Malware Analysis Report

2025-08-11 01:08

Sample ID 240404-qrda9sha61
Target MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe
SHA256 13cd8411e4cc767181a62da50d8b1b6cf1506c596bc275374a14265195b2143b
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

13cd8411e4cc767181a62da50d8b1b6cf1506c596bc275374a14265195b2143b

Threat Level: Shows suspicious behavior

The file MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Adds Run key to start application

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Checks processor information in registry

Modifies registry key

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates processes with tasklist

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-04 13:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 13:29

Reported

2024-04-04 13:38

Platform

win10-20240221-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\"" C:\Windows\system32\reg.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2378.0\\--squirrel-firstrun\" \"%1\"" C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\URL Protocol C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\ = "URL:medal" C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell\open\command C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\medal\shell C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2748 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2748 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2108 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
PID 2108 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
PID 2108 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2108 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 4156 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4156 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2920 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 1872 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1872 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2920 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 4332 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4332 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2920 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2920 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5040 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5040 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\Update.exe
PID 2920 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\Update.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 2920 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe

"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-install 4.2378.0

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4d4,0x4b4,0x4cc,0x4a8,0x4d8,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"

C:\Windows\system32\reg.exe

reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Users\Admin\AppData\Local\Medal\Update.exe

C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1916 --field-trial-handle=2072,i,9141571038167769045,4430901287606009254,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-firstrun

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4b4,0x4bc,0x4c0,0x498,0x4c4,0x7ff723571898,0x7ff7235718a8,0x7ff7235718b8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"

C:\Windows\system32\reg.exe

reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1852 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2544 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"

C:\Windows\System32\Wbem\WMIC.exe

wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3948 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:1

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3740 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"

C:\Windows\system32\reg.exe

reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"

C:\Windows\System32\Wbem\WMIC.exe

wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe

"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"

C:\Windows\system32\reg.exe

reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4400 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4404 --field-trial-handle=2000,i,13873739409145558118,12544739013795627598,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version"

C:\Windows\System32\Wbem\WMIC.exe

wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.818.0\\MedalEncoder.exe" get Version

C:\Windows\System32\Wbem\wmic.exe

wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3e4

C:\Windows\system32\cmd.exe

cmd /c query session

C:\Windows\system32\query.exe

query session

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version"

C:\Windows\system32\qwinsta.exe

"C:\Windows\system32\qwinsta.exe"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe

"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\ffmpeg.exe" -version

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"

C:\Windows\system32\tasklist.exe

tasklist /fi "imagename eq MedalEncoder.exe" /fo csv

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\b540bb0d.txt"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 08c2bc65-c487-4053-ad74-f645bbdb62f4

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe

"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\17c3ced5-6a21-4d5c-491d-0a63b36ec080.run\__sentry-breadcrumb2 --initial-client-data=0xdbc,0xdc0,0xdc4,0xd9c,0xdc8,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"

C:\Windows\system32\cmd.exe

cmd /c query session

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"

C:\Windows\system32\query.exe

query session

C:\Windows\system32\qwinsta.exe

"C:\Windows\system32\qwinsta.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"

C:\Windows\system32\tasklist.exe

tasklist /fi "imagename eq MedalEncoder.exe" /fo csv

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\4e061894.txt"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\suicide.lock 5a1f3716-a21e-47e7-853b-7040fd804226

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe

"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\MedalEncoder.exe" soundOffset=

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\DLLs\sentry-db\3727f20e-994b-4fc1-c1d6-a54d6a684098.run\__sentry-breadcrumb2 --initial-client-data=0xc4c,0xc48,0xc44,0xbe8,0xc40,0x7ff898a93db0,0x7ff898a93dd0,0x7ff898a93de8

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe

"C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Host\TestSettings64.exe" 2

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k smphost

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.medal.tv udp
GB 104.86.111.138:443 cdn.medal.tv tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
US 8.8.8.8:53 sentry.medal.tv udp
US 104.18.162.67:443 sentry.medal.tv tcp
US 104.18.162.67:443 sentry.medal.tv tcp
US 104.18.162.67:443 sentry.medal.tv tcp
US 8.8.8.8:53 138.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 67.162.18.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
US 8.8.8.8:53 ampltd2.medal.tv udp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 i.imgur.com udp
GB 104.86.110.209:80 apps.identrust.com tcp
GB 151.101.60.193:443 i.imgur.com tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
GB 104.86.111.138:443 cdn.medal.tv tcp
US 8.8.8.8:53 cdn.medal.tv udp
GB 104.86.111.138:443 cdn.medal.tv tcp
US 8.8.8.8:53 209.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 193.60.101.151.in-addr.arpa udp
US 8.8.8.8:53 builds-cdn.medal.com udp
US 172.67.70.24:443 builds-cdn.medal.com tcp
US 8.8.8.8:53 106.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 24.70.67.172.in-addr.arpa udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 104.16.166.44:443 ampltd2.medal.tv tcp
US 8.8.8.8:53 cdn.medal.tv udp
US 104.18.162.67:443 ampltd2.medal.tv tcp
US 151.101.2.217:443 tcp
US 151.101.2.217:443 tcp
US 104.26.11.238:443 tcp
US 8.8.8.8:53 medal.tv udp
US 104.16.166.44:443 medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
US 8.8.8.8:53 44.166.16.104.in-addr.arpa udp
US 8.8.8.8:53 217.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 238.11.26.104.in-addr.arpa udp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 udp
US 54.146.115.196:443 tcp
US 15.197.213.252:443 tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.115.146.54.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 15.197.213.252:443 tcp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 252.213.197.15.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 104.86.110.209:443 cdn.medal.tv tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 api-v2.medal.tv udp
US 104.16.166.44:443 api-v2.medal.tv tcp
US 104.18.162.67:443 api-v2.medal.tv tcp
US 8.8.8.8:53 sentry.medal.tv udp
US 104.16.166.44:443 sentry.medal.tv tcp
US 8.8.8.8:53 cdn.medal.tv udp
GB 104.86.110.209:443 cdn.medal.tv tcp
US 104.16.166.44:443 sentry.medal.tv tcp
US 8.8.8.8:53 o150878.ingest.sentry.io udp
US 34.120.195.249:443 o150878.ingest.sentry.io tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 104.18.162.67:443 sentry.medal.tv tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10703 tcp
N/A 127.0.0.1:10803 tcp
N/A 127.0.0.1:10903 tcp
N/A 127.0.0.1:11003 tcp
N/A 127.0.0.1:11103 tcp
N/A 127.0.0.1:11203 tcp
N/A 127.0.0.1:11303 tcp
N/A 127.0.0.1:11403 tcp
N/A 127.0.0.1:11503 tcp
N/A 127.0.0.1:11603 tcp
N/A 127.0.0.1:11703 tcp
N/A 127.0.0.1:11803 tcp
N/A 127.0.0.1:11903 tcp
N/A 127.0.0.1:12003 tcp
N/A 127.0.0.1:12103 tcp
N/A 127.0.0.1:12203 tcp
N/A 127.0.0.1:12303 tcp
N/A 127.0.0.1:12403 tcp
N/A 127.0.0.1:12503 tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10703 tcp
N/A 127.0.0.1:10803 tcp
N/A 127.0.0.1:10903 tcp
N/A 127.0.0.1:11003 tcp
N/A 127.0.0.1:11103 tcp
N/A 127.0.0.1:11203 tcp
N/A 127.0.0.1:11303 tcp
N/A 127.0.0.1:11403 tcp
N/A 127.0.0.1:11503 tcp
N/A 127.0.0.1:11603 tcp
N/A 127.0.0.1:11703 tcp
N/A 127.0.0.1:11803 tcp
N/A 127.0.0.1:11903 tcp
N/A 127.0.0.1:12003 tcp
N/A 127.0.0.1:12103 tcp
N/A 127.0.0.1:12203 tcp
N/A 127.0.0.1:12303 tcp
N/A 127.0.0.1:12403 tcp
N/A 127.0.0.1:12503 tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10603 tcp
N/A 127.0.0.1:10603 tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:10603 tcp

