Analysis Overview
SHA256
13cd8411e4cc767181a62da50d8b1b6cf1506c596bc275374a14265195b2143b
Threat Level: Shows suspicious behavior
The file MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
Modifies registry key
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates processes with tasklist
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:29
Reported
2024-04-04 13:38
Platform
win10-20240221-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\"" | C:\Windows\system32\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\--squirrel-firstrun\" \"%1\"" | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\URL Protocol | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\ = "URL:medal" | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-install 4.2378.0
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4d4,0x4b4,0x4cc,0x4a8,0x4d8,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
C:\Windows\system32\reg.exe
reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Users\Admin\AppData\Local\Medal\Update.exe
C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1916 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-firstrun
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4b4,0x4bc,0x4c0,0x498,0x4c4,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
C:\Windows\system32\reg.exe
reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1852 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2544 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"
C:\Windows\System32\Wbem\WMIC.exe
wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3948 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:1
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3740 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
C:\Windows\system32\reg.exe
reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"
C:\Windows\System32\Wbem\WMIC.exe
wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe
"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
C:\Windows\system32\reg.exe
reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4400 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4404 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"
C:\Windows\System32\Wbem\WMIC.exe
wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version
C:\Windows\System32\Wbem\wmic.exe
wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4
C:\Windows\system32\cmd.exe
cmd /c query session
C:\Windows\system32\query.exe
query session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version"
C:\Windows\system32\qwinsta.exe
"C:\Windows\system32\qwinsta.exe"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe
"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
C:\Windows\system32\tasklist.exe
tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\b540bb0d.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 08c2bc65-c487-4053-ad74-f645bbdb62f4
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe
"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb2 --initial-client-data=0xdbc,0xdc0,0xdc4,0xd9c,0xdc8,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
C:\Windows\system32\cmd.exe
cmd /c query session
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
C:\Windows\system32\query.exe
query session
C:\Windows\system32\qwinsta.exe
"C:\Windows\system32\qwinsta.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
C:\Windows\system32\tasklist.exe
tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\4e061894.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 5a1f3716-a21e-47e7-853b-7040fd804226
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe
"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb2 --initial-client-data=0xc4c,0xc48,0xc44,0xbe8,0xc40,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de8
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe
"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe" 2
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k smphost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.medal.tv | udp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | sentry.medal.tv | udp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| US | 8.8.8.8:53 | 138.111.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.162.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | ampltd2.medal.tv | udp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 104.86.110.209:80 | apps.identrust.com | tcp |
| GB | 151.101.60.193:443 | i.imgur.com | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | cdn.medal.tv | udp |
| GB | 104.86.111.138:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | 209.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | builds-cdn.medal.com | udp |
| US | 172.67.70.24:443 | builds-cdn.medal.com | tcp |
| US | 8.8.8.8:53 | 106.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.16.166.44:443 | ampltd2.medal.tv | tcp |
| US | 8.8.8.8:53 | cdn.medal.tv | udp |
| US | 104.18.162.67:443 | ampltd2.medal.tv | tcp |
| US | 151.101.2.217:443 | tcp | |
| US | 151.101.2.217:443 | tcp | |
| US | 104.26.11.238:443 | tcp | |
| US | 8.8.8.8:53 | medal.tv | udp |
| US | 104.16.166.44:443 | medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | 44.166.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.11.26.104.in-addr.arpa | udp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.200.10:443 | udp | |
| US | 54.146.115.196:443 | tcp | |
| US | 15.197.213.252:443 | tcp | |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.115.146.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 15.197.213.252:443 | tcp | |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.213.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-v2.medal.tv | udp |
| US | 104.16.166.44:443 | api-v2.medal.tv | tcp |
| US | 104.18.162.67:443 | api-v2.medal.tv | tcp |
| US | 8.8.8.8:53 | sentry.medal.tv | udp |
| US | 104.16.166.44:443 | sentry.medal.tv | tcp |
| US | 8.8.8.8:53 | cdn.medal.tv | udp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| US | 104.16.166.44:443 | sentry.medal.tv | tcp |
| US | 8.8.8.8:53 | o150878.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o150878.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10703 | tcp | |
| N/A | 127.0.0.1:10803 | tcp | |
| N/A | 127.0.0.1:10903 | tcp | |
| N/A | 127.0.0.1:11003 | tcp | |
| N/A | 127.0.0.1:11103 | tcp | |
| N/A | 127.0.0.1:11203 | tcp | |
| N/A | 127.0.0.1:11303 | tcp | |
| N/A | 127.0.0.1:11403 | tcp | |
| N/A | 127.0.0.1:11503 | tcp | |
| N/A | 127.0.0.1:11603 | tcp | |
| N/A | 127.0.0.1:11703 | tcp | |
| N/A | 127.0.0.1:11803 | tcp | |
| N/A | 127.0.0.1:11903 | tcp | |
| N/A | 127.0.0.1:12003 | tcp | |
| N/A | 127.0.0.1:12103 | tcp | |
| N/A | 127.0.0.1:12203 | tcp | |
| N/A | 127.0.0.1:12303 | tcp | |
| N/A | 127.0.0.1:12403 | tcp | |
| N/A | 127.0.0.1:12503 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10703 | tcp | |
| N/A | 127.0.0.1:10803 | tcp | |
| N/A | 127.0.0.1:10903 | tcp | |
| N/A | 127.0.0.1:11003 | tcp | |
| N/A | 127.0.0.1:11103 | tcp | |
| N/A | 127.0.0.1:11203 | tcp | |
| N/A | 127.0.0.1:11303 | tcp | |
| N/A | 127.0.0.1:11403 | tcp | |
| N/A | 127.0.0.1:11503 | tcp | |
| N/A | 127.0.0.1:11603 | tcp | |
| N/A | 127.0.0.1:11703 | tcp | |
| N/A | 127.0.0.1:11803 | tcp | |
| N/A | 127.0.0.1:11903 | tcp | |
| N/A | 127.0.0.1:12003 | tcp | |
| N/A | 127.0.0.1:12103 | tcp | |
| N/A | 127.0.0.1:12203 | tcp | |
| N/A | 127.0.0.1:12303 | tcp | |
| N/A | 127.0.0.1:12403 | tcp | |
| N/A | 127.0.0.1:12503 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| N/A | 127.0.0.1:10603 | tcp | |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:10603 | tcp |
Files
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 57224988f28efe075be1ed9d9dd96a19 |
| SHA1 | dc77165aadda56a212c999b6ce668ad020d6a920 |
| SHA256 | 25b35db89d1d4bb7fbc719f5ee37d0578cd0ab0559585c45c33f2721b13a8123 |
| SHA512 | 37968b63e2e6e843207359de06bbd3160b509d8a0de780a4908863747940730e222923241472cf7c3e897985b71e4c98a0e4a5e67205ad240b37c8bfc27d6188 |
memory/2108-9-0x0000000000310000-0x00000000004E6000-memory.dmp
memory/2108-10-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 61792456a528e8d4e83c5d79cbb011f8 |
| SHA1 | f32f53deb042cb86e2141bbcab1724dbdb46da74 |
| SHA256 | 9419ef6b8e251e3f04ddb39f43ccc7a77b5e9827f411f0c8bbb0fb6e9f305cf8 |
| SHA512 | c8f0d74a05160224f05a85e8573f8e292ea2b444ccb374458a5ae9dce0ea4078d6bb5dac0079af056c4e21a0e9dbf77986d6f8adfa254483b74ff3e7c0820db8 |
memory/2108-12-0x000000001B300000-0x000000001B310000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\Medal-4.2378.0-full.nupkg
| MD5 | 1f1afe3eaa19389e2923984d2e575218 |
| SHA1 | 348302752f6869aa2b9b67e891847d8939c18199 |
| SHA256 | 71f1bd8cf6b61d7b11a59e0abcc28583e8c092b6b6ef80b36f438ba9caab302f |
| SHA512 | 5622fc962efa3e14f19798c1cc0e734eff28168424f9d1042122947bc895ef57bef8438a5ab1ad8505507d5fcc55514e3d66bf532481f162ebe2d17c068ef428 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js
| MD5 | b0adfc74c8e51ce2ab659bfc13752ed3 |
| SHA1 | 1b0879db53a00bbfeddcfdc0c190901387bab7bd |
| SHA256 | a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d |
| SHA512 | 4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js
| MD5 | dfb2813673ea5279a9aa7305e5fe33f3 |
| SHA1 | 6e6491c1ab3389433d1b39a33b3ac8760649a2c8 |
| SHA256 | 5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe |
| SHA512 | 53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE
| MD5 | ea817882455c03503f7d014a8f54f095 |
| SHA1 | dd164bc611bca7ba8ead40ec4c2851081e5a16b9 |
| SHA256 | 1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39 |
| SHA512 | 0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff |
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
| MD5 | 614c451436d08f584b631455ae01932b |
| SHA1 | f343b42ad4729d575daac5af1344313959428454 |
| SHA256 | 551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244 |
| SHA512 | 8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c |
