WMIC.exe Token: SeSystemEnvironmentPrivilege 4948 WMIC.exe Token: SeRemoteShutdownPrivilege 4948 WMIC.exe Token: SeUndockPrivilege 4948 WMIC.exe Token: SeManageVolumePrivilege 4948 WMIC.exe Token: 33 4948 WMIC.exe Token: 34 4948 WMIC.exe Token: 35 4948 WMIC.exe Token: 36 4948 WMIC.exe Token: SeIncreaseQuotaPrivilege 4948 WMIC.exe -
Suspicious use of FindShellTrayWindow 15 IoCs
pid Process 2108 Update.exe 2108 Update.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe -
Suspicious use of SendNotifyMessage 13 IoCs
pid Process 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe 1872 Medal.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2436 MedalEncoder.exe 2436 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe 1864 MedalEncoder.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2748 wrote to memory of 2108 2748 MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe 75 PID 2748 wrote to memory of 2108 2748 MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe 75 PID 2108 wrote to memory of 4360 2108 Update.exe 76 PID 2108 wrote to memory of 4360 2108 Update.exe 76 PID 2108 wrote to memory of 2920 2108 Update.exe 77 PID 2108 wrote to memory of 2920 2108 Update.exe 77 PID 2920 wrote to memory of 4560 2920 Medal.exe 78 PID 2920 wrote to memory of 4560 2920 Medal.exe 78 PID 2920 wrote to memory of 4156 2920 Medal.exe 79 PID 2920 wrote to memory of 4156 2920 Medal.exe 79 PID 4156 wrote to memory of 2832 4156 cmd.exe 81 PID 4156 wrote to memory of 2832 4156 cmd.exe 81 PID 2920 wrote to memory of 1872 2920 Medal.exe 97 PID 2920 wrote to memory of 1872 2920 Medal.exe 97 PID 1872 wrote to memory of 4948 1872 cmd.exe 84 PID 1872 wrote to memory of 4948 1872 cmd.exe 84 PID 2920 wrote to memory of 4332 2920 Medal.exe 86 PID 2920 wrote to memory of 4332 2920 Medal.exe 86 PID 4332 wrote to memory of 1636 4332 cmd.exe 88 PID 4332 wrote to memory of 1636 4332 cmd.exe 88 PID 2920 wrote to memory of 5040 2920 Medal.exe 101 PID 2920 wrote to memory of 5040 2920 Medal.exe 101 PID 5040 wrote to memory of 1640 5040 cmd.exe 102 PID 5040 wrote to memory of 1640 5040 cmd.exe 102 PID 2920 wrote to memory of 4984 2920 Medal.exe 92 PID 2920 wrote to memory of 4984 2920 Medal.exe 92 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93 PID 2920 wrote to memory of 796 2920 Medal.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe3⤵
- Executes dropped EXE
PID:4360
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-install 4.2378.03⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exeC:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4d4,0x4b4,0x4cc,0x4a8,0x4d8,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4560
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"4⤵
- Suspicious use of WriteProcessMemory
PID:4156 -
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController5⤵
- Suspicious use of AdjustPrivilegeToken
PID:2832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"4⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID5⤵
- Suspicious use of AdjustPrivilegeToken
PID:4948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"4⤵
- Suspicious use of WriteProcessMemory
PID:4332 -
C:\Windows\system32\reg.exereg query HKLM\Software\Microsoft\Cryptography /v MachineGuid5⤵
- Modifies registry key
PID:1636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"4⤵
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController5⤵PID:1640
-
-
-
C:\Users\Admin\AppData\Local\Medal\Update.exeC:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe4⤵
- Executes dropped EXE
PID:4984
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:796
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1916 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3612
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-firstrun3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1872 -
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exeC:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4b4,0x4bc,0x4c0,0x498,0x4c4,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4472
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"4⤵PID:8
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController5⤵PID:5040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"4⤵PID:1640
-
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID5⤵PID:3720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"4⤵PID:1244
-
C:\Windows\system32\reg.exereg query HKLM\Software\Microsoft\Cryptography /v MachineGuid5⤵
- Modifies registry key
PID:4384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"4⤵PID:4840
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController5⤵PID:2276
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2368
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1852 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3864
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2544 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3112
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal4⤵
- Modifies registry key
PID:4132
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f4⤵
- Adds Run key to start application
- Modifies registry key
PID:3264
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"4⤵PID:1616
-
C:\Windows\System32\Wbem\WMIC.exewmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version5⤵PID:4352
-
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f4⤵
- Modifies registry key
PID:4744 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵PID:4840
-
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f4⤵
- Modifies registry key
PID:4672
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3948 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4016 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"5⤵PID:3236
-
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID6⤵PID:4432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"5⤵PID:1316
-
C:\Windows\system32\reg.exereg query HKLM\Software\Microsoft\Cryptography /v MachineGuid6⤵
- Modifies registry key
PID:4476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"5⤵PID:1468
-
C:\Windows\System32\Wbem\WMIC.exewmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version6⤵PID:1676
-
-
-
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -5⤵
- Executes dropped EXE
PID:2800
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3740 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3144 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"5⤵PID:2356
-
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID6⤵PID:1376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"5⤵PID:2436