Files

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 57224988f28efe075be1ed9d9dd96a19
SHA1 dc77165aadda56a212c999b6ce668ad020d6a920
SHA256 25b35db89d1d4bb7fbc719f5ee37d0578cd0ab0559585c45c33f2721b13a8123
SHA512 37968b63e2e6e843207359de06bbd3160b509d8a0de780a4908863747940730e222923241472cf7c3e897985b71e4c98a0e4a5e67205ad240b37c8bfc27d6188

memory/2108-9-0x0000000000310000-0x00000000004E6000-memory.dmp

memory/2108-10-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 61792456a528e8d4e83c5d79cbb011f8
SHA1 f32f53deb042cb86e2141bbcab1724dbdb46da74
SHA256 9419ef6b8e251e3f04ddb39f43ccc7a77b5e9827f411f0c8bbb0fb6e9f305cf8
SHA512 c8f0d74a05160224f05a85e8573f8e292ea2b444ccb374458a5ae9dce0ea4078d6bb5dac0079af056c4e21a0e9dbf77986d6f8adfa254483b74ff3e7c0820db8

memory/2108-12-0x000000001B300000-0x000000001B310000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\Medal-4.2378.0-full.nupkg

MD5 1f1afe3eaa19389e2923984d2e575218
SHA1 348302752f6869aa2b9b67e891847d8939c18199
SHA256 71f1bd8cf6b61d7b11a59e0abcc28583e8c092b6b6ef80b36f438ba9caab302f
SHA512 5622fc962efa3e14f19798c1cc0e734eff28168424f9d1042122947bc895ef57bef8438a5ab1ad8505507d5fcc55514e3d66bf532481f162ebe2d17c068ef428

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

MD5 b0adfc74c8e51ce2ab659bfc13752ed3
SHA1 1b0879db53a00bbfeddcfdc0c190901387bab7bd
SHA256 a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d
SHA512 4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

MD5 dfb2813673ea5279a9aa7305e5fe33f3
SHA1 6e6491c1ab3389433d1b39a33b3ac8760649a2c8
SHA256 5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe
SHA512 53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

MD5 ea817882455c03503f7d014a8f54f095
SHA1 dd164bc611bca7ba8ead40ec4c2851081e5a16b9
SHA256 1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39
SHA512 0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 614c451436d08f584b631455ae01932b
SHA1 f343b42ad4729d575daac5af1344313959428454
SHA256 551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244
SHA512 8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c

C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

MD5 4fe78278c727ca838a6b0a8b5d2fc924
SHA1 7eba94ab9295e387f43fba20fcb79bc3db1dde64
SHA256 af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45
SHA512 ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

memory/2108-1103-0x00000000200D0000-0x0000000020108000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

MD5 4c8fce7c4f0bee30b8f03d94fba5b66c
SHA1 4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5
SHA256 bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466
SHA512 0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

MD5 4ef9928ec21c398681ed3357aa400c48
SHA1 5bafcdf7c4ff860ce7f94c5260159e7bf063243b
SHA256 ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0
SHA512 c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\squirrel.exe

MD5 de69057f909c088b393d2084b7797b50
SHA1 7fc6b978d405b752584485840b88f785df06af37
SHA256 e9a3a9d5dcc3644a043354164a6d736260b9417dad144cba7264bdbd4f988488
SHA512 059146702f4903bbcb434c42ced3b57ad636fb38a8665c7956824d08356c819413027bdf6e4a829555f1c354568c01028a8104388e3cc55a254042663cff2b60

memory/4360-4084-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

memory/4360-4083-0x0000000000DE0000-0x0000000000FD6000-memory.dmp

\Users\Admin\AppData\Local\Medal\app-4.2378.0\ffmpeg.dll

MD5 ee8851a16185d4a89cbb050f41850bf6
SHA1 249cf372165a99f83f08586b2da048da6a100a5c
SHA256 ff58a1a30d30d178f35bed269d4536b835f8ad07ddc791d3d5bd8652b8f0f266
SHA512 85546e191d183b4576fcc91408f2f1f285b5eab9a077cb6cc93315b4d798b016e3d45707a1e6171fa49cd5e0c55c4586d60c65d800d1736a7d3b6b630e26ebc1

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\v8_context_snapshot.bin

MD5 6503b392ac5c25ff020189fa38fbaecb
SHA1 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b
SHA256 add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470
SHA512 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

MD5 36f4fecf0ae0e64d7e96a8e2654acc60
SHA1 9ddca82682f8edb3362beafff15c4f975c0c1d47
SHA256 c8c7ef2267391bb3498e27454bd5ec277672a47d63096d9e33e124b6235bb58d
SHA512 94b60d2c6c8767bdbd2a4cf997ccf3ffc690419453543194b363c15695934675ff15ed7686ac77c53602ecfed32fe6431eb55b5bd2a42202597df92223de449b