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico
| MD5 | 4fe78278c727ca838a6b0a8b5d2fc924 |
| SHA1 | 7eba94ab9295e387f43fba20fcb79bc3db1dde64 |
| SHA256 | af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45 |
| SHA512 | ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2 |
memory/2108-1103-0x00000000200D0000-0x0000000020108000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h
| MD5 | 4c8fce7c4f0bee30b8f03d94fba5b66c |
| SHA1 | 4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5 |
| SHA256 | bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466 |
| SHA512 | 0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h
| MD5 | 4ef9928ec21c398681ed3357aa400c48 |
| SHA1 | 5bafcdf7c4ff860ce7f94c5260159e7bf063243b |
| SHA256 | ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0 |
| SHA512 | c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\squirrel.exe
| MD5 | de69057f909c088b393d2084b7797b50 |
| SHA1 | 7fc6b978d405b752584485840b88f785df06af37 |
| SHA256 | e9a3a9d5dcc3644a043354164a6d736260b9417dad144cba7264bdbd4f988488 |
| SHA512 | 059146702f4903bbcb434c42ced3b57ad636fb38a8665c7956824d08356c819413027bdf6e4a829555f1c354568c01028a8104388e3cc55a254042663cff2b60 |
memory/4360-4084-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
memory/4360-4083-0x0000000000DE0000-0x0000000000FD6000-memory.dmp
\Users\Admin\AppData\Local\Medal\app-4.2378.0\ffmpeg.dll
| MD5 | ee8851a16185d4a89cbb050f41850bf6 |
| SHA1 | 249cf372165a99f83f08586b2da048da6a100a5c |
| SHA256 | ff58a1a30d30d178f35bed269d4536b835f8ad07ddc791d3d5bd8652b8f0f266 |
| SHA512 | 85546e191d183b4576fcc91408f2f1f285b5eab9a077cb6cc93315b4d798b016e3d45707a1e6171fa49cd5e0c55c4586d60c65d800d1736a7d3b6b630e26ebc1 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\v8_context_snapshot.bin
| MD5 | 6503b392ac5c25ff020189fa38fbaecb |
| SHA1 | 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b |
| SHA256 | add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470 |
| SHA512 | 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
| MD5 | 36f4fecf0ae0e64d7e96a8e2654acc60 |
| SHA1 | 9ddca82682f8edb3362beafff15c4f975c0c1d47 |
| SHA256 | c8c7ef2267391bb3498e27454bd5ec277672a47d63096d9e33e124b6235bb58d |
| SHA512 | 94b60d2c6c8767bdbd2a4cf997ccf3ffc690419453543194b363c15695934675ff15ed7686ac77c53602ecfed32fe6431eb55b5bd2a42202597df92223de449b |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\package.json
| MD5 | 9bdfdca3e22b43f399180dc40f053fdb |
| SHA1 | 1533e72ca0202b900b90e209c4385affd458962f |
| SHA256 | b33596e8a1f8875749690db291c8990b34cdfc4a4ae4196023b77a2a3c24117f |
| SHA512 | b76997231495b1cd07b8d4e992602c04a10f29d52ee5feda863097b7985d5a97a572ea32924749f8c0a5d5ff2a1581a72516552911c26e592d6bb7b677fceeb8 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\index.js
| MD5 | 5e2fbb9d655e0dd204e8d211ec1b4d0c |
| SHA1 | 440dc879e7fb836d97a5f5a40f016bbaa1b7f588 |
| SHA256 | 8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9 |
| SHA512 | d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\main.min.js
| MD5 | f3685735e0d27d4dfbc0e4e86769d4ea |
| SHA1 | 61944c564aa7c0b60812ef9d26e6114ac608f83d |
| SHA256 | 8c1a4470a25dba99f997a7d9de66afedf67f3312d419b15f4316f7d921ce76cb |
| SHA512 | e60a6ad57ea46251c4710e3611b2bbf9b440464b0060e41735171c51e14a0a988c482c652cbf527722773b3b133e92da24534a47f7dd0d8408d8f20d8976841c |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\index.js
| MD5 | fddcc2097091479666d0865c176d6615 |
| SHA1 | 55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694 |
| SHA256 | 55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c |
| SHA512 | 252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\package.json
| MD5 | b3ea7267a23f72028e774742792b114a |
| SHA1 | fe112804e727b4f3489e9a52900349d0a4ed302c |
| SHA256 | 3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757 |
| SHA512 | 01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\common.js
| MD5 | 28e94a3cc7d081498bea5ced383038f6 |
| SHA1 | c9707394c09387b56864a8865158d29fd307774a |
| SHA256 | c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37 |
| SHA512 | 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\node.js
| MD5 | 6e63fda079262f01e14f03bdf77146c0 |
| SHA1 | 481608e3c95722f3a474336e5b777a6a521e76f9 |
| SHA256 | f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559 |
| SHA512 | 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\index.js
| MD5 | 7d598c8605e26cafe489544f1730d380 |
| SHA1 | 02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4 |
| SHA256 | 8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e |
| SHA512 | f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\lodash.js
| MD5 | bbb588cc4360df5d317ebff5f5c1ac9c |
| SHA1 | 03d60d1510d24a952ff370b77035b031a87c4158 |
| SHA256 | 4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54 |
| SHA512 | da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\package.json
| MD5 | 188f386c15507c982c3e0d5a2db5b60d |
| SHA1 | 2c1ec9f730323c72f6f76e73f48b24902cc853c2 |
| SHA256 | 8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2 |
| SHA512 | a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\index.js
| MD5 | 83c46187ed7b1e33a178f4c531c4ea81 |
| SHA1 | ea869663486f513cc4d1ca8312ed52a165c417fa |
| SHA256 | e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9 |
| SHA512 | 51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\package.json
| MD5 | a682078f64a677ddad1f50307a14b678 |
| SHA1 | c290eb97736177176d071da4ac855ab995685c97 |
| SHA256 | 1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40 |
| SHA512 | 9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\templates.js
| MD5 | 790b7b8bf5ed00feffce05aac1c79492 |
| SHA1 | 5ac0afae48c626cc6474268c725342039e5e5ef0 |
| SHA256 | 6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f |
| SHA512 | 2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json
| MD5 | 21c428fea6bd57296e3d92711ca7eb0d |
| SHA1 | ec301b512cfe223b839d708e5098fcd57f6155ef |
| SHA256 | 91a2b97d5ee0dc5f526bb03879c10e301699c5ae4db9cb744489050abf8b1b7d |
| SHA512 | de0d88c77a7a6a0994cf5625f031d94bd1dcf6bc2eacc76f8ff36a762f872f271fd20bb5c062308bc39ed67c7f68668144974aa09b86b28fb3df6cbec64ed63d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\index.js
| MD5 | d98f7c699c54e0e90f408a44feb3188b |
| SHA1 | 0ffd660201ce0749053d108c53e5606b9da158d6 |
| SHA256 | e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7 |
| SHA512 | 7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\package.json
| MD5 | 65f30030f0e7b2eff552eaabd8bb1fe1 |
| SHA1 | 5dee8a540c467ffbf9025481180c77a06a9f46f2 |
| SHA256 | 71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0 |
| SHA512 | 763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\bindings.js
| MD5 | 13c05ea1a2f638b707aa56eea958810c |
| SHA1 | c93878e75a9f0545f73aa8d6fba3a761c4ceda36 |
| SHA256 | 8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6 |
| SHA512 | f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\package.json
| MD5 | 17005447df8440e0e386849b8fa2b682 |
| SHA1 | 14bbbadeb1307b1f711ee10093d5b46a7889677c |
| SHA256 | a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c |
| SHA512 | a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\dist\async.js
| MD5 | 8e1598d40fb098345d3a535b64283ded |
| SHA1 | 69a84082a52a16bb9d3842729265d6d852687631 |
| SHA256 | df034df3912bed7ddc43844d7318c6aa82fbb90046053e8b97fbe1d69825d153 |
| SHA512 | 5c50096857817ab1799891876f1b84d4ed245cd9a7488e23cbf6e69e514eee0220b1c00b4c262ffa8ae8ae81421c11496f3b1459d590b4c646c1aec1736aa828 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\package.json
| MD5 | f61c8b5330d5b02b636e3bc1f919b38d |
| SHA1 | 435a1425e76245b3817da540d9184b6392ecda71 |
| SHA256 | e77ef78b8bb1e7e441778f069a7b1e5d394ac1b5f1b06e6eecce9bcb89a148d7 |
| SHA512 | 49cc14e13a4772ebebd4358437d94f704198014f2fea96b87d3178c80478067791d4b4462f54c34cb5eee1c3bc54457e5eda9f97e220f98b0d2523a5c8c68bdd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\blake2b.js
| MD5 | 6d4fdddbe0e3df6ede11846ac2d9f104 |
| SHA1 | 16ed563b7e5eb247279479de76bea594fab392f0 |
| SHA256 | ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9 |
| SHA512 | f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\index.js
| MD5 | b792856285e9760aac0ca447b4cdad32 |
| SHA1 | c3f23229d5855aa849565a6f4dee345b4471e53e |
| SHA256 | 7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64 |
| SHA512 | a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\package.json
| MD5 | 0d8a61020dfcd3eacd3203aac69c4758 |
| SHA1 | 9aaf999e183e6a5a65bc8d7ac4bea3f99be250e3 |
| SHA256 | eb9b447bd66da6845b8c637526f65f9c792bcf8c242e9c1ce4f78f3b474b2445 |
| SHA512 | 2c0addcbd2b57d28eb13ac9faa64aa9b741c4797e97afffe12341d803aa34403fcee226604bf3407246349f8bcd21faf76198b8c2a609ec682ee93c98d258d08 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\index.js
| MD5 | b1c4d73faad73d98b01810cde1eb52fb |
| SHA1 | 67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce |
| SHA256 | 0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd |
| SHA512 | bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\package.json
| MD5 | 85f6234e8249e84f2a2361d5142707a3 |
| SHA1 | d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef |
| SHA256 | 5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541 |
| SHA512 | e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\index.js
| MD5 | 44d45c7081a567a4d0cb4bbb36bf6be6 |
| SHA1 | 69a7954eab536502b052557d5911acb9de503dad |
| SHA256 | 5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb |
| SHA512 | 0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\package.json
| MD5 | de6935b833716ef4d703b58e188ace78 |
| SHA1 | 01cb598615db0cb08979b3ff1e4324d047eb1fa0 |
| SHA256 | 2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd |
| SHA512 | b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\index.js
| MD5 | 350e95a4d11b533abbd5d4414d38005f |