-
C:\Windows\system32\reg.exereg query HKLM\Software\Microsoft\Cryptography /v MachineGuid6⤵
- Modifies registry key
PID:216
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"5⤵PID:988
-
C:\Windows\System32\Wbem\WMIC.exewmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version6⤵PID:1412
-
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4400 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4116
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4404 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3868
-
-
C:\Windows\System32\Wbem\wmic.exewmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml4⤵PID:4596
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""4⤵PID:436
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"5⤵PID:1616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"4⤵PID:1560
-
C:\Windows\system32\cmd.execmd /c query session5⤵PID:4552
-
C:\Windows\system32\query.exequery session6⤵PID:2468
-
C:\Windows\system32\qwinsta.exe"C:\Windows\system32\qwinsta.exe"7⤵PID:3084
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version"4⤵PID:2868
-
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version5⤵
- Executes dropped EXE
PID:4764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"4⤵PID:2264
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq MedalEncoder.exe" /fo csv5⤵
- Enumerates processes with tasklist
PID:1480
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe4⤵
- Suspicious behavior: EnumeratesProcesses
PID:312 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵PID:3084
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\b540bb0d.txt"5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""4⤵PID:3476
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"5⤵PID:5004
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exeC:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 08c2bc65-c487-4053-ad74-f645bbdb62f44⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4072 -
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2436 -
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exeC:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb2 --initial-client-data=0xdbc,0xdc0,0xdc4,0xd9c,0xdc8,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de86⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2796
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""4⤵PID:5360
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"5⤵PID:5516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"4⤵PID:5376
-
C:\Windows\system32\cmd.execmd /c query session5⤵PID:5508
-
C:\Windows\system32\query.exequery session6⤵PID:5528
-
C:\Windows\system32\qwinsta.exe"C:\Windows\system32\qwinsta.exe"7⤵PID:5548
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"4⤵PID:5600
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq MedalEncoder.exe" /fo csv5⤵
- Enumerates processes with tasklist
PID:5636
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5672 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\4e061894.txt"5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""4⤵PID:5236
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"5⤵PID:5276
-
-
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exeC:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 5a1f3716-a21e-47e7-853b-7040fd8042264⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5340 -
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1864 -
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exeC:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb2 --initial-client-data=0xc4c,0xc48,0xc44,0xbe8,0xc40,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de86⤵
- Executes dropped EXE
PID:5560
-
-
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe" 26⤵
- Executes dropped EXE
PID:2220
-
-
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3e41⤵PID:192
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k smphost1⤵PID:1676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\0pzvashn.newcfg
Filesize21KB
MD520a3c7d173e99a876a2831140b9b4fe7
SHA117d4442f6d92b28ddb6863ff1a625ada962cf242
SHA256e869de4fbe06c31fd277beabb6e415dba7103e109d08b4d98d918c63ab20f893
SHA5127af6c4609309fe8ec7731228d1dffa7ec4c87def93680b8449e33ef535fe3af576c97000746e069d301c422018131ca814dc81374eec7807fdb2ce98ca0ec905
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\24hz5r2t.newcfg
Filesize45KB
MD565891223196ff7a8a65981d393627455
SHA19dfa850d674c1d6a775a5a35d831b14cc75aa1a1
SHA256940ba892cfe7a54d4534cf8d05b0bf2e6112c88e918b36e6b48be483565099ab
SHA512f3903f33b244f86cb2e2bc9162fb9f5ed38ccb7770a3718f9ced65c9fc3974497956cb2d3f6f138606a1c64d807b4b6a684e064961f7e06e1f8896e4830fe94b
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\2i2uaa0y.newcfg
Filesize21KB
MD5c525b9acfbf367b1917b18f4209a4d52
SHA13867797f3669e60c5321b88d2d76126da7d25143
SHA256f27d422efa4153978cc4e7a4a9a9fa1eb6ccabc278fecc284990ad5eaec916fe
SHA512634c17f8080fce4f5698ab5ff578fcdcf032863021e6eb557acb9c49e4cfa566114cfcee57896203958cb31af03bc926e11db829913dd890848c8a514696de68
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\5dmuzmyj.newcfg
Filesize49KB
MD5d40d22417fe17246bec287155c710d61
SHA1f6fc6e116e26dc44a5010f56e7f3493370a39028
SHA256158d4f3739e76e27e44477c0d89075c33760e7f4901a7211db750b58f5509aa7
SHA512944492f845dd3604e0b4edfbd5bdf8ca29830304bdb5ff11dabc197b333df26c47d10159b0330fcc8c4958bd555fc5177cb4c15ba3d773059b1f63fd82258bd3
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\bbgoasdj.newcfg
Filesize21KB
MD58656effdf9859c3160438fa8da784ab7
SHA16f68dc84d7c4d45daef46fc1d05b280be68cc58d
SHA2562c3d92cf68d895cc2c81a5d1752599ecc1374aef23e5fd80d37d74cf1dbc191a
SHA5122b3aafe605265a1a3b13b23a63e21ac0ab2747ca43ffbd187e364fc39091791a27aeb2c690573c63e795e838677ad7deaf22bee095deeb84a95446b7142e6da0
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\faz4nefs.newcfg
Filesize19KB
MD5628cf4e82c2a42bc2fc5116557188d16
SHA155591041636cde6c9c899b959b4bc2d801862b91
SHA256b9fc4886346c0177ee4478de3753782e311be1e7d3e6dc766a18f30d4e9456ca
SHA51201dcc54abdcede979720c7d782c3caf58e83eac256801e580538f3096379e6eef6127b5f50f7223231d324e050c7af8131a010fbad25d002e00acefc6bec94c1
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\ftmfcuug.newcfg
Filesize21KB
MD55640ffabffed42252fd9845ea6c39676
SHA18ec512b334a32a18733b2a7d9a30fa5b27607110
SHA256e1c2f6bbf30f062c81b5130e811a47c2be735d8a75b6ce53d9109fa4903e7823
SHA51223b47ea59c2685e2f4792e3b34988366f75bc416774003e4d12f185eb92c485220bbe37e0ef1148d51b89da939e4d601d7858b8ca223b82c5ec988eacbc379fb
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g2e3j2ip.newcfg