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\package.json

MD5 9bdfdca3e22b43f399180dc40f053fdb
SHA1 1533e72ca0202b900b90e209c4385affd458962f
SHA256 b33596e8a1f8875749690db291c8990b34cdfc4a4ae4196023b77a2a3c24117f
SHA512 b76997231495b1cd07b8d4e992602c04a10f29d52ee5feda863097b7985d5a97a572ea32924749f8c0a5d5ff2a1581a72516552911c26e592d6bb7b677fceeb8

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\index.js

MD5 5e2fbb9d655e0dd204e8d211ec1b4d0c
SHA1 440dc879e7fb836d97a5f5a40f016bbaa1b7f588
SHA256 8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9
SHA512 d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\main.min.js

MD5 f3685735e0d27d4dfbc0e4e86769d4ea
SHA1 61944c564aa7c0b60812ef9d26e6114ac608f83d
SHA256 8c1a4470a25dba99f997a7d9de66afedf67f3312d419b15f4316f7d921ce76cb
SHA512 e60a6ad57ea46251c4710e3611b2bbf9b440464b0060e41735171c51e14a0a988c482c652cbf527722773b3b133e92da24534a47f7dd0d8408d8f20d8976841c

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\index.js

MD5 fddcc2097091479666d0865c176d6615
SHA1 55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694
SHA256 55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c
SHA512 252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\package.json

MD5 b3ea7267a23f72028e774742792b114a
SHA1 fe112804e727b4f3489e9a52900349d0a4ed302c
SHA256 3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757
SHA512 01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\common.js

MD5 28e94a3cc7d081498bea5ced383038f6
SHA1 c9707394c09387b56864a8865158d29fd307774a
SHA256 c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37
SHA512 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\node.js

MD5 6e63fda079262f01e14f03bdf77146c0
SHA1 481608e3c95722f3a474336e5b777a6a521e76f9
SHA256 f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA512 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\index.js

MD5 7d598c8605e26cafe489544f1730d380
SHA1 02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4
SHA256 8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e
SHA512 f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\lodash.js

MD5 bbb588cc4360df5d317ebff5f5c1ac9c
SHA1 03d60d1510d24a952ff370b77035b031a87c4158
SHA256 4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54
SHA512 da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\package.json

MD5 188f386c15507c982c3e0d5a2db5b60d
SHA1 2c1ec9f730323c72f6f76e73f48b24902cc853c2
SHA256 8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2
SHA512 a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\index.js

MD5 83c46187ed7b1e33a178f4c531c4ea81
SHA1 ea869663486f513cc4d1ca8312ed52a165c417fa
SHA256 e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9
SHA512 51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\package.json

MD5 a682078f64a677ddad1f50307a14b678
SHA1 c290eb97736177176d071da4ac855ab995685c97
SHA256 1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40
SHA512 9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\templates.js

MD5 790b7b8bf5ed00feffce05aac1c79492
SHA1 5ac0afae48c626cc6474268c725342039e5e5ef0
SHA256 6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f
SHA512 2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json

MD5 21c428fea6bd57296e3d92711ca7eb0d
SHA1 ec301b512cfe223b839d708e5098fcd57f6155ef
SHA256 91a2b97d5ee0dc5f526bb03879c10e301699c5ae4db9cb744489050abf8b1b7d
SHA512 de0d88c77a7a6a0994cf5625f031d94bd1dcf6bc2eacc76f8ff36a762f872f271fd20bb5c062308bc39ed67c7f68668144974aa09b86b28fb3df6cbec64ed63d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\index.js

MD5 d98f7c699c54e0e90f408a44feb3188b
SHA1 0ffd660201ce0749053d108c53e5606b9da158d6
SHA256 e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7
SHA512 7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\package.json

MD5 65f30030f0e7b2eff552eaabd8bb1fe1
SHA1 5dee8a540c467ffbf9025481180c77a06a9f46f2
SHA256 71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0
SHA512 763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\bindings.js

MD5 13c05ea1a2f638b707aa56eea958810c
SHA1 c93878e75a9f0545f73aa8d6fba3a761c4ceda36
SHA256 8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6
SHA512 f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\package.json

MD5 17005447df8440e0e386849b8fa2b682
SHA1 14bbbadeb1307b1f711ee10093d5b46a7889677c
SHA256 a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c
SHA512 a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\dist\async.js

MD5 8e1598d40fb098345d3a535b64283ded
SHA1 69a84082a52a16bb9d3842729265d6d852687631
SHA256 df034df3912bed7ddc43844d7318c6aa82fbb90046053e8b97fbe1d69825d153
SHA512 5c50096857817ab1799891876f1b84d4ed245cd9a7488e23cbf6e69e514eee0220b1c00b4c262ffa8ae8ae81421c11496f3b1459d590b4c646c1aec1736aa828

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\package.json

MD5 f61c8b5330d5b02b636e3bc1f919b38d
SHA1 435a1425e76245b3817da540d9184b6392ecda71
SHA256 e77ef78b8bb1e7e441778f069a7b1e5d394ac1b5f1b06e6eecce9bcb89a148d7
SHA512 49cc14e13a4772ebebd4358437d94f704198014f2fea96b87d3178c80478067791d4b4462f54c34cb5eee1c3bc54457e5eda9f97e220f98b0d2523a5c8c68bdd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\blake2b.js

MD5 6d4fdddbe0e3df6ede11846ac2d9f104
SHA1 16ed563b7e5eb247279479de76bea594fab392f0
SHA256 ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9
SHA512 f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\index.js

MD5 b792856285e9760aac0ca447b4cdad32
SHA1 c3f23229d5855aa849565a6f4dee345b4471e53e
SHA256 7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64
SHA512 a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\package.json

MD5 0d8a61020dfcd3eacd3203aac69c4758
SHA1 9aaf999e183e6a5a65bc8d7ac4bea3f99be250e3
SHA256 eb9b447bd66da6845b8c637526f65f9c792bcf8c242e9c1ce4f78f3b474b2445
SHA512 2c0addcbd2b57d28eb13ac9faa64aa9b741c4797e97afffe12341d803aa34403fcee226604bf3407246349f8bcd21faf76198b8c2a609ec682ee93c98d258d08

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\index.js

MD5 b1c4d73faad73d98b01810cde1eb52fb
SHA1 67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce
SHA256 0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd
SHA512 bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\package.json