| SHA1 | 37f2bb772cc953169bbfc13087b13ba6952ed8b3 |
| SHA256 | 89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064 |
| SHA512 | 8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\package.json
| MD5 | 88595359281788f64142b0938af3f9db |
| SHA1 | d35800917d86c3d104b9142926e9daa2ba4bf3dc |
| SHA256 | 47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870 |
| SHA512 | a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\stub.js
| MD5 | 62063cc3b8565061daaddf496dd15731 |
| SHA1 | 206166851431982536333b4a1b9c31f9e5111295 |
| SHA256 | 3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6 |
| SHA512 | a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\index.js
| MD5 | d359d8698706d059e14b6f3eeedced8c |
| SHA1 | 9acb5276a78ed09acf81a62e1db439217aff85cf |
| SHA256 | 6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773 |
| SHA512 | f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\package.json
| MD5 | 16fd5b35f0cbaed2b0b719e69f9f5a4b |
| SHA1 | 7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4 |
| SHA256 | 9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c |
| SHA512 | a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\lib\mappingTable.json
| MD5 | 26c6da7a34c8a051a60b3592287d3fea |
| SHA1 | 6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da |
| SHA256 | b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff |
| SHA512 | 8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\package.json
| MD5 | 36ce158498fb4f35c9a42edb60665bbe |
| SHA1 | 49c76b0a075effa9325c17f55c4d6472ddf3c7a9 |
| SHA256 | 615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779 |
| SHA512 | 676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\index.js
| MD5 | d6c53f5a0dd8f256d91210ad530a2f3e |
| SHA1 | 0f4ce3b10eff761f099ac75593f7e05b149ae695 |
| SHA256 | aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3 |
| SHA512 | 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\package.json
| MD5 | 2630a1ac039c8970c8fb0daf0f2f03c4 |
| SHA1 | ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7 |
| SHA256 | 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb |
| SHA512 | a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js
| MD5 | 67711547b1766f72c279f23cb8e6cfeb |
| SHA1 | 2b404eb9de9b81bc5a758a18244d66e497ec06e6 |
| SHA256 | 7f1cb3728c432ce4f796f7d70fa44d17383811e4028cd3ad35b340599cf05f61 |
| SHA512 | 16ad783d56a6477e141a0b0479f0f87c63dd571996490692fbed8b8ee422d33a1625f5a4aaafd7e29fbc45e71ca73c8c85cedad961abec39f7131f428381708c |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\index.js
| MD5 | f1d2cfebcfeb0bbebdc649f14c890cd6 |
| SHA1 | 94a1d57b67c83c95d48d4fcde53942f012518d42 |
| SHA256 | fc780fe9c792729536e92b506ea20d642e9135ba2f0891c04e3a7965bc52c524 |
| SHA512 | 8c2302557596fc99dcb48a68fac45128ca1c4676be33bcd47505b57b0150c38895462f48148e48d0205bd0d78a4c972d81b811d1085f8da6f78f18c2e73a0dfd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\package.json
| MD5 | bc1654a40e474095d945850841a17ecc |
| SHA1 | ee2b067153f014a2616eae1a1fb1cd1f763b5ec8 |
| SHA256 | 1e44359c41302af8cf600363c7346d2011edb7125cd05af8114aff0f780eb889 |
| SHA512 | 2191604f3073af1798dd6fe460056aa3d75dcce02b24e331c112bcfd5e8630654f8a9dd3052174ccb1ef9ea770b2884f195e6b30b484f7741b7c7fc216db5109 |
memory/2108-4150-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources.pak
| MD5 | f5ab76d2b17459b5288b6269b0925890 |
| SHA1 | 75be4046f33919340014a88815f415beb454a641 |
| SHA256 | 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c |
| SHA512 | 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
memory/4984-4157-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
memory/2108-4158-0x000000001B300000-0x000000001B310000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
memory/4984-4159-0x00000000033E0000-0x00000000033F0000-memory.dmp
memory/4984-4173-0x0000000001260000-0x0000000001280000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\store.json
| MD5 | 8e9d0aa7623ebf158393e7dad31d55ed |
| SHA1 | c983b11a3a30bfdf18ec84f02a32ed9e2e1c79b3 |
| SHA256 | defcd5289faff345ed7f3932f679625d560777e04b2f7789120b7c0f1f3c1141 |
| SHA512 | 829058423ec710a180abbc2a0502fcb40ce68ed24b6d7757f6d74c90cdd601dcc9628d4a19c2aab3cc1e70e5b17a35982ffa5af4b47c4fa86bf59a637e261c27 |
memory/796-4214-0x00007FF8B97B0000-0x00007FF8B97B1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.759611636
| MD5 | a5b9ad2a54151ff0f272bd76eff7064e |
| SHA1 | 1b6b794a72bc82c0e1dae662bf77d536fe6edd68 |
| SHA256 | 1771b013d2125b927a86170e7316724428d241742137a5377214795ecd2a4c5e |
| SHA512 | 83db3e638d677688340d389aa445b357845763a4ee3a7b249b71daa9ff414e8c056e8ab8c483713757e9f5f88630339dd4571a8063887b7b6c459ff30ea0ae2c |
memory/4984-4231-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
memory/4360-4237-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
memory/2108-4276-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\store.json
| MD5 | e28f67e927a44d7643bcdaed6836aed1 |
| SHA1 | fc99964a9ba75e98b18fbd2dc193d8c8dceb2329 |
| SHA256 | a0cca27771871c617a00308820b0119dc5058ccf11e7e52b9538ad683b6ef254 |
| SHA512 | b77762c9a6865422c1166b0d1a68fece9b717fcb58debcb0b76ca33c9e2c9114acb52c42a9c6878340fc4aa69c125c982dddf3bbeb5a02b918f019febef2c143 |
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.1401495569
| MD5 | 09cbd1dc825edb182cd0c1e483673538 |
| SHA1 | 207fe92b007b39c68883d3bb3938bc1a2442e51b |
| SHA256 | 9406fb02d71f3d848a5546e5bd34217e2841862a09b747f6917324a37ac3d2a0 |
| SHA512 | f4ec4c831223f0818c1eb12ff3975a4c4ea6f36a9e4f82a194fb88f8a91dbf4456f5abbdb8ee2a87496022581f3a5ad181970687f06da4e64c553373292c9930 |
memory/4360-4318-0x0000000003210000-0x0000000003220000-memory.dmp
memory/4360-4324-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Medal\.logs\install.log
| MD5 | 33f641ce9bcf78111173b786efb2ee8e |
| SHA1 | 0b788cbf7d94a95b9d898ec629316e35447dd0f6 |
| SHA256 | 392ba1175497c6c8b406db8c730150952acdd383fe2a71b5b3791d621c7d20a1 |
| SHA512 | c1f6f994e6123751e98a29d47813e2a17a461e15e68091a2d16f9fe2a7d897ece7eddce58ea35f384978cd8acd78a4c34afaf04fae24ab31535cf8a8e37ed611 |
C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v3.json
| MD5 | 1022010dfb92e817aa6ea168eecce33c |
| SHA1 | 00868113f54d637c4a705b8d788127fa3f927ed1 |
| SHA256 | 74c50f536f58b36665adc806880abd7b194bfa3eff64d294777e34d83924c7c2 |
| SHA512 | de30559710309dcd279b08d580e2786f52419aeaf91af529347bb875c96b8e3908e9e3c5aec0995576e650b85b1c3775bf210e34c4d0248ccd706f78b5889890 |
C:\Users\Admin\AppData\Roaming\Medal\.logs\main-error.log
| MD5 | 93a21b0e2e7615f07e3a7d5b130f1a9b |
| SHA1 | c6a825377f6aa04fd92bd7e53b7a65578c2127f9 |
| SHA256 | d42e5b9c508e7f7425986b574d82c2068dff222af6f4b474aab00abe820ded4c |
| SHA512 | dab871739e8594f029db8041b59953bab8da98ab83ef810fd77b941887b8f543c9f86a7e6ddb1c4ebb064886426acad61cc202187cd56f5b29a095717d73ae88 |
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.26429525
| MD5 | 73b7ca26b5aed5c023e69a48dd0fa256 |
| SHA1 | e694d4634cb20116453a3fe01f7b688dc7b591a6 |
| SHA256 | 66b8a64f16309fdb1c27338ad95768a93ab9f94a012c258b9266d152080b7e03 |
| SHA512 | 3aca30a75af2478abcb1da2e4c8374d92f8a86db814e7ef3265a1d173ed90b0f8f036d7aa258809e658455270e2552168df4a6b9e829892827869e709b7a8d0e |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json
| MD5 | 84fbe225f96190e9fd80dd9a3d36e25f |
| SHA1 | ce6a5a0e8b57895747549f1bed5277648c107df2 |
| SHA256 | 391f9f385e2d36c1c789100b6cfd6d6b45d0a0edcba093be06300e109fbb9271 |
| SHA512 | 31ea646e491fae44a6a04691e1174254031bb297d467172b84fa1c723936992436babe7795e1221f75121017a8d5327fe06d68b0bbf6160032e6e64c5784fa59 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json
| MD5 | 4d4e8b6f6727f6bdbb5fab5f3414f0d8 |
| SHA1 | a17a20dcc2babb8cf16e041490c1a986726052ae |
| SHA256 | a3017c1f2a273e3a0e1d51c331287fd3509171018df4cabce0cd86ff3d26b6b4 |
| SHA512 | 5113626cdffc990ec79bb485ab0a398de17e71c1ba13cbb12864268f5eb7a78647747586985ab64f97b23240638948c46c7559a68015140b7c218e64087a89ec |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json.576248289
| MD5 | 8fdf87cb3a1fb5d2d76c1808ca011e10 |
| SHA1 | ca09c60a84fb36af3f913ddb0725109390e0c596 |
| SHA256 | 06ed23ec98a413b210a147d96a53d8ca365ecfda2c65fc6d6e73adc5b1d2426c |
| SHA512 | 215c79b98086f4e22c4449e13bdbb68f3950c2fb6c5d5a59743b2de193b0e0d4fbc93be5c482df8c27e5578fe444da3ce2884167797196a9cff9d2ad9e89e9d6 |
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Cache\Cache_Data\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
memory/4016-5092-0x000001D1537C0000-0x000001D1537D0000-memory.dmp
memory/4016-5095-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/4016-5096-0x0000000000720000-0x000000000072E000-memory.dmp
memory/4016-5097-0x000000005A260000-0x000000005A26E000-memory.dmp
memory/4016-5100-0x000001D153700000-0x000001D153712000-memory.dmp
memory/4016-5099-0x000001D1536D0000-0x000001D153702000-memory.dmp
memory/4016-5101-0x000001D173FF0000-0x000001D1741B2000-memory.dmp
memory/4016-5102-0x000001D152710000-0x000001D152720000-memory.dmp
memory/4016-5103-0x000001D173EA0000-0x000001D173F16000-memory.dmp
memory/4016-5105-0x000001D1537D0000-0x000001D1537EE000-memory.dmp
memory/4016-5112-0x000001D1746F0000-0x000001D174C16000-memory.dmp
memory/2800-5120-0x00007FF770060000-0x00007FF7751A5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | c0d64351ed8335f4af050c1aee6796f4 |
| SHA1 | 2202dd83269961bc121068276abe13f206f3d203 |
| SHA256 | 3cd5264edca085036251fc396abff2963f7e94709365bfb6da42a48e5c967cd4 |
| SHA512 | 8a11b5a5a4929ccf4bcafaf2397763b727aafd3992d074ea6cc7df328e65b46acbe25ced53d4748909738edbc375124f08646daf54cbcbe0ba42b5ad11df8e80 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3671296477
| MD5 | 108dfbaaece2c4be12844ec7aa27cadf |
| SHA1 | 804c5bcaf817a749f525c2217a3036addb5c4657 |
| SHA256 | ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848 |
| SHA512 | 5f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6 |