Filesize50KB
MD593d160871ac21a4c972125e1534d59cb
SHA1261d363e401305594a802b23cc71998649b6a1ff
SHA256f58e4f9e1257f1c6ec3960aeed4d12f0b6d1e2015472b6d84bdfa4ab0564574a
SHA512941c71b511e3405fddfa31fcea4fe24ece035e67517f7ec9cf0342c3916bbfd087794f04edabeb6fb9dfbe5aabb33b2f6cf5ed1cfa4b2f2432f3a5cc05ba67e6
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g45oun45.newcfg
Filesize47KB
MD539320e1fa196b4035638e4132047d224
SHA1fc5752c7a3eb7cac2abe11440cb4fb613ee96adf
SHA256d77ed113ee7f867538af5ea3b47338ac11066a8458278dbea07c40a4322c3e80
SHA5121c076208db9270b38bd631f28732063839e975985e060e9d44790f6b92aaee70b392052c8f0c3f3656cda7742d962517c1ea9aee9d623b148b4c8703044a8d80
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gc10clp3.newcfg
Filesize18KB
MD50ec06a441853e86c9d982b8f68606487
SHA11ede33b2de031ddcd03fc41aa7836bc24f0e7197
SHA256ad6484400c872b726eb949e0717db476dcbe248a0afbc36800b411af610ae1d1
SHA51239949b8815b5b7bea612f1b06677e591ac02f423dd882045edcb5c06a899480d3c003b3a21b1e48fd0a57fef812a2d328c8ea49a63f1dcb4b6d99fa0d171b97e
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gnszpvf3.newcfg
Filesize50KB
MD517b1ca8545fa2503672fad4a0d8cab4f
SHA1cb10d57c9f4dd8062ee669e7eb8d196ae501aa8c
SHA256d16072fa13d867275e3d8721f9f3f5b91144abe4cd32c916eb69ece1a0f1878d
SHA51260ff76134306fe1dd6e4f1815a47961d89d8bd51637257febfb9a82aeb57ae5482967ef1decbd4d0fb5484780de7f505da5243ba4ccb75e6b4993d18e92301cb
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\hz3zshot.newcfg
Filesize44KB
MD555f6f79473fef5cdb6141191b88609fa
SHA1b69ad3c6f0d0eddc700f48db9109b25a3fa189e4
SHA256605dd271093b9e956d428a22959a8c1a039854d3f7330000c02991b4c48d6293
SHA512fcea4ae4a5b4249843159f734fa8422612f95f4b08b41f44b57f4dce91f5cdf6ea81a125b25e9baf0e46149deb56e2db456c3e1b1fa3e17c771630ef08daac65
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\kkjkna0v.newcfg
Filesize48KB
MD5b5c3582e33215c70abd10db82300a8f5
SHA1e920b3236969536c7ffccc3bc05c1530f4b61d58
SHA2561b98e91c882c43bded176d76127f4128450ee8d447e0e274c5d8673175e57445
SHA51278bfe0a5c1025b1ccb26e8ee282ec2c64e3c05688ecbff4f69da89699a5765d7c7ca6418cd2207cd34302cd687b927a057202514f2f2bf09e7fa2a5488398b9e
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\m0ginpab.newcfg
Filesize47KB
MD5c812408644361a4278418b18812d7ae6
SHA1c7f636ce35ad1f814b02df4cd2ff7ceebfa38e3c
SHA256cfff5a743ffb177b6bfacf403e24b18a51406df83de2f4979318858d9d7d33a3
SHA512f23facfb3f2d14f25b883daee453dafe7feb468dd948f6024a8b77fb67fd66beaba146e13ea49730c51f388560f66d51f431ac4483c1315bca5cb5832c128cbb
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\muro3ccz.newcfg
Filesize44KB
MD527fbde42b00f0a9c01715251b7035188
SHA1b05881f2c53bddc746e8c07f7e8df43de9d10b52
SHA256ad638bef10204cf28b0107dd0af667a89e21fe1d9e05a3a1f1fd98f9c4ce1048
SHA512290c30ca1662ad1040745222f7ff359b42182c7e9391f87066c963bc68dde2657b6f08ab07ce7a0083f38f816988720a29b96b716f31c8d9a5824d3fc3a519d5
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\po0xiw0i.newcfg
Filesize44KB
MD59d7d1e9f9d2deb27c01a724e1069f2b6
SHA1169f8371c2efdc209ce72398c4699b1fe4b6fef0
SHA256dcfd028b4131f95c3054545902f924fc34b3c52f79f8c4e6316850528db4f649
SHA5128179098c960f7897656b442d4fd99fdd0c7adb23d596bd674ebc8d02f679bbd2559510d949b585981431137022676666c8bc3fc7bb8639197530d67c92e5c289
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\pw5qckin.newcfg
Filesize44KB
MD525e475da3f0474f3850df860f5390f56
SHA13c2f73a4162e18f5bba3436a30befb631d5ceea4
SHA2568e9819e15413149842865d1b214c56a848f9c35b52d6277ebbbd7ff40a2b6a56
SHA5122aa1b2e2961afd4e65b7e742fda3bc523d2fb1563cb785215671f8cfdd14a292c5a15b6108c7c1689a02898a30d9ca571c41f13d3bd5ff7cdc4d22fcf8a51730
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\rqskwbpg.newcfg
Filesize48KB
MD568e509701e6c5810f2ef1e11cb33fb7f
SHA1fa14eb8326bec7ab80faa1e878efce5641eb3d79
SHA256f156ac9b166f68b6802a7569fb27d93abdf401d2bc82cbb59c466719e0fee3ff
SHA5123a2755ea2779c3e1b434789d6dc0dcc1149a6a51c2e9a6ab796f2f44394aa1eff608eb98eed498cf248bb6321797d1456d4a0e2dad2947578886a9b2f8254581
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\sijamaud.newcfg
Filesize20KB
MD559499ab07d51a5edd5f9497be346afb1
SHA19a6302a508023be484092ed2b4dd1c97a56adfbc
SHA2568319ac8d16072cf7604648c0cf68ceab8dda5d8054b32067a03a299f8d45d255
SHA512f5972ac1a3601b29eace98b28f2b00b6bbb7e9ce237870e53b7554cbc52f93002c25558297b6fa1af4ee42126d0fd0ea81ca649c9fac8dc8b318ec6dac51d891
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\spd2jx2g.newcfg
Filesize21KB
MD5af61f9ead86dff1b15aa4c9cd24b7081
SHA11f45b301846c603ba2c843670d7e12be6fb085ef
SHA2560790f2ee181f585de8aaf43a2725ea4955b589c073d968d028fdceddac644662
SHA512fd7b5249486116abdc21738c5806a1121a6b6cfb745ad2c950fbeb2432fe4a2e13078481fc960177426bd9e96d8a7d7181e9dd20bb68cca50302ed509fbb1ded
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize332B
MD5e37e2958c5378a8c6bb3170fd5abdbaa
SHA1fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f
SHA256090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1
SHA5121e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize48KB
MD5ad99057706dacdf1cf052814d201d864
SHA136cd75d281d8efbcf9ec2bd0605e90e8a42a98a7
SHA256b7091f9eb93d4d21816804a2071e682c48c74e3c3636e3036145c4879905c0be
SHA512e52aabf4219dc1248c2a827ece6d880f007dbbc675eb6e1009494478f235b1e30981fc3ffa7c2cb745554590c42164f2446bb5b7f4da721d42e771a9eb2d7747
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize48KB
MD5400084807645bf21292bfee95ac1f409
SHA197b066f34c9179a634fd47e4d7d571b3ed34ce4e
SHA25614f83099f1346c12943587e98b98694ec97dec394941eeeed0361b6c4878d672
SHA5121f8e58f023759d038e7f0a4d7f496ae68fb9a34224d05d91cd4eedd4180c4bb7c651c98b032a847ebdae894791c875f01ccd8718866dd6a59f7b59f0557952c1
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize48KB
MD57a90407392b790558254ffd114cbd515
SHA1bcebe707721974bb3c34aaaf618992e16faaaec5
SHA25666c91d490b77f9919846dd3307e0c158de8d3465dc255afe190f01230abe020d
SHA512b92bb867e64e0bc85856831b890fc8499c0cce00a38bdbc9670ee535d82965866651ef984d119c187d92911a567587153aa8e199b25f0deb610d612a9c4efa77
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize48KB
MD54e442a7e11ee45fd63ef4b4c3ef7bd4a
SHA15f419f656228f1179ebabdb54d3cf1f7cc999124
SHA2561ec477e955a60207fa56335d590acbf57ab300891b3643c6d03686524d902b2d
SHA5122c5f8e2c329fd7703df11e5d66675bc131cb903728231df515e747fde564c111884ca09a36c7035bdcd9dc5b6293d17e38a46ac38ac18c5f119c068f50351e98
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize48KB
MD57a8bcdcd41dbf91d0e7d92c317043b95
SHA1bf99eeb933c0968748d8509e8b811eed3f0a8111
SHA2561e666897581bacb3dd0fdb4e68a5c03a0faf162afd85e7d53ac0602826d897b1