MD5 85f6234e8249e84f2a2361d5142707a3
SHA1 d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef
SHA256 5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541
SHA512 e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\index.js

MD5 44d45c7081a567a4d0cb4bbb36bf6be6
SHA1 69a7954eab536502b052557d5911acb9de503dad
SHA256 5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb
SHA512 0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\package.json

MD5 de6935b833716ef4d703b58e188ace78
SHA1 01cb598615db0cb08979b3ff1e4324d047eb1fa0
SHA256 2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd
SHA512 b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\index.js

MD5 350e95a4d11b533abbd5d4414d38005f
SHA1 37f2bb772cc953169bbfc13087b13ba6952ed8b3
SHA256 89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064
SHA512 8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\package.json

MD5 88595359281788f64142b0938af3f9db
SHA1 d35800917d86c3d104b9142926e9daa2ba4bf3dc
SHA256 47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870
SHA512 a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\stub.js

MD5 62063cc3b8565061daaddf496dd15731
SHA1 206166851431982536333b4a1b9c31f9e5111295
SHA256 3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6
SHA512 a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\index.js

MD5 d359d8698706d059e14b6f3eeedced8c
SHA1 9acb5276a78ed09acf81a62e1db439217aff85cf
SHA256 6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773
SHA512 f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\package.json

MD5 16fd5b35f0cbaed2b0b719e69f9f5a4b
SHA1 7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4
SHA256 9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c
SHA512 a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\lib\mappingTable.json

MD5 26c6da7a34c8a051a60b3592287d3fea
SHA1 6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da
SHA256 b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff
SHA512 8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\package.json

MD5 36ce158498fb4f35c9a42edb60665bbe
SHA1 49c76b0a075effa9325c17f55c4d6472ddf3c7a9
SHA256 615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779
SHA512 676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\index.js

MD5 d6c53f5a0dd8f256d91210ad530a2f3e
SHA1 0f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256 aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA512 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\package.json

MD5 2630a1ac039c8970c8fb0daf0f2f03c4
SHA1 ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7
SHA256 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb
SHA512 a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js

MD5 67711547b1766f72c279f23cb8e6cfeb
SHA1 2b404eb9de9b81bc5a758a18244d66e497ec06e6
SHA256 7f1cb3728c432ce4f796f7d70fa44d17383811e4028cd3ad35b340599cf05f61
SHA512 16ad783d56a6477e141a0b0479f0f87c63dd571996490692fbed8b8ee422d33a1625f5a4aaafd7e29fbc45e71ca73c8c85cedad961abec39f7131f428381708c

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\index.js

MD5 f1d2cfebcfeb0bbebdc649f14c890cd6
SHA1 94a1d57b67c83c95d48d4fcde53942f012518d42
SHA256 fc780fe9c792729536e92b506ea20d642e9135ba2f0891c04e3a7965bc52c524
SHA512 8c2302557596fc99dcb48a68fac45128ca1c4676be33bcd47505b57b0150c38895462f48148e48d0205bd0d78a4c972d81b811d1085f8da6f78f18c2e73a0dfd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\package.json

MD5 bc1654a40e474095d945850841a17ecc
SHA1 ee2b067153f014a2616eae1a1fb1cd1f763b5ec8
SHA256 1e44359c41302af8cf600363c7346d2011edb7125cd05af8114aff0f780eb889
SHA512 2191604f3073af1798dd6fe460056aa3d75dcce02b24e331c112bcfd5e8630654f8a9dd3052174ccb1ef9ea770b2884f195e6b30b484f7741b7c7fc216db5109

memory/2108-4150-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources.pak

MD5 f5ab76d2b17459b5288b6269b0925890
SHA1 75be4046f33919340014a88815f415beb454a641
SHA256 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA512 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

memory/4984-4157-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

memory/2108-4158-0x000000001B300000-0x000000001B310000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

memory/4984-4159-0x00000000033E0000-0x00000000033F0000-memory.dmp

memory/4984-4173-0x0000000001260000-0x0000000001280000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\store.json

MD5 8e9d0aa7623ebf158393e7dad31d55ed
SHA1 c983b11a3a30bfdf18ec84f02a32ed9e2e1c79b3
SHA256 defcd5289faff345ed7f3932f679625d560777e04b2f7789120b7c0f1f3c1141
SHA512 829058423ec710a180abbc2a0502fcb40ce68ed24b6d7757f6d74c90cdd601dcc9628d4a19c2aab3cc1e70e5b17a35982ffa5af4b47c4fa86bf59a637e261c27

memory/796-4214-0x00007FF8B97B0000-0x00007FF8B97B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\store.json.759611636

MD5 a5b9ad2a54151ff0f272bd76eff7064e
SHA1 1b6b794a72bc82c0e1dae662bf77d536fe6edd68
SHA256 1771b013d2125b927a86170e7316724428d241742137a5377214795ecd2a4c5e
SHA512 83db3e638d677688340d389aa445b357845763a4ee3a7b249b71daa9ff414e8c056e8ab8c483713757e9f5f88630339dd4571a8063887b7b6c459ff30ea0ae2c

memory/4984-4231-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

memory/4360-4237-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

memory/2108-4276-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\store.json

MD5 e28f67e927a44d7643bcdaed6836aed1
SHA1 fc99964a9ba75e98b18fbd2dc193d8c8dceb2329
SHA256 a0cca27771871c617a00308820b0119dc5058ccf11e7e52b9538ad683b6ef254
SHA512 b77762c9a6865422c1166b0d1a68fece9b717fcb58debcb0b76ca33c9e2c9114acb52c42a9c6878340fc4aa69c125c982dddf3bbeb5a02b918f019febef2c143

C:\Users\Admin\AppData\Roaming\Medal\store\store.json.1401495569

MD5 09cbd1dc825edb182cd0c1e483673538
SHA1 207fe92b007b39c68883d3bb3938bc1a2442e51b
SHA256 9406fb02d71f3d848a5546e5bd34217e2841862a09b747f6917324a37ac3d2a0
SHA512 f4ec4c831223f0818c1eb12ff3975a4c4ea6f36a9e4f82a194fb88f8a91dbf4456f5abbdb8ee2a87496022581f3a5ad181970687f06da4e64c553373292c9930

memory/4360-4318-0x0000000003210000-0x0000000003220000-memory.dmp

memory/4360-4324-0x00007FF89D750000-0x00007FF89E13C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Medal\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Medal\.logs\install.log