C:\Users\Admin\AppData\Roaming\Medal\sentry\queue\queue.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Medal\store\game.json.1090117056
| MD5 | 5e9d4a14141254e3efb69faf060984dc |
| SHA1 | 858044159bda7c382251b893013f202b1555d84b |
| SHA256 | 0ca38f058974bad41361fd0c4b5753407b93bad83a924dd085f7ff9009cd6a99 |
| SHA512 | d8b5bb541650c14efbdbd90dcdb0834573fd80880329017243fb354e731a2d3fa4f52f72ff7ab7642d8615331194d5cc19cdbb5ab2c48ea3245af4c64c64d548 |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json
| MD5 | 85e87aacfa3518639d14e7d44d155f27 |
| SHA1 | 99545627fc0e0887ab04b85ffbafabe1aca15c41 |
| SHA256 | 008418ae69c264c53cfc6d02d9bf3d70d3596c21888c9cda6322c7ac5587e826 |
| SHA512 | f12cfbb2c4b5a654f8706bf1289390f1183dd84f4a6101e26c587861d6d87d83c733819a86932320adacabc3b877fd8a9139d4319f5f925476f3f8015a3cbcc8 |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3426242202
| MD5 | 6092abef46713067bb15ee113d8d1b6c |
| SHA1 | a45b39a34f9f760ad6ac14195b38b485e8e19f19 |
| SHA256 | 798967800161e8a9b3a909ac05dd4e98a344cb64291bd9c89525f3bce21a2db0 |
| SHA512 | bef7ce00e13160b97bb0c65cbcffcc541679303a13f3be95251305c4b0ca08e36752c58c9fdcff74ce2edadbe887ce6d947199dead4c2b56f8421edd5681724b |
memory/4764-5306-0x00007FF770060000-0x00007FF7751A5000-memory.dmp
memory/312-5345-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/312-5348-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp
memory/312-5349-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp
memory/312-5351-0x000002CDD0C10000-0x000002CDD0C32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u0uij3la.ouc.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/312-5379-0x000002CDD0EA0000-0x000002CDD0EDC000-memory.dmp
memory/3808-5403-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/3808-5404-0x00000261D0B50000-0x00000261D0B60000-memory.dmp
memory/3808-5405-0x00000261D0B50000-0x00000261D0B60000-memory.dmp
memory/3808-5420-0x00000261D0B50000-0x00000261D0B60000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity
| MD5 | 20fe6ff136a7dba250488621502e6037 |
| SHA1 | 70410fe0ce2de964d8138096030b1ab601405310 |
| SHA256 | 5dc0e5c456730aafe8a19968e11f3fcaf47eb7ac74c27ed7f8075b4921c45752 |
| SHA512 | ae3bb849683ca3f01c2a133823c3fba853ae8a43f07d81686df17697355c9f9ffef9fb1eb8134b6d8983a272d8a6a92b3f00699e32c19144a2117f5e283ee9ff |
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe587683.TMP
| MD5 | b1f7e92c7b4a4c45b7e6c76ecfe43f53 |
| SHA1 | 7f40a7031fb35c032b3f76b60da9e025275fb38e |
| SHA256 | 624aa2691ca971892b368fd06f79ae96b99423db1f16f972cfae76f091e7e621 |
| SHA512 | c517e88815b66f77416920739a4e490026a9f0231dfdc98befd0bb79981273a1cc3977f2b93479cd1b57002dc45eb7e849e2bdbc5f3a3842b363f7a927b6ad9f |
memory/4016-5461-0x000001D1537C0000-0x000001D1537D0000-memory.dmp
memory/3808-5462-0x00000261D0B50000-0x00000261D0B60000-memory.dmp
memory/3808-5472-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/312-5477-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp
memory/312-5482-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/4016-5481-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.2300573574
| MD5 | 654cc89a0e4c315ec20c2af420cafc23 |
| SHA1 | 19403497abbb0c6bbad7d192443a2fed09ce3419 |
| SHA256 | 506b47b40359bc616d9edacbcc0b23dc994179ea748ae6b041e09f79b3f0478e |
| SHA512 | e6a4711d88efc4eb38b2d3ea1e7afedeee56d89d7a7000fb03193a5e573964927a2212954efa9bd1572f98779d5a75be3b22eb725b4625728b74a18c46e78709 |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.1069051670
| MD5 | 0758fff1eb2e1df43ab6497530a99ed5 |
| SHA1 | 78547dd064a622270e82a564dbddde079562e616 |
| SHA256 | 5eaf4c6bb17b8108c4b1109bf78ae1204d2c749b5e5f91ac218c3d30fc5454e2 |
| SHA512 | 52566621051fd14ca61653b6790a37cdfad4887a4b0c96e8bd2ceb93a6ba0529131eabd76a06916ccea80f1d09875dce8e8084956d4a0fdc890f7ac9183d91ed |
C:\Users\Admin\AppData\Roaming\Medal\Preferences
| MD5 | b24a5c3e9b474ec0b8816641467a1d49 |
| SHA1 | 32288a2b1f84dfe42d960338ae17c5b3e5374ac4 |
| SHA256 | 8401d8b7527356b9f29e2d5b81e3c11e41ac6bbc9ec1856ca517c45e3c022861 |
| SHA512 | 73a944ace1fc7f933f7ce07e2f081c42e02ff9c55a6ced76312c8adca1ae4ed336916a061dc72aa8e370a7a8b50940f6b9aafeea3f1c64f19962cc4ceba8a072 |
C:\Users\Admin\AppData\Roaming\Medal\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
memory/4016-5556-0x000001D152710000-0x000001D152720000-memory.dmp
memory/4072-5559-0x0000023B4D7D0000-0x0000023B4D7FA000-memory.dmp
memory/4072-5560-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/4072-5566-0x0000023B67F00000-0x0000023B67F10000-memory.dmp
memory/2436-5567-0x0000016DCE1E0000-0x0000016DCE3A2000-memory.dmp
memory/2436-5568-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp
memory/2436-5570-0x0000016DCE740000-0x0000016DCE750000-memory.dmp
memory/2436-5571-0x0000016DE88B0000-0x0000016DE88FE000-memory.dmp
memory/2436-5585-0x0000016DE8A00000-0x0000016DE8A32000-memory.dmp
memory/2436-5586-0x0000016DE9210000-0x0000016DE9816000-memory.dmp
memory/2436-5589-0x0000016DE8F90000-0x0000016DE9040000-memory.dmp
memory/2436-5588-0x0000016DE8E70000-0x0000016DE8EDC000-memory.dmp
memory/2436-5587-0x0000016DE8A40000-0x0000016DE8A74000-memory.dmp
memory/2436-5591-0x0000016DE8E40000-0x0000016DE8E4A000-memory.dmp
memory/2436-5592-0x0000016DE8E50000-0x0000016DE8E5A000-memory.dmp
memory/2436-5590-0x0000016DE89F0000-0x0000016DE89FA000-memory.dmp
memory/2436-5599-0x0000016DE8F30000-0x0000016DE8F38000-memory.dmp
memory/2436-5598-0x0000016DE8F20000-0x0000016DE8F30000-memory.dmp
memory/2436-5597-0x0000016DE8EF0000-0x0000016DE8EF8000-memory.dmp
memory/2436-5596-0x0000016DE8F40000-0x0000016DE8F5A000-memory.dmp
memory/2436-5595-0x0000016DE8EE0000-0x0000016DE8EEA000-memory.dmp
memory/2436-5594-0x0000016DE8F00000-0x0000016DE8F1C000-memory.dmp
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gc10clp3.newcfg
| MD5 | 0ec06a441853e86c9d982b8f68606487 |
| SHA1 | 1ede33b2de031ddcd03fc41aa7836bc24f0e7197 |
| SHA256 | ad6484400c872b726eb949e0717db476dcbe248a0afbc36800b411af610ae1d1 |
| SHA512 | 39949b8815b5b7bea612f1b06677e591ac02f423dd882045edcb5c06a899480d3c003b3a21b1e48fd0a57fef812a2d328c8ea49a63f1dcb4b6d99fa0d171b97e |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | e37e2958c5378a8c6bb3170fd5abdbaa |
| SHA1 | fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f |
| SHA256 | 090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1 |
| SHA512 | 1e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\faz4nefs.newcfg
| MD5 | 628cf4e82c2a42bc2fc5116557188d16 |
| SHA1 | 55591041636cde6c9c899b959b4bc2d801862b91 |
| SHA256 | b9fc4886346c0177ee4478de3753782e311be1e7d3e6dc766a18f30d4e9456ca |
| SHA512 | 01dcc54abdcede979720c7d782c3caf58e83eac256801e580538f3096379e6eef6127b5f50f7223231d324e050c7af8131a010fbad25d002e00acefc6bec94c1 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 65a607111b0a52308e7b9a5f1c00811f |
| SHA1 | 8e86955e3255d40873764918e4e976e83649f24d |
| SHA256 | fc0c785e8add0f9344790081c244ade719e8ef34feb57b1be98d5c494b88cbc8 |
| SHA512 | c6a03ccf6aee79ee7845b92cd8feaa64beae2afdb2945a6092a0dc8b3a54cbd9b6dbfd223bf173faf2944f7da4cc54d3a4848a9c2388ca2af300ddd3217bbf4a |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 2d8e18900dac5ca2bdd6e42700802b90 |
| SHA1 | bc58ff899738a7b4ccf442aa66122a44f6fe90d6 |
| SHA256 | 49088e692809f57e1bc72e585574dd43d7d9342dde8674200e04ea79a0aa8cee |
| SHA512 | 45569fc5bde0df0f10838090a48da3d0baddecac55c8fd846238a19325f7f6d3429dd2373f85c0908f102f7905e5fa21cf6da11d01be9dd044d86f951e557065 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | bcd466a2a46570985dd3932978436d8a |
| SHA1 | 41fbd36c69b9e2d043df86195d6a98e865e8b179 |
| SHA256 | cf6f236dcc64edbab54a70061f1412c47a8788e2ae3a269c460799e99c9023c7 |
| SHA512 | e44ddac039e13af105e1db45e6d6b10a50da157c575d13393cdf474c1f61f4bf61a7fe58c612305e8fe795fbb2076d8959227975d94c9cf87db7e70fb4365657 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | f698aac97199bbd7889af5ac112e94d8 |
| SHA1 | 52a4e56ef10a1156fc95bd2e79ffef75bf738d4a |
| SHA256 | 2c0d3745b1aef9100c0c698f47c1ad3ca5b1c5ed21e316bd9280b761514af365 |
| SHA512 | 77bd2841bdcefab1c0d9dfcba6cf96996d42e676bd0f97dab02a5ca2ac7f94b063b5ccd3e7d2f4bf127f412ce8fe9c1a67a87973a8addc325b75f189044cc54e |
C:\Users\Admin\Documents\Medal\MedalLog20240404.txt
| MD5 | d18c32243a75c105273273872328ff30 |
| SHA1 | a76e36bd0a11f77e68ccf247069048cfdf896595 |
| SHA256 | edeff54dae917545a12775f9f3622ef1d2d42ce471a4a039563be85fdeae81c5 |
| SHA512 | 7973c21c10bbd25ba2fd50cf60bcfd35936dbb18d2314ce39c6975b5cbd202b0646a844f05a30f40fe00cd36bf0b2b8ab21b43b28e8a0858b132d2f98ddb37fe |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 24f11181e5d63e9e3598c725415b85ab |
| SHA1 | 3f232b4528c9e484a1c4c3e873c96ee04ca966d6 |
| SHA256 | 441f24b6a58cf5cdb1e4689dd05bc7db362857f0593ca2a34ad9b7ad1cef4015 |
| SHA512 | fb8136933c742861f42bb53169ae2ddb49fd9a28a459f9c82430d48e11597e8517ad5122b85099f5e2fd3d26e289ea3199a7394e67a0daeb1b51b9633cefee08 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1562530733
| MD5 | dd351ed62db4a8a394472235981c9310 |
| SHA1 | 69393267f1397229de6270098500c187260c55c6 |
| SHA256 | 9a971129bc78435f744708faeddc859f2b1f2fbd8909ec283cd1ae698269f996 |
| SHA512 | 05b3c94d6f3604be97f3ab8b8ecd4a04f144a878a2a89f0720c9f38c8a1f3e2039160c0b5f4e2355745417ecdf641d085ae9c25f708cfff2635ac114bd39c659 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\sijamaud.newcfg
| MD5 | 59499ab07d51a5edd5f9497be346afb1 |
| SHA1 | 9a6302a508023be484092ed2b4dd1c97a56adfbc |
| SHA256 | 8319ac8d16072cf7604648c0cf68ceab8dda5d8054b32067a03a299f8d45d255 |
| SHA512 | f5972ac1a3601b29eace98b28f2b00b6bbb7e9ce237870e53b7554cbc52f93002c25558297b6fa1af4ee42126d0fd0ea81ca649c9fac8dc8b318ec6dac51d891 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zyhj2ldr.newcfg
| MD5 | a813d584ed732484edc5c716ad1b8571 |
| SHA1 | 305fc9593a6d8989f63442af76cd8a90c66c11cd |
| SHA256 | c9a1440e9c8e518dda04df02550fe09e043dc94ebe5206808245df39a425ed22 |