SHA5125a0ee4f3b0eb59765162dc53a70f3378d44bb399656da2f86f3cd17bca53926aaa37a6532d5f1ca03b321551e94cdd9425258ff43a96b902faf45f68190ea5e3
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize49KB
MD522babd7c4abf0022a1704c182aceea35
SHA16de91bc5f44be0fe193a7af3e0632d0a2b967f0e
SHA2562c6af1191fd4591ff634714deecf24b0afb9ab5c59c27f6bba1bfc8eb80a7e00
SHA5124008d96b066679af23d53e0540619135594b86d6d9245b338df4fab445f364ea37522fef6f67e1665d2ea0509aa5cf41dde6a65862146055e8fe670ae756f1b1
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize49KB
MD5610a8303a2176b4e29dce1452c605a40
SHA1c750a3a58f43fb563879af0f2f6b7474d09bf693
SHA2560ee682af95d59d06095c633cf5a21dd3d176db43d83ebebbb5cbf885546e6b40
SHA5127f12a07b47091219b95e01b8396199f1bea1df0b5ad279df1a506a907e5d8cb59fd4b307d87d28763fd60198433915bb62a4aa351ef000b8a2e914cbc6c86cbd
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize49KB
MD52f80c9a91127cf5d71aa977839fdb917
SHA1a5de8bcd83202003734a1ecc5f4265f3b8c4b098
SHA2565cafe494e8ea05675fee77f18003a71c5f8aaa5d1e5df8617d9a1834518f391e
SHA51246a0b6255087974311bff97bd13c84e9e3c76d8507f69283315c92ba0af5a4bdb035d2cfc9cbbfcf09f01086fc10e8dc11ffbbb45fc39140482ac99425333543
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize49KB
MD59ca9e3bde1030b4ae7551a83b0b5cb1f
SHA1e210720a1fbb996da49cefaba5263beaecc629ac
SHA2568f021454e53081a35a9ee879c470d5814f5198236103985814902c2c3eadca45
SHA512865722563fe0ccd51c724dab071002f4f6ebde5360897204144dbbbaa223fa71a4ddeef425fd1ef8a81515fea151f7d040a5159efcd76797c50e753b2d46f7c2
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize49KB
MD56955dd6caec21ad3833270782fa48aa7
SHA127577d3dd48de1db2aca7422d3d07f4cf6647cdc
SHA2566426d82db370e00c1dc98c3a4c0b307c156ad284fea7b213250045c3423c6ad9
SHA512c1e3b0fd4805d1a0e52673e3695af2f7a060643c300fbfd956252bfd644f6754614a091948af82dbea8d0bcaf73caacf564fc12b736a763a7a8af4e7c037bf22
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize50KB
MD5d349b0fc8e7ba3c05ad77486de44fbf6
SHA1d95f7933b6e5b1c5492bbb2cdb3f1490e6d24e8a
SHA256be07f46be5052b732e23fabf78745e3628466cb05907d5ca83982ba1519d42ad
SHA5124eeda682b970e6b7c2b779d8832633d8fa13d88e7d6f4ba50e74edb12e438ee74824058d93dfa27f3a79669b36688913e3106039dac370a6af262036d5d9d82b
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize51KB
MD5895ccc381a068b5ebcfd561318ba608c
SHA1c7d2d3d663bec40256ca27b954b5504f454a3676
SHA256c801ffa6e7cf71f10eb9f08833c7ec002fabb755f69e9fec92a389482dfeb4c0
SHA51288716470423d520e99b2f540e3f3b52e6ba231a1606fa6ce2296de57f98826a082ded36ff46bdce9285980c76d0c7c774aa7b7a34e96928e97a055b971e73393
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
Filesize51KB
MD54c419a50cc9fdcf80a011c6fdeadb3b1
SHA189bd325e968bb623c425471e04f71e415030ee9b
SHA256f31a4826a8e3cbe0513aabc3a239f8325f005cb5404baeb7a57ac81f7001117f
SHA512d1aafaa82ce1f521969f38d4717f2082b2bbc1ecb6b5515294978dee2bbf44ee27d92adb448d74ffe1aa480a6345c1d234855ec9a0bd25011763e5edc3f25df0
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zvmensmp.newcfg
Filesize47KB
MD5005373147d15f0d7f5d816c5638db613
SHA144f91c2826ed0216a6af96d1f62ced8b854b5017
SHA2565ebf1b4d711f4f118b435e28a1359cf9ca9b6701d8c3098fd7e2b5ceb6247450
SHA5124296ca2c53468ba4b997bc14e4da844ac4e3e3ea84657bc64c215d596b9cf2107f6c0cc5558b2e8ce5e981a873a24cfcac463c30b0150363a3de5703da410323
-
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zyhj2ldr.newcfg
Filesize21KB
MD5a813d584ed732484edc5c716ad1b8571
SHA1305fc9593a6d8989f63442af76cd8a90c66c11cd
SHA256c9a1440e9c8e518dda04df02550fe09e043dc94ebe5206808245df39a425ed22
SHA512578f64e39466633d9523b43824e10365e96004de810e65d0dcf0d78d7f2f15a3e29a0ba9f59412138a56e0c7720edd60f2752d1b943e055686d19b65a83bde62
-
Filesize
150.4MB
MD536f4fecf0ae0e64d7e96a8e2654acc60
SHA19ddca82682f8edb3362beafff15c4f975c0c1d47
SHA256c8c7ef2267391bb3498e27454bd5ec277672a47d63096d9e33e124b6235bb58d
SHA51294b60d2c6c8767bdbd2a4cf997ccf3ffc690419453543194b363c15695934675ff15ed7686ac77c53602ecfed32fe6431eb55b5bd2a42202597df92223de449b
-
Filesize
126KB
MD5d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA2569f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5
-
Filesize
175KB
MD55604b67e3f03ab2741f910a250c91137
SHA1a4bb15ac7914c22575f1051a29c448f215fe027f
SHA2561408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA5125e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d
-
Filesize
10.0MB
MD576bef9b8bb32e1e54fe1054c97b84a10
SHA105dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA25697b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA5127330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6
-
Filesize
313KB
MD53f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1b021cca30e774e0b91ee21b5beb030fea646098f
SHA256bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c
-
Filesize
5.1MB
MD5f5ab76d2b17459b5288b6269b0925890
SHA175be4046f33919340014a88815f415beb454a641
SHA2564f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA5126ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab
-
Filesize
386B
MD55e2fbb9d655e0dd204e8d211ec1b4d0c
SHA1440dc879e7fb836d97a5f5a40f016bbaa1b7f588
SHA2568debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9
SHA512d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f
-
Filesize
6.3MB
MD5f3685735e0d27d4dfbc0e4e86769d4ea
SHA161944c564aa7c0b60812ef9d26e6114ac608f83d
SHA2568c1a4470a25dba99f997a7d9de66afedf67f3312d419b15f4316f7d921ce76cb
SHA512e60a6ad57ea46251c4710e3611b2bbf9b440464b0060e41735171c51e14a0a988c482c652cbf527722773b3b133e92da24534a47f7dd0d8408d8f20d8976841c
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE
Filesize1KB
MD5ea817882455c03503f7d014a8f54f095
SHA1dd164bc611bca7ba8ead40ec4c2851081e5a16b9
SHA2561e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39
SHA5120ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js
Filesize947B
MD5b0adfc74c8e51ce2ab659bfc13752ed3
SHA11b0879db53a00bbfeddcfdc0c190901387bab7bd
SHA256a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d
SHA5124bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js
Filesize263B
MD5dfb2813673ea5279a9aa7305e5fe33f3
SHA16e6491c1ab3389433d1b39a33b3ac8760649a2c8
SHA2565ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe
SHA51253d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h
Filesize4KB
MD54ef9928ec21c398681ed3357aa400c48
SHA15bafcdf7c4ff860ce7f94c5260159e7bf063243b
SHA256ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0
SHA512c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h
Filesize13KB
MD54c8fce7c4f0bee30b8f03d94fba5b66c
SHA14eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5