MD5 33f641ce9bcf78111173b786efb2ee8e
SHA1 0b788cbf7d94a95b9d898ec629316e35447dd0f6
SHA256 392ba1175497c6c8b406db8c730150952acdd383fe2a71b5b3791d621c7d20a1
SHA512 c1f6f994e6123751e98a29d47813e2a17a461e15e68091a2d16f9fe2a7d897ece7eddce58ea35f384978cd8acd78a4c34afaf04fae24ab31535cf8a8e37ed611

C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v3.json

MD5 1022010dfb92e817aa6ea168eecce33c
SHA1 00868113f54d637c4a705b8d788127fa3f927ed1
SHA256 74c50f536f58b36665adc806880abd7b194bfa3eff64d294777e34d83924c7c2
SHA512 de30559710309dcd279b08d580e2786f52419aeaf91af529347bb875c96b8e3908e9e3c5aec0995576e650b85b1c3775bf210e34c4d0248ccd706f78b5889890

C:\Users\Admin\AppData\Roaming\Medal\.logs\main-error.log

MD5 93a21b0e2e7615f07e3a7d5b130f1a9b
SHA1 c6a825377f6aa04fd92bd7e53b7a65578c2127f9
SHA256 d42e5b9c508e7f7425986b574d82c2068dff222af6f4b474aab00abe820ded4c
SHA512 dab871739e8594f029db8041b59953bab8da98ab83ef810fd77b941887b8f543c9f86a7e6ddb1c4ebb064886426acad61cc202187cd56f5b29a095717d73ae88

C:\Users\Admin\AppData\Roaming\Medal\store\store.json.26429525

MD5 73b7ca26b5aed5c023e69a48dd0fa256
SHA1 e694d4634cb20116453a3fe01f7b688dc7b591a6
SHA256 66b8a64f16309fdb1c27338ad95768a93ab9f94a012c258b9266d152080b7e03
SHA512 3aca30a75af2478abcb1da2e4c8374d92f8a86db814e7ef3265a1d173ed90b0f8f036d7aa258809e658455270e2552168df4a6b9e829892827869e709b7a8d0e

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json

MD5 84fbe225f96190e9fd80dd9a3d36e25f
SHA1 ce6a5a0e8b57895747549f1bed5277648c107df2
SHA256 391f9f385e2d36c1c789100b6cfd6d6b45d0a0edcba093be06300e109fbb9271
SHA512 31ea646e491fae44a6a04691e1174254031bb297d467172b84fa1c723936992436babe7795e1221f75121017a8d5327fe06d68b0bbf6160032e6e64c5784fa59

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json

MD5 4d4e8b6f6727f6bdbb5fab5f3414f0d8
SHA1 a17a20dcc2babb8cf16e041490c1a986726052ae
SHA256 a3017c1f2a273e3a0e1d51c331287fd3509171018df4cabce0cd86ff3d26b6b4
SHA512 5113626cdffc990ec79bb485ab0a398de17e71c1ba13cbb12864268f5eb7a78647747586985ab64f97b23240638948c46c7559a68015140b7c218e64087a89ec

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json.576248289

MD5 8fdf87cb3a1fb5d2d76c1808ca011e10
SHA1 ca09c60a84fb36af3f913ddb0725109390e0c596
SHA256 06ed23ec98a413b210a147d96a53d8ca365ecfda2c65fc6d6e73adc5b1d2426c
SHA512 215c79b98086f4e22c4449e13bdbb68f3950c2fb6c5d5a59743b2de193b0e0d4fbc93be5c482df8c27e5578fe444da3ce2884167797196a9cff9d2ad9e89e9d6

C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/4016-5092-0x000001D1537C0000-0x000001D1537D0000-memory.dmp

memory/4016-5095-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/4016-5096-0x0000000000720000-0x000000000072E000-memory.dmp

memory/4016-5097-0x000000005A260000-0x000000005A26E000-memory.dmp

memory/4016-5100-0x000001D153700000-0x000001D153712000-memory.dmp

memory/4016-5099-0x000001D1536D0000-0x000001D153702000-memory.dmp

memory/4016-5101-0x000001D173FF0000-0x000001D1741B2000-memory.dmp

memory/4016-5102-0x000001D152710000-0x000001D152720000-memory.dmp

memory/4016-5103-0x000001D173EA0000-0x000001D173F16000-memory.dmp

memory/4016-5105-0x000001D1537D0000-0x000001D1537EE000-memory.dmp

memory/4016-5112-0x000001D1746F0000-0x000001D174C16000-memory.dmp

memory/2800-5120-0x00007FF770060000-0x00007FF7751A5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 c0d64351ed8335f4af050c1aee6796f4
SHA1 2202dd83269961bc121068276abe13f206f3d203
SHA256 3cd5264edca085036251fc396abff2963f7e94709365bfb6da42a48e5c967cd4
SHA512 8a11b5a5a4929ccf4bcafaf2397763b727aafd3992d074ea6cc7df328e65b46acbe25ced53d4748909738edbc375124f08646daf54cbcbe0ba42b5ad11df8e80

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3671296477

MD5 108dfbaaece2c4be12844ec7aa27cadf
SHA1 804c5bcaf817a749f525c2217a3036addb5c4657
SHA256 ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848
SHA512 5f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6

C:\Users\Admin\AppData\Roaming\Medal\sentry\queue\queue.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Medal\store\game.json.1090117056

MD5 5e9d4a14141254e3efb69faf060984dc
SHA1 858044159bda7c382251b893013f202b1555d84b
SHA256 0ca38f058974bad41361fd0c4b5753407b93bad83a924dd085f7ff9009cd6a99
SHA512 d8b5bb541650c14efbdbd90dcdb0834573fd80880329017243fb354e731a2d3fa4f52f72ff7ab7642d8615331194d5cc19cdbb5ab2c48ea3245af4c64c64d548

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

MD5 85e87aacfa3518639d14e7d44d155f27
SHA1 99545627fc0e0887ab04b85ffbafabe1aca15c41
SHA256 008418ae69c264c53cfc6d02d9bf3d70d3596c21888c9cda6322c7ac5587e826
SHA512 f12cfbb2c4b5a654f8706bf1289390f1183dd84f4a6101e26c587861d6d87d83c733819a86932320adacabc3b877fd8a9139d4319f5f925476f3f8015a3cbcc8