| SHA512 | 578f64e39466633d9523b43824e10365e96004de810e65d0dcf0d78d7f2f15a3e29a0ba9f59412138a56e0c7720edd60f2752d1b943e055686d19b65a83bde62 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\ftmfcuug.newcfg
| MD5 | 5640ffabffed42252fd9845ea6c39676 |
| SHA1 | 8ec512b334a32a18733b2a7d9a30fa5b27607110 |
| SHA256 | e1c2f6bbf30f062c81b5130e811a47c2be735d8a75b6ce53d9109fa4903e7823 |
| SHA512 | 23b47ea59c2685e2f4792e3b34988366f75bc416774003e4d12f185eb92c485220bbe37e0ef1148d51b89da939e4d601d7858b8ca223b82c5ec988eacbc379fb |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\spd2jx2g.newcfg
| MD5 | af61f9ead86dff1b15aa4c9cd24b7081 |
| SHA1 | 1f45b301846c603ba2c843670d7e12be6fb085ef |
| SHA256 | 0790f2ee181f585de8aaf43a2725ea4955b589c073d968d028fdceddac644662 |
| SHA512 | fd7b5249486116abdc21738c5806a1121a6b6cfb745ad2c950fbeb2432fe4a2e13078481fc960177426bd9e96d8a7d7181e9dd20bb68cca50302ed509fbb1ded |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\bbgoasdj.newcfg
| MD5 | 8656effdf9859c3160438fa8da784ab7 |
| SHA1 | 6f68dc84d7c4d45daef46fc1d05b280be68cc58d |
| SHA256 | 2c3d92cf68d895cc2c81a5d1752599ecc1374aef23e5fd80d37d74cf1dbc191a |
| SHA512 | 2b3aafe605265a1a3b13b23a63e21ac0ab2747ca43ffbd187e364fc39091791a27aeb2c690573c63e795e838677ad7deaf22bee095deeb84a95446b7142e6da0 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\0pzvashn.newcfg
| MD5 | 20a3c7d173e99a876a2831140b9b4fe7 |
| SHA1 | 17d4442f6d92b28ddb6863ff1a625ada962cf242 |
| SHA256 | e869de4fbe06c31fd277beabb6e415dba7103e109d08b4d98d918c63ab20f893 |
| SHA512 | 7af6c4609309fe8ec7731228d1dffa7ec4c87def93680b8449e33ef535fe3af576c97000746e069d301c422018131ca814dc81374eec7807fdb2ce98ca0ec905 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 991b628d4f9050dde04ee9c9c52808fc |
| SHA1 | 83a7d730dc275bc4caf496128a3adc0f42622f33 |
| SHA256 | 5e155dba64ef96c9032d95d119c1dc59fb99bda90cb9ba062d64a09d14ff046e |
| SHA512 | 3adcc34a292c08401f284b59d9042b43414d7af22dee9df2fb169a3f12f438a0d1495724a31e7b821d1b95888768ef04b94c1c31d9afda59d6158a20f67b749e |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\2i2uaa0y.newcfg
| MD5 | c525b9acfbf367b1917b18f4209a4d52 |
| SHA1 | 3867797f3669e60c5321b88d2d76126da7d25143 |
| SHA256 | f27d422efa4153978cc4e7a4a9a9fa1eb6ccabc278fecc284990ad5eaec916fe |
| SHA512 | 634c17f8080fce4f5698ab5ff578fcdcf032863021e6eb557acb9c49e4cfa566114cfcee57896203958cb31af03bc926e11db829913dd890848c8a514696de68 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 594a3b8db3afe733ecec56da16323cf3 |
| SHA1 | ea237a61ddc5ff02f06a926b9ec1a5fb51551ac7 |
| SHA256 | ba3551845b942a6cbeaf5ff5be80681b835397a2e339196ecaeeed8f87fef58b |
| SHA512 | 3d0cc833da3132c89949fa6e7cf79cfd3a1f13f34e55e26f5cf91b4b2ed826f1fbcfbc7964fc01012647ab5297ad89bbb7e6c67c9cb474798ba58ed0b1c2486d |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 99954bad6f7f6e9dc546c9ee5c6a6cc2 |
| SHA1 | a467f0e3852c562c05eb84b91b50f124c68ab61e |
| SHA256 | 98e3e082709c38e29b8f4ef76962de2c3ee49c0bebb1206da075e89ff31a9bb4 |
| SHA512 | a19466885fad6eb133d9b26356716a6eee8080acbbf62ecfd8942a35de6bab49c3202be0e22d135e02822a07175ef5de2fd728a5fb23a460a7d33bcfa00cf8fd |
memory/2436-6005-0x00007FF890490000-0x00007FF890D80000-memory.dmp
memory/2436-6006-0x00007FF897820000-0x00007FF8978B5000-memory.dmp
memory/2436-6007-0x00007FF897750000-0x00007FF897812000-memory.dmp
memory/2436-6008-0x0000016DEA680000-0x0000016DECCB5000-memory.dmp
memory/2436-6010-0x00007FF8976A0000-0x00007FF897746000-memory.dmp
memory/2436-6011-0x0000000066500000-0x000000006657D000-memory.dmp
memory/2436-6012-0x000000006F040000-0x000000006F074000-memory.dmp
memory/2436-6013-0x000000006DB00000-0x000000006DB17000-memory.dmp
memory/2436-6014-0x00007FF88EFC0000-0x00007FF890482000-memory.dmp
memory/2436-6015-0x00007FF898930000-0x00007FF898960000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json
| MD5 | 6f73ba284c314b3611dc9a4b038d87c7 |
| SHA1 | 477d00f337956e319474087ca2756c19691555f6 |
| SHA256 | 0595eb24423c944144f70645c86f260e46fd6412c1dbdf5ce8386a6cb6fa111e |
| SHA512 | bbffc1a5bd0bc359065aa94657bc7952ebb490512ff0aac6df990a5268041393224f653f30f0b20853acd4bdd51c27f335c555274440072df619a1e2cce25d02 |
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity
| MD5 | 75a6ab019416e5749856d1f29c0ccda8 |
| SHA1 | 69ae2000e8c09b8e088619c4e93140b8d511f41a |
| SHA256 | 8b9f94874c72b0d33985921f52e29baada553a9f80624e4527a4a82af0c92d17 |
| SHA512 | 0cb125d5bd1e8bf3d883a203df6c0033e7cb0b9497ed42ce4aa4ea9575aebd4cc9f5c02c44a7ccd725de1690d50afc60b81d37f19a175747ac190202f03fc145 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1884449134
| MD5 | bf6defdde8b70269a61041e71d855c7d |
| SHA1 | 5dea507190adc6ea540e4367c4d1a3337e8f81eb |
| SHA256 | a6c94025bf1d3be1e62abca3506f49a26f289aba1208b97a04d5fbcbff85f04a |
| SHA512 | 69e1d0699eb8564955dc76f92b38af8afe181e50f967147dec389054530ec58b3f0f15f499168509412ee1d275fecb3364b164ff2efaf8022650335387eefae9 |
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.3033424975
| MD5 | 7694684c63a3f0a3e498cbfdf682de8c |
| SHA1 | 9c982a87397e0dac7217b0630c7636d8ea354699 |
| SHA256 | ecb49eeaaca47d0f0ddc9440bd1655c99001f951e63eb9bd969574dba85b60d4 |
| SHA512 | 4411f7d263d043724efbbbc9c1c31061aff313d32089c14a4d9fdc92516cf9bc871188318818b656109735bc3fb822e003b87007582126f04d233d12251b97ef |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.2979689528
| MD5 | 7abeafcd67c6ff0487f2da9882a954bf |
| SHA1 | 80700e8d03325542f0dfd78788a38f837e48e4f2 |
| SHA256 | a20a26ec45668630a17387ff9f794c4d6fae15b34527427e38cb42566508d0bc |
| SHA512 | a30070df3b678b86a9ab7ff1ddf1950ccf92fac8082015eab77077039d45c58aba6bdb803c914bd98e46891aa728f2c42254906643ad016829f0e980b8e52542 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\po0xiw0i.newcfg
| MD5 | 9d7d1e9f9d2deb27c01a724e1069f2b6 |
| SHA1 | 169f8371c2efdc209ce72398c4699b1fe4b6fef0 |
| SHA256 | dcfd028b4131f95c3054545902f924fc34b3c52f79f8c4e6316850528db4f649 |
| SHA512 | 8179098c960f7897656b442d4fd99fdd0c7adb23d596bd674ebc8d02f679bbd2559510d949b585981431137022676666c8bc3fc7bb8639197530d67c92e5c289 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\muro3ccz.newcfg
| MD5 | 27fbde42b00f0a9c01715251b7035188 |
| SHA1 | b05881f2c53bddc746e8c07f7e8df43de9d10b52 |
| SHA256 | ad638bef10204cf28b0107dd0af667a89e21fe1d9e05a3a1f1fd98f9c4ce1048 |
| SHA512 | 290c30ca1662ad1040745222f7ff359b42182c7e9391f87066c963bc68dde2657b6f08ab07ce7a0083f38f816988720a29b96b716f31c8d9a5824d3fc3a519d5 |
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\UpdatedGameInfo.db
| MD5 | 297a27d82811a3766fa969c297ae1a69 |
| SHA1 | af93c3e8ece23361ca24a0542f06bf94d5f0f36d |
| SHA256 | 31bb262511246a145c2dfe4e3bb4ac54872e7bf2222807713e8abbff10fd1d4a |
| SHA512 | fa6181019626035562e2aa7f6751dba642ac2067c78f2826e8f5da27f968e98044aee5e4cd7c0a9a03f624475a45c10100bbd59fa8b57aee471c4f6e05d60227 |
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Updatedindex2.db
| MD5 | 17c5862bac88d5f021422ff9a5cdebae |
| SHA1 | 370ae08c4b41577d8eaf17726ba84678ccba8498 |
| SHA256 | f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94 |
| SHA512 | 308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c |
C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Updatedevents.json
| MD5 | 18e0f66f3d09939d94b9a7c18d23e9f6 |
| SHA1 | 2e6da2aeab8b647107d36b57ea9a687b46100294 |
| SHA256 | 9f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32 |
| SHA512 | 57eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\pw5qckin.newcfg
| MD5 | 25e475da3f0474f3850df860f5390f56 |
| SHA1 | 3c2f73a4162e18f5bba3436a30befb631d5ceea4 |
| SHA256 | 8e9819e15413149842865d1b214c56a848f9c35b52d6277ebbbd7ff40a2b6a56 |
| SHA512 | 2aa1b2e2961afd4e65b7e742fda3bc523d2fb1563cb785215671f8cfdd14a292c5a15b6108c7c1689a02898a30d9ca571c41f13d3bd5ff7cdc4d22fcf8a51730 |
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.1169483475
| MD5 | 0d8d560b03158bfd0f251e828f8954cf |
| SHA1 | ad59a080222425281a8810114202c77b221d799a |
| SHA256 | 249817a35bfb8694a63e774694aa48072cc8dbf058f2f9f267e73678b4466898 |
| SHA512 | 5ccc2da369bbcad93202f2df7f78358469935b8139839f2ccfd90e910aaa06bf4650932841cd0ca37d856d0679dc581fec0d25d874644e33777bb30b9726e8f3 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\hz3zshot.newcfg
| MD5 | 55f6f79473fef5cdb6141191b88609fa |
| SHA1 | b69ad3c6f0d0eddc700f48db9109b25a3fa189e4 |
| SHA256 | 605dd271093b9e956d428a22959a8c1a039854d3f7330000c02991b4c48d6293 |
| SHA512 | fcea4ae4a5b4249843159f734fa8422612f95f4b08b41f44b57f4dce91f5cdf6ea81a125b25e9baf0e46149deb56e2db456c3e1b1fa3e17c771630ef08daac65 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\24hz5r2t.newcfg
| MD5 | 65891223196ff7a8a65981d393627455 |
| SHA1 | 9dfa850d674c1d6a775a5a35d831b14cc75aa1a1 |
| SHA256 | 940ba892cfe7a54d4534cf8d05b0bf2e6112c88e918b36e6b48be483565099ab |
| SHA512 | f3903f33b244f86cb2e2bc9162fb9f5ed38ccb7770a3718f9ced65c9fc3974497956cb2d3f6f138606a1c64d807b4b6a684e064961f7e06e1f8896e4830fe94b |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\m0ginpab.newcfg
| MD5 | c812408644361a4278418b18812d7ae6 |
| SHA1 | c7f636ce35ad1f814b02df4cd2ff7ceebfa38e3c |
| SHA256 | cfff5a743ffb177b6bfacf403e24b18a51406df83de2f4979318858d9d7d33a3 |
| SHA512 | f23facfb3f2d14f25b883daee453dafe7feb468dd948f6024a8b77fb67fd66beaba146e13ea49730c51f388560f66d51f431ac4483c1315bca5cb5832c128cbb |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zvmensmp.newcfg
| MD5 | 005373147d15f0d7f5d816c5638db613 |
| SHA1 | 44f91c2826ed0216a6af96d1f62ced8b854b5017 |
| SHA256 | 5ebf1b4d711f4f118b435e28a1359cf9ca9b6701d8c3098fd7e2b5ceb6247450 |
| SHA512 | 4296ca2c53468ba4b997bc14e4da844ac4e3e3ea84657bc64c215d596b9cf2107f6c0cc5558b2e8ce5e981a873a24cfcac463c30b0150363a3de5703da410323 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g45oun45.newcfg
| MD5 | 39320e1fa196b4035638e4132047d224 |
| SHA1 | fc5752c7a3eb7cac2abe11440cb4fb613ee96adf |
| SHA256 | d77ed113ee7f867538af5ea3b47338ac11066a8458278dbea07c40a4322c3e80 |