SHA256bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466
SHA5120f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848
-
Filesize
219KB
MD58e1598d40fb098345d3a535b64283ded
SHA169a84082a52a16bb9d3842729265d6d852687631
SHA256df034df3912bed7ddc43844d7318c6aa82fbb90046053e8b97fbe1d69825d153
SHA5125c50096857817ab1799891876f1b84d4ed245cd9a7488e23cbf6e69e514eee0220b1c00b4c262ffa8ae8ae81421c11496f3b1459d590b4c646c1aec1736aa828
-
Filesize
2KB
MD5f61c8b5330d5b02b636e3bc1f919b38d
SHA1435a1425e76245b3817da540d9184b6392ecda71
SHA256e77ef78b8bb1e7e441778f069a7b1e5d394ac1b5f1b06e6eecce9bcb89a148d7
SHA51249cc14e13a4772ebebd4358437d94f704198014f2fea96b87d3178c80478067791d4b4462f54c34cb5eee1c3bc54457e5eda9f97e220f98b0d2523a5c8c68bdd
-
Filesize
3KB
MD5b792856285e9760aac0ca447b4cdad32
SHA1c3f23229d5855aa849565a6f4dee345b4471e53e
SHA2567bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64
SHA512a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e
-
Filesize
731B
MD50d8a61020dfcd3eacd3203aac69c4758
SHA19aaf999e183e6a5a65bc8d7ac4bea3f99be250e3
SHA256eb9b447bd66da6845b8c637526f65f9c792bcf8c242e9c1ce4f78f3b474b2445
SHA5122c0addcbd2b57d28eb13ac9faa64aa9b741c4797e97afffe12341d803aa34403fcee226604bf3407246349f8bcd21faf76198b8c2a609ec682ee93c98d258d08
-
Filesize
5KB
MD513c05ea1a2f638b707aa56eea958810c
SHA1c93878e75a9f0545f73aa8d6fba3a761c4ceda36
SHA2568e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6
SHA512f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f
-
Filesize
660B
MD517005447df8440e0e386849b8fa2b682
SHA114bbbadeb1307b1f711ee10093d5b46a7889677c
SHA256a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c
SHA512a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d
-
Filesize
11KB
MD56d4fdddbe0e3df6ede11846ac2d9f104
SHA116ed563b7e5eb247279479de76bea594fab392f0
SHA256ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9
SHA512f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9
-
Filesize
4KB
MD5b1c4d73faad73d98b01810cde1eb52fb
SHA167c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce
SHA2560ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd
SHA512bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\package.json
Filesize782B
MD585f6234e8249e84f2a2361d5142707a3
SHA1d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef
SHA2565bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541
SHA512e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73
-
Filesize
9KB
MD5350e95a4d11b533abbd5d4414d38005f
SHA137f2bb772cc953169bbfc13087b13ba6952ed8b3
SHA25689d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064
SHA5128e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863
-
Filesize
742B
MD588595359281788f64142b0938af3f9db
SHA1d35800917d86c3d104b9142926e9daa2ba4bf3dc
SHA25647bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870
SHA512a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\index.js
Filesize2KB
MD5fddcc2097091479666d0865c176d6615
SHA155f9b3a7d4cfbf68b19ccd0d698aa86483dd4694
SHA25655986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c
SHA512252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\package.json
Filesize705B
MD5b3ea7267a23f72028e774742792b114a
SHA1fe112804e727b4f3489e9a52900349d0a4ed302c
SHA2563708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757
SHA51201975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988
-
Filesize
1KB
MD52630a1ac039c8970c8fb0daf0f2f03c4
SHA1ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7
SHA256754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb
SHA512a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791
-
Filesize
6KB
MD528e94a3cc7d081498bea5ced383038f6
SHA1c9707394c09387b56864a8865158d29fd307774a
SHA256c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37
SHA5125775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc
-
Filesize
314B
MD5d6c53f5a0dd8f256d91210ad530a2f3e
SHA10f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA5124faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2
-
Filesize
4KB
MD56e63fda079262f01e14f03bdf77146c0
SHA1481608e3c95722f3a474336e5b777a6a521e76f9
SHA256f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA5123017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\index.js
Filesize7KB
MD5d359d8698706d059e14b6f3eeedced8c
SHA19acb5276a78ed09acf81a62e1db439217aff85cf
SHA2566c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773
SHA512f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\stub.js
Filesize156B
MD562063cc3b8565061daaddf496dd15731
SHA1206166851431982536333b4a1b9c31f9e5111295
SHA2563f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6
SHA512a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\templates.js
Filesize458B
MD5790b7b8bf5ed00feffce05aac1c79492
SHA15ac0afae48c626cc6474268c725342039e5e5ef0
SHA2566bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f
SHA5122522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\package.json
Filesize1KB
MD516fd5b35f0cbaed2b0b719e69f9f5a4b
SHA17b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4
SHA2569fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c
SHA512a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\index.js
Filesize1KB
MD5d98f7c699c54e0e90f408a44feb3188b
SHA10ffd660201ce0749053d108c53e5606b9da158d6
SHA256e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7
SHA5127389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\package.json
Filesize717B
MD565f30030f0e7b2eff552eaabd8bb1fe1
SHA15dee8a540c467ffbf9025481180c77a06a9f46f2
SHA25671eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0
SHA512763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4
-
Filesize
531KB
MD5bbb588cc4360df5d317ebff5f5c1ac9c
SHA103d60d1510d24a952ff370b77035b031a87c4158
SHA2564c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54
SHA512da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94
-
Filesize
578B
MD5188f386c15507c982c3e0d5a2db5b60d
SHA12c1ec9f730323c72f6f76e73f48b24902cc853c2
SHA2568e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2
SHA512a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f
-
Filesize
2KB
MD583c46187ed7b1e33a178f4c531c4ea81
SHA1ea869663486f513cc4d1ca8312ed52a165c417fa
SHA256e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9
SHA51251b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153
-
Filesize
732B
MD5a682078f64a677ddad1f50307a14b678
SHA1c290eb97736177176d071da4ac855ab995685c97
SHA2561a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40
SHA5129e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520
-
Filesize
438B
MD544d45c7081a567a4d0cb4bbb36bf6be6
SHA169a7954eab536502b052557d5911acb9de503dad