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3426242202

MD5 6092abef46713067bb15ee113d8d1b6c
SHA1 a45b39a34f9f760ad6ac14195b38b485e8e19f19
SHA256 798967800161e8a9b3a909ac05dd4e98a344cb64291bd9c89525f3bce21a2db0
SHA512 bef7ce00e13160b97bb0c65cbcffcc541679303a13f3be95251305c4b0ca08e36752c58c9fdcff74ce2edadbe887ce6d947199dead4c2b56f8421edd5681724b

memory/4764-5306-0x00007FF770060000-0x00007FF7751A5000-memory.dmp

memory/312-5345-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/312-5348-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp

memory/312-5349-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp

memory/312-5351-0x000002CDD0C10000-0x000002CDD0C32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u0uij3la.ouc.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/312-5379-0x000002CDD0EA0000-0x000002CDD0EDC000-memory.dmp

memory/3808-5403-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/3808-5404-0x00000261D0B50000-0x00000261D0B60000-memory.dmp

memory/3808-5405-0x00000261D0B50000-0x00000261D0B60000-memory.dmp

memory/3808-5420-0x00000261D0B50000-0x00000261D0B60000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

MD5 20fe6ff136a7dba250488621502e6037
SHA1 70410fe0ce2de964d8138096030b1ab601405310
SHA256 5dc0e5c456730aafe8a19968e11f3fcaf47eb7ac74c27ed7f8075b4921c45752
SHA512 ae3bb849683ca3f01c2a133823c3fba853ae8a43f07d81686df17697355c9f9ffef9fb1eb8134b6d8983a272d8a6a92b3f00699e32c19144a2117f5e283ee9ff

C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe587683.TMP

MD5 b1f7e92c7b4a4c45b7e6c76ecfe43f53
SHA1 7f40a7031fb35c032b3f76b60da9e025275fb38e
SHA256 624aa2691ca971892b368fd06f79ae96b99423db1f16f972cfae76f091e7e621
SHA512 c517e88815b66f77416920739a4e490026a9f0231dfdc98befd0bb79981273a1cc3977f2b93479cd1b57002dc45eb7e849e2bdbc5f3a3842b363f7a927b6ad9f

memory/4016-5461-0x000001D1537C0000-0x000001D1537D0000-memory.dmp

memory/3808-5462-0x00000261D0B50000-0x00000261D0B60000-memory.dmp

memory/3808-5472-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/312-5477-0x000002CDD0C90000-0x000002CDD0CA0000-memory.dmp

memory/312-5482-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/4016-5481-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.2300573574

MD5 654cc89a0e4c315ec20c2af420cafc23
SHA1 19403497abbb0c6bbad7d192443a2fed09ce3419
SHA256 506b47b40359bc616d9edacbcc0b23dc994179ea748ae6b041e09f79b3f0478e
SHA512 e6a4711d88efc4eb38b2d3ea1e7afedeee56d89d7a7000fb03193a5e573964927a2212954efa9bd1572f98779d5a75be3b22eb725b4625728b74a18c46e78709

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.1069051670

MD5 0758fff1eb2e1df43ab6497530a99ed5
SHA1 78547dd064a622270e82a564dbddde079562e616
SHA256 5eaf4c6bb17b8108c4b1109bf78ae1204d2c749b5e5f91ac218c3d30fc5454e2
SHA512 52566621051fd14ca61653b6790a37cdfad4887a4b0c96e8bd2ceb93a6ba0529131eabd76a06916ccea80f1d09875dce8e8084956d4a0fdc890f7ac9183d91ed

C:\Users\Admin\AppData\Roaming\Medal\Preferences

MD5 b24a5c3e9b474ec0b8816641467a1d49
SHA1 32288a2b1f84dfe42d960338ae17c5b3e5374ac4
SHA256 8401d8b7527356b9f29e2d5b81e3c11e41ac6bbc9ec1856ca517c45e3c022861
SHA512 73a944ace1fc7f933f7ce07e2f081c42e02ff9c55a6ced76312c8adca1ae4ed336916a061dc72aa8e370a7a8b50940f6b9aafeea3f1c64f19962cc4ceba8a072

C:\Users\Admin\AppData\Roaming\Medal\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

memory/4016-5556-0x000001D152710000-0x000001D152720000-memory.dmp

memory/4072-5559-0x0000023B4D7D0000-0x0000023B4D7FA000-memory.dmp

memory/4072-5560-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/4072-5566-0x0000023B67F00000-0x0000023B67F10000-memory.dmp

memory/2436-5567-0x0000016DCE1E0000-0x0000016DCE3A2000-memory.dmp

memory/2436-5568-0x00007FF89CB10000-0x00007FF89D4FC000-memory.dmp

memory/2436-5570-0x0000016DCE740000-0x0000016DCE750000-memory.dmp

memory/2436-5571-0x0000016DE88B0000-0x0000016DE88FE000-memory.dmp

memory/2436-5585-0x0000016DE8A00000-0x0000016DE8A32000-memory.dmp

memory/2436-5586-0x0000016DE9210000-0x0000016DE9816000-memory.dmp

memory/2436-5589-0x0000016DE8F90000-0x0000016DE9040000-memory.dmp

memory/2436-5588-0x0000016DE8E70000-0x0000016DE8EDC000-memory.dmp

memory/2436-5587-0x0000016DE8A40000-0x0000016DE8A74000-memory.dmp

memory/2436-5591-0x0000016DE8E40000-0x0000016DE8E4A000-memory.dmp

memory/2436-5592-0x0000016DE8E50000-0x0000016DE8E5A000-memory.dmp

memory/2436-5590-0x0000016DE89F0000-0x0000016DE89FA000-memory.dmp

memory/2436-5599-0x0000016DE8F30000-0x0000016DE8F38000-memory.dmp

memory/2436-5598-0x0000016DE8F20000-0x0000016DE8F30000-memory.dmp

memory/2436-5597-0x0000016DE8EF0000-0x0000016DE8EF8000-memory.dmp

memory/2436-5596-0x0000016DE8F40000-0x0000016DE8F5A000-memory.dmp

memory/2436-5595-0x0000016DE8EE0000-0x0000016DE8EEA000-memory.dmp

memory/2436-5594-0x0000016DE8F00000-0x0000016DE8F1C000-memory.dmp

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gc10clp3.newcfg

MD5 0ec06a441853e86c9d982b8f68606487
SHA1 1ede33b2de031ddcd03fc41aa7836bc24f0e7197
SHA256 ad6484400c872b726eb949e0717db476dcbe248a0afbc36800b411af610ae1d1
SHA512 39949b8815b5b7bea612f1b06677e591ac02f423dd882045edcb5c06a899480d3c003b3a21b1e48fd0a57fef812a2d328c8ea49a63f1dcb4b6d99fa0d171b97e