| SHA512 | 1c076208db9270b38bd631f28732063839e975985e060e9d44790f6b92aaee70b392052c8f0c3f3656cda7742d962517c1ea9aee9d623b148b4c8703044a8d80 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | ad99057706dacdf1cf052814d201d864 |
| SHA1 | 36cd75d281d8efbcf9ec2bd0605e90e8a42a98a7 |
| SHA256 | b7091f9eb93d4d21816804a2071e682c48c74e3c3636e3036145c4879905c0be |
| SHA512 | e52aabf4219dc1248c2a827ece6d880f007dbbc675eb6e1009494478f235b1e30981fc3ffa7c2cb745554590c42164f2446bb5b7f4da721d42e771a9eb2d7747 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 7a90407392b790558254ffd114cbd515 |
| SHA1 | bcebe707721974bb3c34aaaf618992e16faaaec5 |
| SHA256 | 66c91d490b77f9919846dd3307e0c158de8d3465dc255afe190f01230abe020d |
| SHA512 | b92bb867e64e0bc85856831b890fc8499c0cce00a38bdbc9670ee535d82965866651ef984d119c187d92911a567587153aa8e199b25f0deb610d612a9c4efa77 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 400084807645bf21292bfee95ac1f409 |
| SHA1 | 97b066f34c9179a634fd47e4d7d571b3ed34ce4e |
| SHA256 | 14f83099f1346c12943587e98b98694ec97dec394941eeeed0361b6c4878d672 |
| SHA512 | 1f8e58f023759d038e7f0a4d7f496ae68fb9a34224d05d91cd4eedd4180c4bb7c651c98b032a847ebdae894791c875f01ccd8718866dd6a59f7b59f0557952c1 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\kkjkna0v.newcfg
| MD5 | b5c3582e33215c70abd10db82300a8f5 |
| SHA1 | e920b3236969536c7ffccc3bc05c1530f4b61d58 |
| SHA256 | 1b98e91c882c43bded176d76127f4128450ee8d447e0e274c5d8673175e57445 |
| SHA512 | 78bfe0a5c1025b1ccb26e8ee282ec2c64e3c05688ecbff4f69da89699a5765d7c7ca6418cd2207cd34302cd687b927a057202514f2f2bf09e7fa2a5488398b9e |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\rqskwbpg.newcfg
| MD5 | 68e509701e6c5810f2ef1e11cb33fb7f |
| SHA1 | fa14eb8326bec7ab80faa1e878efce5641eb3d79 |
| SHA256 | f156ac9b166f68b6802a7569fb27d93abdf401d2bc82cbb59c466719e0fee3ff |
| SHA512 | 3a2755ea2779c3e1b434789d6dc0dcc1149a6a51c2e9a6ab796f2f44394aa1eff608eb98eed498cf248bb6321797d1456d4a0e2dad2947578886a9b2f8254581 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 7a8bcdcd41dbf91d0e7d92c317043b95 |
| SHA1 | bf99eeb933c0968748d8509e8b811eed3f0a8111 |
| SHA256 | 1e666897581bacb3dd0fdb4e68a5c03a0faf162afd85e7d53ac0602826d897b1 |
| SHA512 | 5a0ee4f3b0eb59765162dc53a70f3378d44bb399656da2f86f3cd17bca53926aaa37a6532d5f1ca03b321551e94cdd9425258ff43a96b902faf45f68190ea5e3 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 4e442a7e11ee45fd63ef4b4c3ef7bd4a |
| SHA1 | 5f419f656228f1179ebabdb54d3cf1f7cc999124 |
| SHA256 | 1ec477e955a60207fa56335d590acbf57ab300891b3643c6d03686524d902b2d |
| SHA512 | 2c5f8e2c329fd7703df11e5d66675bc131cb903728231df515e747fde564c111884ca09a36c7035bdcd9dc5b6293d17e38a46ac38ac18c5f119c068f50351e98 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 610a8303a2176b4e29dce1452c605a40 |
| SHA1 | c750a3a58f43fb563879af0f2f6b7474d09bf693 |
| SHA256 | 0ee682af95d59d06095c633cf5a21dd3d176db43d83ebebbb5cbf885546e6b40 |
| SHA512 | 7f12a07b47091219b95e01b8396199f1bea1df0b5ad279df1a506a907e5d8cb59fd4b307d87d28763fd60198433915bb62a4aa351ef000b8a2e914cbc6c86cbd |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 22babd7c4abf0022a1704c182aceea35 |
| SHA1 | 6de91bc5f44be0fe193a7af3e0632d0a2b967f0e |
| SHA256 | 2c6af1191fd4591ff634714deecf24b0afb9ab5c59c27f6bba1bfc8eb80a7e00 |
| SHA512 | 4008d96b066679af23d53e0540619135594b86d6d9245b338df4fab445f364ea37522fef6f67e1665d2ea0509aa5cf41dde6a65862146055e8fe670ae756f1b1 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\5dmuzmyj.newcfg
| MD5 | d40d22417fe17246bec287155c710d61 |
| SHA1 | f6fc6e116e26dc44a5010f56e7f3493370a39028 |
| SHA256 | 158d4f3739e76e27e44477c0d89075c33760e7f4901a7211db750b58f5509aa7 |
| SHA512 | 944492f845dd3604e0b4edfbd5bdf8ca29830304bdb5ff11dabc197b333df26c47d10159b0330fcc8c4958bd555fc5177cb4c15ba3d773059b1f63fd82258bd3 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 2f80c9a91127cf5d71aa977839fdb917 |
| SHA1 | a5de8bcd83202003734a1ecc5f4265f3b8c4b098 |
| SHA256 | 5cafe494e8ea05675fee77f18003a71c5f8aaa5d1e5df8617d9a1834518f391e |
| SHA512 | 46a0b6255087974311bff97bd13c84e9e3c76d8507f69283315c92ba0af5a4bdb035d2cfc9cbbfcf09f01086fc10e8dc11ffbbb45fc39140482ac99425333543 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 9ca9e3bde1030b4ae7551a83b0b5cb1f |
| SHA1 | e210720a1fbb996da49cefaba5263beaecc629ac |
| SHA256 | 8f021454e53081a35a9ee879c470d5814f5198236103985814902c2c3eadca45 |
| SHA512 | 865722563fe0ccd51c724dab071002f4f6ebde5360897204144dbbbaa223fa71a4ddeef425fd1ef8a81515fea151f7d040a5159efcd76797c50e753b2d46f7c2 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 6955dd6caec21ad3833270782fa48aa7 |
| SHA1 | 27577d3dd48de1db2aca7422d3d07f4cf6647cdc |
| SHA256 | 6426d82db370e00c1dc98c3a4c0b307c156ad284fea7b213250045c3423c6ad9 |
| SHA512 | c1e3b0fd4805d1a0e52673e3695af2f7a060643c300fbfd956252bfd644f6754614a091948af82dbea8d0bcaf73caacf564fc12b736a763a7a8af4e7c037bf22 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | d349b0fc8e7ba3c05ad77486de44fbf6 |
| SHA1 | d95f7933b6e5b1c5492bbb2cdb3f1490e6d24e8a |
| SHA256 | be07f46be5052b732e23fabf78745e3628466cb05907d5ca83982ba1519d42ad |
| SHA512 | 4eeda682b970e6b7c2b779d8832633d8fa13d88e7d6f4ba50e74edb12e438ee74824058d93dfa27f3a79669b36688913e3106039dac370a6af262036d5d9d82b |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g2e3j2ip.newcfg
| MD5 | 93d160871ac21a4c972125e1534d59cb |
| SHA1 | 261d363e401305594a802b23cc71998649b6a1ff |
| SHA256 | f58e4f9e1257f1c6ec3960aeed4d12f0b6d1e2015472b6d84bdfa4ab0564574a |
| SHA512 | 941c71b511e3405fddfa31fcea4fe24ece035e67517f7ec9cf0342c3916bbfd087794f04edabeb6fb9dfbe5aabb33b2f6cf5ed1cfa4b2f2432f3a5cc05ba67e6 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gnszpvf3.newcfg
| MD5 | 17b1ca8545fa2503672fad4a0d8cab4f |
| SHA1 | cb10d57c9f4dd8062ee669e7eb8d196ae501aa8c |
| SHA256 | d16072fa13d867275e3d8721f9f3f5b91144abe4cd32c916eb69ece1a0f1878d |
| SHA512 | 60ff76134306fe1dd6e4f1815a47961d89d8bd51637257febfb9a82aeb57ae5482967ef1decbd4d0fb5484780de7f505da5243ba4ccb75e6b4993d18e92301cb |
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.836920394
| MD5 | 9c91830a2ccca45a9c67f22d54dbd9bc |
| SHA1 | 961c68182b8a6caaf31a9bff77a62cff6d599f16 |
| SHA256 | 787b38ea664adf0df801ca69f3ce7d15b379940919b13c80512406daac17b63b |
| SHA512 | 8a13ca8c9844e0f3fdbefd06114270ac19acbbe22a423d6f6dc8778f907d68bb5117c0b6deae3fa26e33cf39f0c8a73d85f48933f5d7d6383fa407bfe90d90e0 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 895ccc381a068b5ebcfd561318ba608c |
| SHA1 | c7d2d3d663bec40256ca27b954b5504f454a3676 |
| SHA256 | c801ffa6e7cf71f10eb9f08833c7ec002fabb755f69e9fec92a389482dfeb4c0 |
| SHA512 | 88716470423d520e99b2f540e3f3b52e6ba231a1606fa6ce2296de57f98826a082ded36ff46bdce9285980c76d0c7c774aa7b7a34e96928e97a055b971e73393 |
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config
| MD5 | 4c419a50cc9fdcf80a011c6fdeadb3b1 |
| SHA1 | 89bd325e968bb623c425471e04f71e415030ee9b |
| SHA256 | f31a4826a8e3cbe0513aabc3a239f8325f005cb5404baeb7a57ac81f7001117f |
| SHA512 | d1aafaa82ce1f521969f38d4717f2082b2bbc1ecb6b5515294978dee2bbf44ee27d92adb448d74ffe1aa480a6345c1d234855ec9a0bd25011763e5edc3f25df0 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 4f80c077ef8407ab87d333dc55ad9b30 |
| SHA1 | c750411bde1b390dc3dfe9b2d01425c5b7cf14f8 |
| SHA256 | ab8476472937dfacbdbec756d8641e67594b09dd53cde309ad41b9e1364e6b30 |
| SHA512 | c766cca6abf5f52fb93f2600729711a27b3ffa03129b80c6279d35ba649c7fa5f48e6c7489318136a34eef631d253d4104763eb873e7fd7737ebfb229e5f99d3 |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | c9fe6c769aaa296cc9a351b11c1107ad |
| SHA1 | ceb568cb12a48718e8969bace8a756fef2d82269 |
| SHA256 | db7953d8eb3fcf4257b69d0f3b276f09355a24ac0f05f766923a304d10fba4ad |
| SHA512 | 21f6dd5cba36608279dcfac4d7d1d4b701c25378e648f17be9c65e6b7b58f614c2fe410b047fe9ec983fe971c80e0b2c639b6d418a7d7599756f4a9e0d03d16a |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 5054cb1ad9c51e458ab7b269d49814c3 |
| SHA1 | 9509c28cfd523b863835f1429ffaf258d049b109 |
| SHA256 | 2e527a20cc06b2c42330fd0bff0686706cab3ebeaeb037ee0c5535d7b3173083 |
| SHA512 | 4d1f4acef6bca053b29d5d08c8aebd121de2553002beff16760407a45b39cab0a0da0483af9f99243720989d6d6295c1c4be78da1ec8558c75cd3af0a4897bba |
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json
| MD5 | 3c8fd983d66f35e016defe2ec41ea9bd |
| SHA1 | 478747493ab99eac17541c3a3da94eb378584ea9 |
| SHA256 | b92a6a00e7aa146549a4352b8e0063107efef4a0dae3972a9ac072588156fce6 |
| SHA512 | 17810eed41d680288fcc56d683dec768c91d863c436f10cd079aa2f7b105644994ce44f741aa613b551c6b6ca06e4d705ed05374c595501f459c51d13fa9f622 |
memory/1864-7557-0x00007FF890490000-0x00007FF890D80000-memory.dmp
memory/1864-7559-0x00007FF897750000-0x00007FF8977E5000-memory.dmp
memory/1864-7558-0x00007FF8977F0000-0x00007FF8978B2000-memory.dmp
memory/1864-7560-0x000001FDACB00000-0x000001FDAF135000-memory.dmp
memory/1864-7561-0x00007FF8976A0000-0x00007FF897746000-memory.dmp
memory/1864-7562-0x000000006F040000-0x000000006F074000-memory.dmp
memory/1864-7563-0x0000000066500000-0x000000006657D000-memory.dmp
memory/1864-7564-0x000000006DB00000-0x000000006DB17000-memory.dmp
memory/1864-7565-0x00007FF88EFC0000-0x00007FF890482000-memory.dmp
memory/1864-7566-0x00007FF898930000-0x00007FF898960000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity
| MD5 | d4f2a60afa0606dd4373f448007b3bf3 |
| SHA1 | c2272f0822cd8f20b5e6ef2ab389bb0f0d05422d |
| SHA256 | 3b0b66c0734067d0002951a2dd923d2bdfe7c16636c7476e134922ead1212e7f |
| SHA512 | 1c99012d27285dd79c189639df4e1e2c7ebae1364596f5d0fc291c95d3d861de88dc874164e73bdf2cbfe53c8bfb33376a1cf08d997c63c8041c09a78e8e0f8f |
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State
| MD5 | fae1e6f41730c4fea299014197e10705 |
| SHA1 | ed0cb9f7b9b4bc89614ed35fd88ba3b1f885b9f1 |
| SHA256 | dd3b8464988572987b6877dd39d54af331a39a6432a33a376df89c93704a9ec3 |
| SHA512 | 5f598d293be11df3a154a6fe70281ced5eed5c59ed1ca3733581f6487240300b8fac4cc3c41019c071b189289e66902810a04bd8fb218afa8bd30f43900178ea |