SHA2565a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb
SHA5120c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504
-
Filesize
647B
MD5de6935b833716ef4d703b58e188ace78
SHA101cb598615db0cb08979b3ff1e4324d047eb1fa0
SHA2562152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd
SHA512b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65
-
Filesize
245B
MD5f1d2cfebcfeb0bbebdc649f14c890cd6
SHA194a1d57b67c83c95d48d4fcde53942f012518d42
SHA256fc780fe9c792729536e92b506ea20d642e9135ba2f0891c04e3a7965bc52c524
SHA5128c2302557596fc99dcb48a68fac45128ca1c4676be33bcd47505b57b0150c38895462f48148e48d0205bd0d78a4c972d81b811d1085f8da6f78f18c2e73a0dfd
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js
Filesize5KB
MD567711547b1766f72c279f23cb8e6cfeb
SHA12b404eb9de9b81bc5a758a18244d66e497ec06e6
SHA2567f1cb3728c432ce4f796f7d70fa44d17383811e4028cd3ad35b340599cf05f61
SHA51216ad783d56a6477e141a0b0479f0f87c63dd571996490692fbed8b8ee422d33a1625f5a4aaafd7e29fbc45e71ca73c8c85cedad961abec39f7131f428381708c
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\package.json
Filesize772B
MD5bc1654a40e474095d945850841a17ecc
SHA1ee2b067153f014a2616eae1a1fb1cd1f763b5ec8
SHA2561e44359c41302af8cf600363c7346d2011edb7125cd05af8114aff0f780eb889
SHA5122191604f3073af1798dd6fe460056aa3d75dcce02b24e331c112bcfd5e8630654f8a9dd3052174ccb1ef9ea770b2884f195e6b30b484f7741b7c7fc216db5109
-
Filesize
7KB
MD57d598c8605e26cafe489544f1730d380
SHA102c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4
SHA2568194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e
SHA512f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d
-
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\lib\mappingTable.json
Filesize253KB
MD526c6da7a34c8a051a60b3592287d3fea
SHA16e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da
SHA256b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff
SHA5128ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4
-
Filesize
732B
MD536ce158498fb4f35c9a42edb60665bbe
SHA149c76b0a075effa9325c17f55c4d6472ddf3c7a9
SHA256615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779
SHA512676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55
-
Filesize
10KB
MD59bdfdca3e22b43f399180dc40f053fdb
SHA11533e72ca0202b900b90e209c4385affd458962f
SHA256b33596e8a1f8875749690db291c8990b34cdfc4a4ae4196023b77a2a3c24117f
SHA512b76997231495b1cd07b8d4e992602c04a10f29d52ee5feda863097b7985d5a97a572ea32924749f8c0a5d5ff2a1581a72516552911c26e592d6bb7b677fceeb8
-
Filesize
20B
MD521c428fea6bd57296e3d92711ca7eb0d
SHA1ec301b512cfe223b839d708e5098fcd57f6155ef
SHA25691a2b97d5ee0dc5f526bb03879c10e301699c5ae4db9cb744489050abf8b1b7d
SHA512de0d88c77a7a6a0994cf5625f031d94bd1dcf6bc2eacc76f8ff36a762f872f271fd20bb5c062308bc39ed67c7f68668144974aa09b86b28fb3df6cbec64ed63d
-
Filesize
44B
MD584fbe225f96190e9fd80dd9a3d36e25f
SHA1ce6a5a0e8b57895747549f1bed5277648c107df2
SHA256391f9f385e2d36c1c789100b6cfd6d6b45d0a0edcba093be06300e109fbb9271
SHA51231ea646e491fae44a6a04691e1174254031bb297d467172b84fa1c723936992436babe7795e1221f75121017a8d5327fe06d68b0bbf6160032e6e64c5784fa59
-
Filesize
61KB
MD54d4e8b6f6727f6bdbb5fab5f3414f0d8
SHA1a17a20dcc2babb8cf16e041490c1a986726052ae
SHA256a3017c1f2a273e3a0e1d51c331287fd3509171018df4cabce0cd86ff3d26b6b4
SHA5125113626cdffc990ec79bb485ab0a398de17e71c1ba13cbb12864268f5eb7a78647747586985ab64f97b23240638948c46c7559a68015140b7c218e64087a89ec
-
Filesize
116B
MD58fdf87cb3a1fb5d2d76c1808ca011e10
SHA1ca09c60a84fb36af3f913ddb0725109390e0c596
SHA25606ed23ec98a413b210a147d96a53d8ca365ecfda2c65fc6d6e73adc5b1d2426c
SHA512215c79b98086f4e22c4449e13bdbb68f3950c2fb6c5d5a59743b2de193b0e0d4fbc93be5c482df8c27e5578fe444da3ce2884167797196a9cff9d2ad9e89e9d6
-
Filesize
2.0MB
MD5de69057f909c088b393d2084b7797b50
SHA17fc6b978d405b752584485840b88f785df06af37
SHA256e9a3a9d5dcc3644a043354164a6d736260b9417dad144cba7264bdbd4f988488
SHA512059146702f4903bbcb434c42ced3b57ad636fb38a8665c7956824d08356c819413027bdf6e4a829555f1c354568c01028a8104388e3cc55a254042663cff2b60
-
Filesize
471KB
MD56503b392ac5c25ff020189fa38fbaecb
SHA150fb4f7b765ac2b0da07f3759752dbc9d6d9867b
SHA256add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470
SHA5129c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760
-
Filesize
658KB
MD5297a27d82811a3766fa969c297ae1a69
SHA1af93c3e8ece23361ca24a0542f06bf94d5f0f36d
SHA25631bb262511246a145c2dfe4e3bb4ac54872e7bf2222807713e8abbff10fd1d4a
SHA512fa6181019626035562e2aa7f6751dba642ac2067c78f2826e8f5da27f968e98044aee5e4cd7c0a9a03f624475a45c10100bbd59fa8b57aee471c4f6e05d60227
-
Filesize
30KB
MD518e0f66f3d09939d94b9a7c18d23e9f6
SHA12e6da2aeab8b647107d36b57ea9a687b46100294
SHA2569f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32
SHA51257eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9
-
Filesize
1.6MB
MD517c5862bac88d5f021422ff9a5cdebae
SHA1370ae08c4b41577d8eaf17726ba84678ccba8498
SHA256f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94
SHA512308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c
-
Filesize
137.0MB
MD51f1afe3eaa19389e2923984d2e575218
SHA1348302752f6869aa2b9b67e891847d8939c18199
SHA25671f1bd8cf6b61d7b11a59e0abcc28583e8c092b6b6ef80b36f438ba9caab302f
SHA5125622fc962efa3e14f19798c1cc0e734eff28168424f9d1042122947bc895ef57bef8438a5ab1ad8505507d5fcc55514e3d66bf532481f162ebe2d17c068ef428
-
Filesize
79B
MD561792456a528e8d4e83c5d79cbb011f8
SHA1f32f53deb042cb86e2141bbcab1724dbdb46da74
SHA2569419ef6b8e251e3f04ddb39f43ccc7a77b5e9827f411f0c8bbb0fb6e9f305cf8
SHA512c8f0d74a05160224f05a85e8573f8e292ea2b444ccb374458a5ae9dce0ea4078d6bb5dac0079af056c4e21a0e9dbf77986d6f8adfa254483b74ff3e7c0820db8
-
Filesize
1.8MB
MD557224988f28efe075be1ed9d9dd96a19
SHA1dc77165aadda56a212c999b6ce668ad020d6a920
SHA25625b35db89d1d4bb7fbc719f5ee37d0578cd0ab0559585c45c33f2721b13a8123
SHA51237968b63e2e6e843207359de06bbd3160b509d8a0de780a4908863747940730e222923241472cf7c3e897985b71e4c98a0e4a5e67205ad240b37c8bfc27d6188
-
Filesize
1.1MB
MD5614c451436d08f584b631455ae01932b
SHA1f343b42ad4729d575daac5af1344313959428454
SHA256551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244
SHA5128365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c
-
Filesize
132KB
MD54fe78278c727ca838a6b0a8b5d2fc924
SHA17eba94ab9295e387f43fba20fcb79bc3db1dde64
SHA256af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45
SHA512ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
1002B
MD533f641ce9bcf78111173b786efb2ee8e
SHA10b788cbf7d94a95b9d898ec629316e35447dd0f6
SHA256392ba1175497c6c8b406db8c730150952acdd383fe2a71b5b3791d621c7d20a1
SHA512c1f6f994e6123751e98a29d47813e2a17a461e15e68091a2d16f9fe2a7d897ece7eddce58ea35f384978cd8acd78a4c34afaf04fae24ab31535cf8a8e37ed611