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 e37e2958c5378a8c6bb3170fd5abdbaa
SHA1 fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f
SHA256 090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1
SHA512 1e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\faz4nefs.newcfg

MD5 628cf4e82c2a42bc2fc5116557188d16
SHA1 55591041636cde6c9c899b959b4bc2d801862b91
SHA256 b9fc4886346c0177ee4478de3753782e311be1e7d3e6dc766a18f30d4e9456ca
SHA512 01dcc54abdcede979720c7d782c3caf58e83eac256801e580538f3096379e6eef6127b5f50f7223231d324e050c7af8131a010fbad25d002e00acefc6bec94c1

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 65a607111b0a52308e7b9a5f1c00811f
SHA1 8e86955e3255d40873764918e4e976e83649f24d
SHA256 fc0c785e8add0f9344790081c244ade719e8ef34feb57b1be98d5c494b88cbc8
SHA512 c6a03ccf6aee79ee7845b92cd8feaa64beae2afdb2945a6092a0dc8b3a54cbd9b6dbfd223bf173faf2944f7da4cc54d3a4848a9c2388ca2af300ddd3217bbf4a

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 2d8e18900dac5ca2bdd6e42700802b90
SHA1 bc58ff899738a7b4ccf442aa66122a44f6fe90d6
SHA256 49088e692809f57e1bc72e585574dd43d7d9342dde8674200e04ea79a0aa8cee
SHA512 45569fc5bde0df0f10838090a48da3d0baddecac55c8fd846238a19325f7f6d3429dd2373f85c0908f102f7905e5fa21cf6da11d01be9dd044d86f951e557065

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 bcd466a2a46570985dd3932978436d8a
SHA1 41fbd36c69b9e2d043df86195d6a98e865e8b179
SHA256 cf6f236dcc64edbab54a70061f1412c47a8788e2ae3a269c460799e99c9023c7
SHA512 e44ddac039e13af105e1db45e6d6b10a50da157c575d13393cdf474c1f61f4bf61a7fe58c612305e8fe795fbb2076d8959227975d94c9cf87db7e70fb4365657

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 f698aac97199bbd7889af5ac112e94d8
SHA1 52a4e56ef10a1156fc95bd2e79ffef75bf738d4a
SHA256 2c0d3745b1aef9100c0c698f47c1ad3ca5b1c5ed21e316bd9280b761514af365
SHA512 77bd2841bdcefab1c0d9dfcba6cf96996d42e676bd0f97dab02a5ca2ac7f94b063b5ccd3e7d2f4bf127f412ce8fe9c1a67a87973a8addc325b75f189044cc54e

C:\Users\Admin\Documents\Medal\MedalLog20240404.txt

MD5 d18c32243a75c105273273872328ff30
SHA1 a76e36bd0a11f77e68ccf247069048cfdf896595
SHA256 edeff54dae917545a12775f9f3622ef1d2d42ce471a4a039563be85fdeae81c5
SHA512 7973c21c10bbd25ba2fd50cf60bcfd35936dbb18d2314ce39c6975b5cbd202b0646a844f05a30f40fe00cd36bf0b2b8ab21b43b28e8a0858b132d2f98ddb37fe

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 24f11181e5d63e9e3598c725415b85ab
SHA1 3f232b4528c9e484a1c4c3e873c96ee04ca966d6
SHA256 441f24b6a58cf5cdb1e4689dd05bc7db362857f0593ca2a34ad9b7ad1cef4015
SHA512 fb8136933c742861f42bb53169ae2ddb49fd9a28a459f9c82430d48e11597e8517ad5122b85099f5e2fd3d26e289ea3199a7394e67a0daeb1b51b9633cefee08

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1562530733

MD5 dd351ed62db4a8a394472235981c9310
SHA1 69393267f1397229de6270098500c187260c55c6
SHA256 9a971129bc78435f744708faeddc859f2b1f2fbd8909ec283cd1ae698269f996
SHA512 05b3c94d6f3604be97f3ab8b8ecd4a04f144a878a2a89f0720c9f38c8a1f3e2039160c0b5f4e2355745417ecdf641d085ae9c25f708cfff2635ac114bd39c659

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\sijamaud.newcfg

MD5 59499ab07d51a5edd5f9497be346afb1
SHA1 9a6302a508023be484092ed2b4dd1c97a56adfbc
SHA256 8319ac8d16072cf7604648c0cf68ceab8dda5d8054b32067a03a299f8d45d255
SHA512 f5972ac1a3601b29eace98b28f2b00b6bbb7e9ce237870e53b7554cbc52f93002c25558297b6fa1af4ee42126d0fd0ea81ca649c9fac8dc8b318ec6dac51d891

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zyhj2ldr.newcfg

MD5 a813d584ed732484edc5c716ad1b8571
SHA1 305fc9593a6d8989f63442af76cd8a90c66c11cd
SHA256 c9a1440e9c8e518dda04df02550fe09e043dc94ebe5206808245df39a425ed22
SHA512 578f64e39466633d9523b43824e10365e96004de810e65d0dcf0d78d7f2f15a3e29a0ba9f59412138a56e0c7720edd60f2752d1b943e055686d19b65a83bde62

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\ftmfcuug.newcfg

MD5 5640ffabffed42252fd9845ea6c39676
SHA1 8ec512b334a32a18733b2a7d9a30fa5b27607110
SHA256 e1c2f6bbf30f062c81b5130e811a47c2be735d8a75b6ce53d9109fa4903e7823
SHA512 23b47ea59c2685e2f4792e3b34988366f75bc416774003e4d12f185eb92c485220bbe37e0ef1148d51b89da939e4d601d7858b8ca223b82c5ec988eacbc379fb

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\spd2jx2g.newcfg

MD5 af61f9ead86dff1b15aa4c9cd24b7081
SHA1 1f45b301846c603ba2c843670d7e12be6fb085ef
SHA256 0790f2ee181f585de8aaf43a2725ea4955b589c073d968d028fdceddac644662
SHA512 fd7b5249486116abdc21738c5806a1121a6b6cfb745ad2c950fbeb2432fe4a2e13078481fc960177426bd9e96d8a7d7181e9dd20bb68cca50302ed509fbb1ded