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity
| MD5 | efe1ebcad1952cf1012350baae6813f0 |
| SHA1 | bd6079ccb9e772e343265aa091ebf240cf53be03 |
| SHA256 | 43b326c1eb70d7d90c44b988e6943627801b1d7ad5f54f281976aa79b7d74aa0 |
| SHA512 | 566ff7384b1bf8ee41d7b8774be518dddf74a67c39dd66436d534d2070e5e9571d62ce13b050db09582b11d9284754bc433e817cfa3057cd91764bee6440842c |
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State
| MD5 | a4ce8f459fc3615a2717f3a7a1f5ddac |
| SHA1 | ca831dc1b08fa214d42e4cdb639c5977f101c489 |
| SHA256 | 9ed3ed69aec326d675c04ce075e9cead064f31d255352a6ce839695468617857 |
| SHA512 | c2ddce8dfb11374de32db1884046f90e43c7f2b743606f3513dd825397fb74c8e759deb9529cc8fc2cf260c9773d625b71e6320d79f6e87136f26c949aa461e2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:29
Reported
2024-04-04 13:38
Platform
win10v2004-20240226-en
Max time kernel
92s
Max time network
118s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-install 4.2378.0
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x508,0x514,0x518,0x4e0,0x51c,0x7ff63aa71898,0x7ff63aa718a8,0x7ff63aa718b8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
C:\Windows\system32\reg.exe
reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController
C:\Users\Admin\AppData\Local\Medal\Update.exe
C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=2036,i,9196610571524264587,9503335970829697244,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,9196610571524264587,9503335970829697244,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.medal.tv | udp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| GB | 104.86.110.209:443 | cdn.medal.tv | tcp |
| US | 8.8.8.8:53 | sentry.medal.tv | udp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| US | 104.18.162.67:443 | sentry.medal.tv | tcp |
| US | 8.8.8.8:53 | 209.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 104.86.111.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 67.162.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.111.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 57224988f28efe075be1ed9d9dd96a19 |
| SHA1 | dc77165aadda56a212c999b6ce668ad020d6a920 |
| SHA256 | 25b35db89d1d4bb7fbc719f5ee37d0578cd0ab0559585c45c33f2721b13a8123 |
| SHA512 | 37968b63e2e6e843207359de06bbd3160b509d8a0de780a4908863747940730e222923241472cf7c3e897985b71e4c98a0e4a5e67205ad240b37c8bfc27d6188 |
memory/5072-9-0x0000000000840000-0x0000000000A16000-memory.dmp
memory/5072-10-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
memory/5072-11-0x000000001B7D0000-0x000000001B7E0000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 61792456a528e8d4e83c5d79cbb011f8 |
| SHA1 | f32f53deb042cb86e2141bbcab1724dbdb46da74 |
| SHA256 | 9419ef6b8e251e3f04ddb39f43ccc7a77b5e9827f411f0c8bbb0fb6e9f305cf8 |
| SHA512 | c8f0d74a05160224f05a85e8573f8e292ea2b444ccb374458a5ae9dce0ea4078d6bb5dac0079af056c4e21a0e9dbf77986d6f8adfa254483b74ff3e7c0820db8 |
C:\Users\Admin\AppData\Local\SquirrelTemp\Medal-4.2378.0-full.nupkg
| MD5 | 1f1afe3eaa19389e2923984d2e575218 |
| SHA1 | 348302752f6869aa2b9b67e891847d8939c18199 |
| SHA256 | 71f1bd8cf6b61d7b11a59e0abcc28583e8c092b6b6ef80b36f438ba9caab302f |
| SHA512 | 5622fc962efa3e14f19798c1cc0e734eff28168424f9d1042122947bc895ef57bef8438a5ab1ad8505507d5fcc55514e3d66bf532481f162ebe2d17c068ef428 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE
| MD5 | ea817882455c03503f7d014a8f54f095 |
| SHA1 | dd164bc611bca7ba8ead40ec4c2851081e5a16b9 |
| SHA256 | 1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39 |
| SHA512 | 0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js
| MD5 | dfb2813673ea5279a9aa7305e5fe33f3 |
| SHA1 | 6e6491c1ab3389433d1b39a33b3ac8760649a2c8 |
| SHA256 | 5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe |
| SHA512 | 53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js
| MD5 | b0adfc74c8e51ce2ab659bfc13752ed3 |
| SHA1 | 1b0879db53a00bbfeddcfdc0c190901387bab7bd |
| SHA256 | a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d |
| SHA512 | 4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42 |
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
| MD5 | 614c451436d08f584b631455ae01932b |
| SHA1 | f343b42ad4729d575daac5af1344313959428454 |
| SHA256 | 551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244 |
| SHA512 | 8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c |
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico
| MD5 | 4fe78278c727ca838a6b0a8b5d2fc924 |
| SHA1 | 7eba94ab9295e387f43fba20fcb79bc3db1dde64 |
| SHA256 | af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45 |
| SHA512 | ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2 |
memory/5072-1282-0x00000000209F0000-0x0000000020A28000-memory.dmp
memory/5072-1314-0x00000000209C0000-0x00000000209CE000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h
| MD5 | 4c8fce7c4f0bee30b8f03d94fba5b66c |
| SHA1 | 4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5 |
| SHA256 | bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466 |
| SHA512 | 0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h
| MD5 | 4ef9928ec21c398681ed3357aa400c48 |
| SHA1 | 5bafcdf7c4ff860ce7f94c5260159e7bf063243b |
| SHA256 | ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0 |
| SHA512 | c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\squirrel.exe
| MD5 | de69057f909c088b393d2084b7797b50 |
| SHA1 | 7fc6b978d405b752584485840b88f785df06af37 |
| SHA256 | e9a3a9d5dcc3644a043354164a6d736260b9417dad144cba7264bdbd4f988488 |
| SHA512 | 059146702f4903bbcb434c42ced3b57ad636fb38a8665c7956824d08356c819413027bdf6e4a829555f1c354568c01028a8104388e3cc55a254042663cff2b60 |
memory/3968-4088-0x0000000000DF0000-0x0000000000FE6000-memory.dmp
memory/3968-4091-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
memory/3968-4092-0x000000001BC60000-0x000000001BC70000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
| MD5 | 36f4fecf0ae0e64d7e96a8e2654acc60 |
| SHA1 | 9ddca82682f8edb3362beafff15c4f975c0c1d47 |
| SHA256 | c8c7ef2267391bb3498e27454bd5ec277672a47d63096d9e33e124b6235bb58d |
| SHA512 | 94b60d2c6c8767bdbd2a4cf997ccf3ffc690419453543194b363c15695934675ff15ed7686ac77c53602ecfed32fe6431eb55b5bd2a42202597df92223de449b |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\ffmpeg.dll
| MD5 | ee8851a16185d4a89cbb050f41850bf6 |
| SHA1 | 249cf372165a99f83f08586b2da048da6a100a5c |
| SHA256 | ff58a1a30d30d178f35bed269d4536b835f8ad07ddc791d3d5bd8652b8f0f266 |
| SHA512 | 85546e191d183b4576fcc91408f2f1f285b5eab9a077cb6cc93315b4d798b016e3d45707a1e6171fa49cd5e0c55c4586d60c65d800d1736a7d3b6b630e26ebc1 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\v8_context_snapshot.bin
| MD5 | 6503b392ac5c25ff020189fa38fbaecb |
| SHA1 | 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b |
| SHA256 | add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470 |
| SHA512 | 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\package.json
| MD5 | 9bdfdca3e22b43f399180dc40f053fdb |
| SHA1 | 1533e72ca0202b900b90e209c4385affd458962f |
| SHA256 | b33596e8a1f8875749690db291c8990b34cdfc4a4ae4196023b77a2a3c24117f |
| SHA512 | b76997231495b1cd07b8d4e992602c04a10f29d52ee5feda863097b7985d5a97a572ea32924749f8c0a5d5ff2a1581a72516552911c26e592d6bb7b677fceeb8 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\main.min.js
| MD5 | f3685735e0d27d4dfbc0e4e86769d4ea |
| SHA1 | 61944c564aa7c0b60812ef9d26e6114ac608f83d |
| SHA256 | 8c1a4470a25dba99f997a7d9de66afedf67f3312d419b15f4316f7d921ce76cb |
| SHA512 | e60a6ad57ea46251c4710e3611b2bbf9b440464b0060e41735171c51e14a0a988c482c652cbf527722773b3b133e92da24534a47f7dd0d8408d8f20d8976841c |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\index.js
| MD5 | 5e2fbb9d655e0dd204e8d211ec1b4d0c |
| SHA1 | 440dc879e7fb836d97a5f5a40f016bbaa1b7f588 |
| SHA256 | 8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9 |
| SHA512 | d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\index.js
| MD5 | fddcc2097091479666d0865c176d6615 |
| SHA1 | 55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694 |
| SHA256 | 55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c |
| SHA512 | 252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\lodash.js
| MD5 | bbb588cc4360df5d317ebff5f5c1ac9c |
| SHA1 | 03d60d1510d24a952ff370b77035b031a87c4158 |
| SHA256 | 4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54 |
| SHA512 | da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\index.js
| MD5 | d98f7c699c54e0e90f408a44feb3188b |
| SHA1 | 0ffd660201ce0749053d108c53e5606b9da158d6 |
| SHA256 | e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7 |
| SHA512 | 7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json
| MD5 | 21c428fea6bd57296e3d92711ca7eb0d |
| SHA1 | ec301b512cfe223b839d708e5098fcd57f6155ef |
| SHA256 | 91a2b97d5ee0dc5f526bb03879c10e301699c5ae4db9cb744489050abf8b1b7d |
| SHA512 | de0d88c77a7a6a0994cf5625f031d94bd1dcf6bc2eacc76f8ff36a762f872f271fd20bb5c062308bc39ed67c7f68668144974aa09b86b28fb3df6cbec64ed63d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\package.json
| MD5 | 65f30030f0e7b2eff552eaabd8bb1fe1 |
| SHA1 | 5dee8a540c467ffbf9025481180c77a06a9f46f2 |
| SHA256 | 71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0 |
| SHA512 | 763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\bindings.js
| MD5 | 13c05ea1a2f638b707aa56eea958810c |
| SHA1 | c93878e75a9f0545f73aa8d6fba3a761c4ceda36 |
| SHA256 | 8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6 |
| SHA512 | f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\package.json
| MD5 | 17005447df8440e0e386849b8fa2b682 |
| SHA1 | 14bbbadeb1307b1f711ee10093d5b46a7889677c |
| SHA256 | a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c |
| SHA512 | a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\dist\async.js
| MD5 | 8e1598d40fb098345d3a535b64283ded |
| SHA1 | 69a84082a52a16bb9d3842729265d6d852687631 |
| SHA256 | df034df3912bed7ddc43844d7318c6aa82fbb90046053e8b97fbe1d69825d153 |