-
Filesize
4KB
MD593a21b0e2e7615f07e3a7d5b130f1a9b
SHA1c6a825377f6aa04fd92bd7e53b7a65578c2127f9
SHA256d42e5b9c508e7f7425986b574d82c2068dff222af6f4b474aab00abe820ded4c
SHA512dab871739e8594f029db8041b59953bab8da98ab83ef810fd77b941887b8f543c9f86a7e6ddb1c4ebb064886426acad61cc202187cd56f5b29a095717d73ae88
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
1KB
MD5fae1e6f41730c4fea299014197e10705
SHA1ed0cb9f7b9b4bc89614ed35fd88ba3b1f885b9f1
SHA256dd3b8464988572987b6877dd39d54af331a39a6432a33a376df89c93704a9ec3
SHA5125f598d293be11df3a154a6fe70281ced5eed5c59ed1ca3733581f6487240300b8fac4cc3c41019c071b189289e66902810a04bd8fb218afa8bd30f43900178ea
-
Filesize
1KB
MD5efe1ebcad1952cf1012350baae6813f0
SHA1bd6079ccb9e772e343265aa091ebf240cf53be03
SHA25643b326c1eb70d7d90c44b988e6943627801b1d7ad5f54f281976aa79b7d74aa0
SHA512566ff7384b1bf8ee41d7b8774be518dddf74a67c39dd66436d534d2070e5e9571d62ce13b050db09582b11d9284754bc433e817cfa3057cd91764bee6440842c
-
Filesize
1KB
MD575a6ab019416e5749856d1f29c0ccda8
SHA169ae2000e8c09b8e088619c4e93140b8d511f41a
SHA2568b9f94874c72b0d33985921f52e29baada553a9f80624e4527a4a82af0c92d17
SHA5120cb125d5bd1e8bf3d883a203df6c0033e7cb0b9497ed42ce4aa4ea9575aebd4cc9f5c02c44a7ccd725de1690d50afc60b81d37f19a175747ac190202f03fc145
-
Filesize
1KB
MD520fe6ff136a7dba250488621502e6037
SHA170410fe0ce2de964d8138096030b1ab601405310
SHA2565dc0e5c456730aafe8a19968e11f3fcaf47eb7ac74c27ed7f8075b4921c45752
SHA512ae3bb849683ca3f01c2a133823c3fba853ae8a43f07d81686df17697355c9f9ffef9fb1eb8134b6d8983a272d8a6a92b3f00699e32c19144a2117f5e283ee9ff
-
Filesize
1KB
MD5d4f2a60afa0606dd4373f448007b3bf3
SHA1c2272f0822cd8f20b5e6ef2ab389bb0f0d05422d
SHA2563b0b66c0734067d0002951a2dd923d2bdfe7c16636c7476e134922ead1212e7f
SHA5121c99012d27285dd79c189639df4e1e2c7ebae1364596f5d0fc291c95d3d861de88dc874164e73bdf2cbfe53c8bfb33376a1cf08d997c63c8041c09a78e8e0f8f
-
Filesize
539B
MD5b1f7e92c7b4a4c45b7e6c76ecfe43f53
SHA17f40a7031fb35c032b3f76b60da9e025275fb38e
SHA256624aa2691ca971892b368fd06f79ae96b99423db1f16f972cfae76f091e7e621
SHA512c517e88815b66f77416920739a4e490026a9f0231dfdc98befd0bb79981273a1cc3977f2b93479cd1b57002dc45eb7e849e2bdbc5f3a3842b363f7a927b6ad9f
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
300B
MD5a4ce8f459fc3615a2717f3a7a1f5ddac
SHA1ca831dc1b08fa214d42e4cdb639c5977f101c489
SHA2569ed3ed69aec326d675c04ce075e9cead064f31d255352a6ce839695468617857
SHA512c2ddce8dfb11374de32db1884046f90e43c7f2b743606f3513dd825397fb74c8e759deb9529cc8fc2cf260c9773d625b71e6320d79f6e87136f26c949aa461e2
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
132B
MD5b24a5c3e9b474ec0b8816641467a1d49
SHA132288a2b1f84dfe42d960338ae17c5b3e5374ac4
SHA2568401d8b7527356b9f29e2d5b81e3c11e41ac6bbc9ec1856ca517c45e3c022861
SHA51273a944ace1fc7f933f7ce07e2f081c42e02ff9c55a6ced76312c8adca1ae4ed336916a061dc72aa8e370a7a8b50940f6b9aafeea3f1c64f19962cc4ceba8a072
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
21KB
MD51022010dfb92e817aa6ea168eecce33c
SHA100868113f54d637c4a705b8d788127fa3f927ed1
SHA25674c50f536f58b36665adc806880abd7b194bfa3eff64d294777e34d83924c7c2
SHA512de30559710309dcd279b08d580e2786f52419aeaf91af529347bb875c96b8e3908e9e3c5aec0995576e650b85b1c3775bf210e34c4d0248ccd706f78b5889890
-
Filesize
3.3MB
MD55e9d4a14141254e3efb69faf060984dc
SHA1858044159bda7c382251b893013f202b1555d84b
SHA2560ca38f058974bad41361fd0c4b5753407b93bad83a924dd085f7ff9009cd6a99
SHA512d8b5bb541650c14efbdbd90dcdb0834573fd80880329017243fb354e731a2d3fa4f52f72ff7ab7642d8615331194d5cc19cdbb5ab2c48ea3245af4c64c64d548
-
Filesize
6KB
MD50d8d560b03158bfd0f251e828f8954cf
SHA1ad59a080222425281a8810114202c77b221d799a
SHA256249817a35bfb8694a63e774694aa48072cc8dbf058f2f9f267e73678b4466898
SHA5125ccc2da369bbcad93202f2df7f78358469935b8139839f2ccfd90e910aaa06bf4650932841cd0ca37d856d0679dc581fec0d25d874644e33777bb30b9726e8f3
-
Filesize
5KB
MD5654cc89a0e4c315ec20c2af420cafc23
SHA119403497abbb0c6bbad7d192443a2fed09ce3419
SHA256506b47b40359bc616d9edacbcc0b23dc994179ea748ae6b041e09f79b3f0478e
SHA512e6a4711d88efc4eb38b2d3ea1e7afedeee56d89d7a7000fb03193a5e573964927a2212954efa9bd1572f98779d5a75be3b22eb725b4625728b74a18c46e78709
-
Filesize
5KB
MD57694684c63a3f0a3e498cbfdf682de8c
SHA19c982a87397e0dac7217b0630c7636d8ea354699
SHA256ecb49eeaaca47d0f0ddc9440bd1655c99001f951e63eb9bd969574dba85b60d4
SHA5124411f7d263d043724efbbbc9c1c31061aff313d32089c14a4d9fdc92516cf9bc871188318818b656109735bc3fb822e003b87007582126f04d233d12251b97ef
-
Filesize
32B
MD585e87aacfa3518639d14e7d44d155f27
SHA199545627fc0e0887ab04b85ffbafabe1aca15c41
SHA256008418ae69c264c53cfc6d02d9bf3d70d3596c21888c9cda6322c7ac5587e826
SHA512f12cfbb2c4b5a654f8706bf1289390f1183dd84f4a6101e26c587861d6d87d83c733819a86932320adacabc3b877fd8a9139d4319f5f925476f3f8015a3cbcc8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
112B
MD56f73ba284c314b3611dc9a4b038d87c7
SHA1477d00f337956e319474087ca2756c19691555f6
SHA2560595eb24423c944144f70645c86f260e46fd6412c1dbdf5ce8386a6cb6fa111e
SHA512bbffc1a5bd0bc359065aa94657bc7952ebb490512ff0aac6df990a5268041393224f653f30f0b20853acd4bdd51c27f335c555274440072df619a1e2cce25d02
-
Filesize
112B
MD50758fff1eb2e1df43ab6497530a99ed5
SHA178547dd064a622270e82a564dbddde079562e616
SHA2565eaf4c6bb17b8108c4b1109bf78ae1204d2c749b5e5f91ac218c3d30fc5454e2
SHA51252566621051fd14ca61653b6790a37cdfad4887a4b0c96e8bd2ceb93a6ba0529131eabd76a06916ccea80f1d09875dce8e8084956d4a0fdc890f7ac9183d91ed
-
Filesize
143B
MD57abeafcd67c6ff0487f2da9882a954bf
SHA180700e8d03325542f0dfd78788a38f837e48e4f2
SHA256a20a26ec45668630a17387ff9f794c4d6fae15b34527427e38cb42566508d0bc
SHA512a30070df3b678b86a9ab7ff1ddf1950ccf92fac8082015eab77077039d45c58aba6bdb803c914bd98e46891aa728f2c42254906643ad016829f0e980b8e52542
-
Filesize
62B
MD56092abef46713067bb15ee113d8d1b6c
SHA1a45b39a34f9f760ad6ac14195b38b485e8e19f19
SHA256798967800161e8a9b3a909ac05dd4e98a344cb64291bd9c89525f3bce21a2db0
SHA512bef7ce00e13160b97bb0c65cbcffcc541679303a13f3be95251305c4b0ca08e36752c58c9fdcff74ce2edadbe887ce6d947199dead4c2b56f8421edd5681724b
-
Filesize
3KB
MD59c91830a2ccca45a9c67f22d54dbd9bc
SHA1961c68182b8a6caaf31a9bff77a62cff6d599f16
SHA256787b38ea664adf0df801ca69f3ce7d15b379940919b13c80512406daac17b63b
SHA5128a13ca8c9844e0f3fdbefd06114270ac19acbbe22a423d6f6dc8778f907d68bb5117c0b6deae3fa26e33cf39f0c8a73d85f48933f5d7d6383fa407bfe90d90e0
-
Filesize
96B
MD5c0d64351ed8335f4af050c1aee6796f4
SHA12202dd83269961bc121068276abe13f206f3d203
SHA2563cd5264edca085036251fc396abff2963f7e94709365bfb6da42a48e5c967cd4
SHA5128a11b5a5a4929ccf4bcafaf2397763b727aafd3992d074ea6cc7df328e65b46acbe25ced53d4748909738edbc375124f08646daf54cbcbe0ba42b5ad11df8e80