| SHA512 | 5c50096857817ab1799891876f1b84d4ed245cd9a7488e23cbf6e69e514eee0220b1c00b4c262ffa8ae8ae81421c11496f3b1459d590b4c646c1aec1736aa828 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\package.json
| MD5 | f61c8b5330d5b02b636e3bc1f919b38d |
| SHA1 | 435a1425e76245b3817da540d9184b6392ecda71 |
| SHA256 | e77ef78b8bb1e7e441778f069a7b1e5d394ac1b5f1b06e6eecce9bcb89a148d7 |
| SHA512 | 49cc14e13a4772ebebd4358437d94f704198014f2fea96b87d3178c80478067791d4b4462f54c34cb5eee1c3bc54457e5eda9f97e220f98b0d2523a5c8c68bdd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js
| MD5 | 67711547b1766f72c279f23cb8e6cfeb |
| SHA1 | 2b404eb9de9b81bc5a758a18244d66e497ec06e6 |
| SHA256 | 7f1cb3728c432ce4f796f7d70fa44d17383811e4028cd3ad35b340599cf05f61 |
| SHA512 | 16ad783d56a6477e141a0b0479f0f87c63dd571996490692fbed8b8ee422d33a1625f5a4aaafd7e29fbc45e71ca73c8c85cedad961abec39f7131f428381708c |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\index.js
| MD5 | f1d2cfebcfeb0bbebdc649f14c890cd6 |
| SHA1 | 94a1d57b67c83c95d48d4fcde53942f012518d42 |
| SHA256 | fc780fe9c792729536e92b506ea20d642e9135ba2f0891c04e3a7965bc52c524 |
| SHA512 | 8c2302557596fc99dcb48a68fac45128ca1c4676be33bcd47505b57b0150c38895462f48148e48d0205bd0d78a4c972d81b811d1085f8da6f78f18c2e73a0dfd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\package.json
| MD5 | bc1654a40e474095d945850841a17ecc |
| SHA1 | ee2b067153f014a2616eae1a1fb1cd1f763b5ec8 |
| SHA256 | 1e44359c41302af8cf600363c7346d2011edb7125cd05af8114aff0f780eb889 |
| SHA512 | 2191604f3073af1798dd6fe460056aa3d75dcce02b24e331c112bcfd5e8630654f8a9dd3052174ccb1ef9ea770b2884f195e6b30b484f7741b7c7fc216db5109 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\blake2b.js
| MD5 | 6d4fdddbe0e3df6ede11846ac2d9f104 |
| SHA1 | 16ed563b7e5eb247279479de76bea594fab392f0 |
| SHA256 | ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9 |
| SHA512 | f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\index.js
| MD5 | b792856285e9760aac0ca447b4cdad32 |
| SHA1 | c3f23229d5855aa849565a6f4dee345b4471e53e |
| SHA256 | 7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64 |
| SHA512 | a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\package.json
| MD5 | 0d8a61020dfcd3eacd3203aac69c4758 |
| SHA1 | 9aaf999e183e6a5a65bc8d7ac4bea3f99be250e3 |
| SHA256 | eb9b447bd66da6845b8c637526f65f9c792bcf8c242e9c1ce4f78f3b474b2445 |
| SHA512 | 2c0addcbd2b57d28eb13ac9faa64aa9b741c4797e97afffe12341d803aa34403fcee226604bf3407246349f8bcd21faf76198b8c2a609ec682ee93c98d258d08 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\index.js
| MD5 | b1c4d73faad73d98b01810cde1eb52fb |
| SHA1 | 67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce |
| SHA256 | 0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd |
| SHA512 | bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\package.json
| MD5 | 85f6234e8249e84f2a2361d5142707a3 |
| SHA1 | d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef |
| SHA256 | 5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541 |
| SHA512 | e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources.pak
| MD5 | f5ab76d2b17459b5288b6269b0925890 |
| SHA1 | 75be4046f33919340014a88815f415beb454a641 |
| SHA256 | 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c |
| SHA512 | 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
memory/2716-4176-0x0000000000C20000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Roaming\Medal\store\store.json
| MD5 | 3068cf68ceb904bca747668350ce56cf |
| SHA1 | 4004e3a47e8ffb7ba5223ac1545bae0db02242cc |
| SHA256 | 9571666c801a754c3148e943460195a6c7734dc97ee94c3ea37fbfc1f2944eca |
| SHA512 | f2da550c64d0eb5b8b8e9c60dfeab8a8c34fc6b3548cf33979e376a0c57ec074fb426ab5e37503ddc26cc4f907e74ea40e9400d7e02aa05f35f95e8cb6de261b |
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.116269056
| MD5 | 1567fb48d4121c4877b3dcc7df8a2df4 |
| SHA1 | 364fd279d8a7860b749efcd3e1316fc19126b7fa |
| SHA256 | 0601e12abb754c04d9b8fdc1f53c84c044fa26ffb571575e476971b1edc26086 |
| SHA512 | 785a6d73465f4e73c29febad4eb107ba5c07a1961b78eec8def4289c15ecf223b0fd41d745a76e9ce765a206519bed41bcb857db6bd3df8c72e298aa048839db |
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.2831386690
| MD5 | c7f1a15b8d4eb24b1ba330880e4ba8e4 |
| SHA1 | bedb427cfe601875c9f600794088726e7595efab |
| SHA256 | e50b69776a36c43b20fcdef8ab0c1f70c11dbb500c68f7c4759aff9959ee1d2c |
| SHA512 | 1e5b7df1846044e53f4043db77012769b7c157bd1eb5bc1fad818e17ef631818767c605d984bf7def768abec4db97a76ab18e63edbffb2b83bb800d5089bde57 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/4784-4167-0x00007FF9CEC70000-0x00007FF9CEC71000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
memory/2716-4153-0x0000000000BF0000-0x0000000000C00000-memory.dmp
memory/2716-4152-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\index.js
| MD5 | 44d45c7081a567a4d0cb4bbb36bf6be6 |
| SHA1 | 69a7954eab536502b052557d5911acb9de503dad |
| SHA256 | 5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb |
| SHA512 | 0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\package.json
| MD5 | de6935b833716ef4d703b58e188ace78 |
| SHA1 | 01cb598615db0cb08979b3ff1e4324d047eb1fa0 |
| SHA256 | 2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd |
| SHA512 | b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65 |
memory/2716-4251-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\index.js
| MD5 | 350e95a4d11b533abbd5d4414d38005f |
| SHA1 | 37f2bb772cc953169bbfc13087b13ba6952ed8b3 |
| SHA256 | 89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064 |
| SHA512 | 8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\package.json
| MD5 | 88595359281788f64142b0938af3f9db |
| SHA1 | d35800917d86c3d104b9142926e9daa2ba4bf3dc |
| SHA256 | 47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870 |
| SHA512 | a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\package.json
| MD5 | 188f386c15507c982c3e0d5a2db5b60d |
| SHA1 | 2c1ec9f730323c72f6f76e73f48b24902cc853c2 |
| SHA256 | 8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2 |
| SHA512 | a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\index.js
| MD5 | 83c46187ed7b1e33a178f4c531c4ea81 |
| SHA1 | ea869663486f513cc4d1ca8312ed52a165c417fa |
| SHA256 | e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9 |
| SHA512 | 51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\package.json
| MD5 | a682078f64a677ddad1f50307a14b678 |
| SHA1 | c290eb97736177176d071da4ac855ab995685c97 |
| SHA256 | 1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40 |
| SHA512 | 9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\templates.js
| MD5 | 790b7b8bf5ed00feffce05aac1c79492 |
| SHA1 | 5ac0afae48c626cc6474268c725342039e5e5ef0 |
| SHA256 | 6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f |
| SHA512 | 2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\stub.js
| MD5 | 62063cc3b8565061daaddf496dd15731 |
| SHA1 | 206166851431982536333b4a1b9c31f9e5111295 |
| SHA256 | 3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6 |
| SHA512 | a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\index.js
| MD5 | d359d8698706d059e14b6f3eeedced8c |
| SHA1 | 9acb5276a78ed09acf81a62e1db439217aff85cf |
| SHA256 | 6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773 |
| SHA512 | f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\package.json
| MD5 | 16fd5b35f0cbaed2b0b719e69f9f5a4b |
| SHA1 | 7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4 |
| SHA256 | 9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c |
| SHA512 | a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\lib\mappingTable.json
| MD5 | 26c6da7a34c8a051a60b3592287d3fea |
| SHA1 | 6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da |
| SHA256 | b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff |
| SHA512 | 8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\index.js
| MD5 | 7d598c8605e26cafe489544f1730d380 |
| SHA1 | 02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4 |
| SHA256 | 8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e |
| SHA512 | f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\package.json
| MD5 | 36ce158498fb4f35c9a42edb60665bbe |
| SHA1 | 49c76b0a075effa9325c17f55c4d6472ddf3c7a9 |
| SHA256 | 615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779 |
| SHA512 | 676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\package.json
| MD5 | b3ea7267a23f72028e774742792b114a |
| SHA1 | fe112804e727b4f3489e9a52900349d0a4ed302c |
| SHA256 | 3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757 |
| SHA512 | 01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\common.js
| MD5 | 28e94a3cc7d081498bea5ced383038f6 |
| SHA1 | c9707394c09387b56864a8865158d29fd307774a |
| SHA256 | c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37 |
| SHA512 | 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\node.js
| MD5 | 6e63fda079262f01e14f03bdf77146c0 |
| SHA1 | 481608e3c95722f3a474336e5b777a6a521e76f9 |
| SHA256 | f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559 |
| SHA512 | 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\index.js
| MD5 | d6c53f5a0dd8f256d91210ad530a2f3e |
| SHA1 | 0f4ce3b10eff761f099ac75593f7e05b149ae695 |
| SHA256 | aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3 |
| SHA512 | 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2 |
C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\package.json
| MD5 | 2630a1ac039c8970c8fb0daf0f2f03c4 |
| SHA1 | ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7 |
| SHA256 | 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb |
| SHA512 | a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791 |
memory/5072-4288-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
memory/5072-4289-0x000000001B7D0000-0x000000001B7E0000-memory.dmp
memory/3968-4290-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp
memory/3968-4291-0x000000001BC60000-0x000000001BC70000-memory.dmp