-
Filesize
1KB
MD5991b628d4f9050dde04ee9c9c52808fc
SHA183a7d730dc275bc4caf496128a3adc0f42622f33
SHA2565e155dba64ef96c9032d95d119c1dc59fb99bda90cb9ba062d64a09d14ff046e
SHA5123adcc34a292c08401f284b59d9042b43414d7af22dee9df2fb169a3f12f438a0d1495724a31e7b821d1b95888768ef04b94c1c31d9afda59d6158a20f67b749e
-
Filesize
1KB
MD5594a3b8db3afe733ecec56da16323cf3
SHA1ea237a61ddc5ff02f06a926b9ec1a5fb51551ac7
SHA256ba3551845b942a6cbeaf5ff5be80681b835397a2e339196ecaeeed8f87fef58b
SHA5123d0cc833da3132c89949fa6e7cf79cfd3a1f13f34e55e26f5cf91b4b2ed826f1fbcfbc7964fc01012647ab5297ad89bbb7e6c67c9cb474798ba58ed0b1c2486d
-
Filesize
1KB
MD565a607111b0a52308e7b9a5f1c00811f
SHA18e86955e3255d40873764918e4e976e83649f24d
SHA256fc0c785e8add0f9344790081c244ade719e8ef34feb57b1be98d5c494b88cbc8
SHA512c6a03ccf6aee79ee7845b92cd8feaa64beae2afdb2945a6092a0dc8b3a54cbd9b6dbfd223bf173faf2944f7da4cc54d3a4848a9c2388ca2af300ddd3217bbf4a
-
Filesize
1KB
MD5f698aac97199bbd7889af5ac112e94d8
SHA152a4e56ef10a1156fc95bd2e79ffef75bf738d4a
SHA2562c0d3745b1aef9100c0c698f47c1ad3ca5b1c5ed21e316bd9280b761514af365
SHA51277bd2841bdcefab1c0d9dfcba6cf96996d42e676bd0f97dab02a5ca2ac7f94b063b5ccd3e7d2f4bf127f412ce8fe9c1a67a87973a8addc325b75f189044cc54e
-
Filesize
689B
MD5bcd466a2a46570985dd3932978436d8a
SHA141fbd36c69b9e2d043df86195d6a98e865e8b179
SHA256cf6f236dcc64edbab54a70061f1412c47a8788e2ae3a269c460799e99c9023c7
SHA512e44ddac039e13af105e1db45e6d6b10a50da157c575d13393cdf474c1f61f4bf61a7fe58c612305e8fe795fbb2076d8959227975d94c9cf87db7e70fb4365657
-
Filesize
1KB
MD52d8e18900dac5ca2bdd6e42700802b90
SHA1bc58ff899738a7b4ccf442aa66122a44f6fe90d6
SHA25649088e692809f57e1bc72e585574dd43d7d9342dde8674200e04ea79a0aa8cee
SHA51245569fc5bde0df0f10838090a48da3d0baddecac55c8fd846238a19325f7f6d3429dd2373f85c0908f102f7905e5fa21cf6da11d01be9dd044d86f951e557065
-
Filesize
1KB
MD524f11181e5d63e9e3598c725415b85ab
SHA13f232b4528c9e484a1c4c3e873c96ee04ca966d6
SHA256441f24b6a58cf5cdb1e4689dd05bc7db362857f0593ca2a34ad9b7ad1cef4015
SHA512fb8136933c742861f42bb53169ae2ddb49fd9a28a459f9c82430d48e11597e8517ad5122b85099f5e2fd3d26e289ea3199a7394e67a0daeb1b51b9633cefee08
-
Filesize
2KB
MD599954bad6f7f6e9dc546c9ee5c6a6cc2
SHA1a467f0e3852c562c05eb84b91b50f124c68ab61e
SHA25698e3e082709c38e29b8f4ef76962de2c3ee49c0bebb1206da075e89ff31a9bb4
SHA512a19466885fad6eb133d9b26356716a6eee8080acbbf62ecfd8942a35de6bab49c3202be0e22d135e02822a07175ef5de2fd728a5fb23a460a7d33bcfa00cf8fd
-
Filesize
2KB
MD5c9fe6c769aaa296cc9a351b11c1107ad
SHA1ceb568cb12a48718e8969bace8a756fef2d82269
SHA256db7953d8eb3fcf4257b69d0f3b276f09355a24ac0f05f766923a304d10fba4ad
SHA51221f6dd5cba36608279dcfac4d7d1d4b701c25378e648f17be9c65e6b7b58f614c2fe410b047fe9ec983fe971c80e0b2c639b6d418a7d7599756f4a9e0d03d16a
-
Filesize
2KB
MD53c8fd983d66f35e016defe2ec41ea9bd
SHA1478747493ab99eac17541c3a3da94eb378584ea9
SHA256b92a6a00e7aa146549a4352b8e0063107efef4a0dae3972a9ac072588156fce6
SHA51217810eed41d680288fcc56d683dec768c91d863c436f10cd079aa2f7b105644994ce44f741aa613b551c6b6ca06e4d705ed05374c595501f459c51d13fa9f622
-
Filesize
2KB
MD54f80c077ef8407ab87d333dc55ad9b30
SHA1c750411bde1b390dc3dfe9b2d01425c5b7cf14f8
SHA256ab8476472937dfacbdbec756d8641e67594b09dd53cde309ad41b9e1364e6b30
SHA512c766cca6abf5f52fb93f2600729711a27b3ffa03129b80c6279d35ba649c7fa5f48e6c7489318136a34eef631d253d4104763eb873e7fd7737ebfb229e5f99d3
-
Filesize
2KB
MD55054cb1ad9c51e458ab7b269d49814c3
SHA19509c28cfd523b863835f1429ffaf258d049b109
SHA2562e527a20cc06b2c42330fd0bff0686706cab3ebeaeb037ee0c5535d7b3173083
SHA5124d1f4acef6bca053b29d5d08c8aebd121de2553002beff16760407a45b39cab0a0da0483af9f99243720989d6d6295c1c4be78da1ec8558c75cd3af0a4897bba
-
Filesize
1KB
MD5dd351ed62db4a8a394472235981c9310
SHA169393267f1397229de6270098500c187260c55c6
SHA2569a971129bc78435f744708faeddc859f2b1f2fbd8909ec283cd1ae698269f996
SHA51205b3c94d6f3604be97f3ab8b8ecd4a04f144a878a2a89f0720c9f38c8a1f3e2039160c0b5f4e2355745417ecdf641d085ae9c25f708cfff2635ac114bd39c659
-
Filesize
2KB
MD5bf6defdde8b70269a61041e71d855c7d
SHA15dea507190adc6ea540e4367c4d1a3337e8f81eb
SHA256a6c94025bf1d3be1e62abca3506f49a26f289aba1208b97a04d5fbcbff85f04a
SHA51269e1d0699eb8564955dc76f92b38af8afe181e50f967147dec389054530ec58b3f0f15f499168509412ee1d275fecb3364b164ff2efaf8022650335387eefae9
-
Filesize
118B
MD5108dfbaaece2c4be12844ec7aa27cadf
SHA1804c5bcaf817a749f525c2217a3036addb5c4657
SHA256ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848
SHA5125f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6
-
Filesize
55B
MD5e28f67e927a44d7643bcdaed6836aed1
SHA1fc99964a9ba75e98b18fbd2dc193d8c8dceb2329
SHA256a0cca27771871c617a00308820b0119dc5058ccf11e7e52b9538ad683b6ef254
SHA512b77762c9a6865422c1166b0d1a68fece9b717fcb58debcb0b76ca33c9e2c9114acb52c42a9c6878340fc4aa69c125c982dddf3bbeb5a02b918f019febef2c143
-
Filesize
55B
MD58e9d0aa7623ebf158393e7dad31d55ed
SHA1c983b11a3a30bfdf18ec84f02a32ed9e2e1c79b3
SHA256defcd5289faff345ed7f3932f679625d560777e04b2f7789120b7c0f1f3c1141
SHA512829058423ec710a180abbc2a0502fcb40ce68ed24b6d7757f6d74c90cdd601dcc9628d4a19c2aab3cc1e70e5b17a35982ffa5af4b47c4fa86bf59a637e261c27
-
Filesize
115B
MD509cbd1dc825edb182cd0c1e483673538
SHA1207fe92b007b39c68883d3bb3938bc1a2442e51b
SHA2569406fb02d71f3d848a5546e5bd34217e2841862a09b747f6917324a37ac3d2a0
SHA512f4ec4c831223f0818c1eb12ff3975a4c4ea6f36a9e4f82a194fb88f8a91dbf4456f5abbdb8ee2a87496022581f3a5ad181970687f06da4e64c553373292c9930
-
Filesize
18KB
MD573b7ca26b5aed5c023e69a48dd0fa256
SHA1e694d4634cb20116453a3fe01f7b688dc7b591a6
SHA25666b8a64f16309fdb1c27338ad95768a93ab9f94a012c258b9266d152080b7e03
SHA5123aca30a75af2478abcb1da2e4c8374d92f8a86db814e7ef3265a1d173ed90b0f8f036d7aa258809e658455270e2552168df4a6b9e829892827869e709b7a8d0e
-
Filesize
115B
MD5a5b9ad2a54151ff0f272bd76eff7064e
SHA11b6b794a72bc82c0e1dae662bf77d536fe6edd68
SHA2561771b013d2125b927a86170e7316724428d241742137a5377214795ecd2a4c5e
SHA51283db3e638d677688340d389aa445b357845763a4ee3a7b249b71daa9ff414e8c056e8ab8c483713757e9f5f88630339dd4571a8063887b7b6c459ff30ea0ae2c
-
Filesize
4KB
MD5d18c32243a75c105273273872328ff30
SHA1a76e36bd0a11f77e68ccf247069048cfdf896595
SHA256edeff54dae917545a12775f9f3622ef1d2d42ce471a4a039563be85fdeae81c5
SHA5127973c21c10bbd25ba2fd50cf60bcfd35936dbb18d2314ce39c6975b5cbd202b0646a844f05a30f40fe00cd36bf0b2b8ab21b43b28e8a0858b132d2f98ddb37fe
-
Filesize
2.6MB
MD5ee8851a16185d4a89cbb050f41850bf6
SHA1249cf372165a99f83f08586b2da048da6a100a5c
SHA256ff58a1a30d30d178f35bed269d4536b835f8ad07ddc791d3d5bd8652b8f0f266
SHA51285546e191d183b4576fcc91408f2f1f285b5eab9a077cb6cc93315b4d798b016e3d45707a1e6171fa49cd5e0c55c4586d60c65d800d1736a7d3b6b630e26ebc1