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\bbgoasdj.newcfg

MD5 8656effdf9859c3160438fa8da784ab7
SHA1 6f68dc84d7c4d45daef46fc1d05b280be68cc58d
SHA256 2c3d92cf68d895cc2c81a5d1752599ecc1374aef23e5fd80d37d74cf1dbc191a
SHA512 2b3aafe605265a1a3b13b23a63e21ac0ab2747ca43ffbd187e364fc39091791a27aeb2c690573c63e795e838677ad7deaf22bee095deeb84a95446b7142e6da0

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\0pzvashn.newcfg

MD5 20a3c7d173e99a876a2831140b9b4fe7
SHA1 17d4442f6d92b28ddb6863ff1a625ada962cf242
SHA256 e869de4fbe06c31fd277beabb6e415dba7103e109d08b4d98d918c63ab20f893
SHA512 7af6c4609309fe8ec7731228d1dffa7ec4c87def93680b8449e33ef535fe3af576c97000746e069d301c422018131ca814dc81374eec7807fdb2ce98ca0ec905

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 991b628d4f9050dde04ee9c9c52808fc
SHA1 83a7d730dc275bc4caf496128a3adc0f42622f33
SHA256 5e155dba64ef96c9032d95d119c1dc59fb99bda90cb9ba062d64a09d14ff046e
SHA512 3adcc34a292c08401f284b59d9042b43414d7af22dee9df2fb169a3f12f438a0d1495724a31e7b821d1b95888768ef04b94c1c31d9afda59d6158a20f67b749e

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\2i2uaa0y.newcfg

MD5 c525b9acfbf367b1917b18f4209a4d52
SHA1 3867797f3669e60c5321b88d2d76126da7d25143
SHA256 f27d422efa4153978cc4e7a4a9a9fa1eb6ccabc278fecc284990ad5eaec916fe
SHA512 634c17f8080fce4f5698ab5ff578fcdcf032863021e6eb557acb9c49e4cfa566114cfcee57896203958cb31af03bc926e11db829913dd890848c8a514696de68

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 594a3b8db3afe733ecec56da16323cf3
SHA1 ea237a61ddc5ff02f06a926b9ec1a5fb51551ac7
SHA256 ba3551845b942a6cbeaf5ff5be80681b835397a2e339196ecaeeed8f87fef58b
SHA512 3d0cc833da3132c89949fa6e7cf79cfd3a1f13f34e55e26f5cf91b4b2ed826f1fbcfbc7964fc01012647ab5297ad89bbb7e6c67c9cb474798ba58ed0b1c2486d

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 99954bad6f7f6e9dc546c9ee5c6a6cc2
SHA1 a467f0e3852c562c05eb84b91b50f124c68ab61e
SHA256 98e3e082709c38e29b8f4ef76962de2c3ee49c0bebb1206da075e89ff31a9bb4
SHA512 a19466885fad6eb133d9b26356716a6eee8080acbbf62ecfd8942a35de6bab49c3202be0e22d135e02822a07175ef5de2fd728a5fb23a460a7d33bcfa00cf8fd

memory/2436-6005-0x00007FF890490000-0x00007FF890D80000-memory.dmp

memory/2436-6006-0x00007FF897820000-0x00007FF8978B5000-memory.dmp

memory/2436-6007-0x00007FF897750000-0x00007FF897812000-memory.dmp

memory/2436-6008-0x0000016DEA680000-0x0000016DECCB5000-memory.dmp

memory/2436-6010-0x00007FF8976A0000-0x00007FF897746000-memory.dmp

memory/2436-6011-0x0000000066500000-0x000000006657D000-memory.dmp

memory/2436-6012-0x000000006F040000-0x000000006F074000-memory.dmp

memory/2436-6013-0x000000006DB00000-0x000000006DB17000-memory.dmp

memory/2436-6014-0x00007FF88EFC0000-0x00007FF890482000-memory.dmp

memory/2436-6015-0x00007FF898930000-0x00007FF898960000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

MD5 6f73ba284c314b3611dc9a4b038d87c7
SHA1 477d00f337956e319474087ca2756c19691555f6
SHA256 0595eb24423c944144f70645c86f260e46fd6412c1dbdf5ce8386a6cb6fa111e
SHA512 bbffc1a5bd0bc359065aa94657bc7952ebb490512ff0aac6df990a5268041393224f653f30f0b20853acd4bdd51c27f335c555274440072df619a1e2cce25d02

C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

MD5 75a6ab019416e5749856d1f29c0ccda8
SHA1 69ae2000e8c09b8e088619c4e93140b8d511f41a
SHA256 8b9f94874c72b0d33985921f52e29baada553a9f80624e4527a4a82af0c92d17
SHA512 0cb125d5bd1e8bf3d883a203df6c0033e7cb0b9497ed42ce4aa4ea9575aebd4cc9f5c02c44a7ccd725de1690d50afc60b81d37f19a175747ac190202f03fc145

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1884449134

MD5 bf6defdde8b70269a61041e71d855c7d
SHA1 5dea507190adc6ea540e4367c4d1a3337e8f81eb
SHA256 a6c94025bf1d3be1e62abca3506f49a26f289aba1208b97a04d5fbcbff85f04a
SHA512 69e1d0699eb8564955dc76f92b38af8afe181e50f967147dec389054530ec58b3f0f15f499168509412ee1d275fecb3364b164ff2efaf8022650335387eefae9

C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.3033424975

MD5 7694684c63a3f0a3e498cbfdf682de8c
SHA1 9c982a87397e0dac7217b0630c7636d8ea354699
SHA256 ecb49eeaaca47d0f0ddc9440bd1655c99001f951e63eb9bd969574dba85b60d4
SHA512 4411f7d263d043724efbbbc9c1c31061aff313d32089c14a4d9fdc92516cf9bc871188318818b656109735bc3fb822e003b87007582126f04d233d12251b97ef

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.2979689528

MD5 7abeafcd67c6ff0487f2da9882a954bf
SHA1 80700e8d03325542f0dfd78788a38f837e48e4f2
SHA256 a20a26ec45668630a17387ff9f794c4d6fae15b34527427e38cb42566508d0bc
SHA512 a30070df3b678b86a9ab7ff1ddf1950ccf92fac8082015eab77077039d45c58aba6bdb803c914bd98e46891aa728f2c42254906643ad016829f0e980b8e52542

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\po0xiw0i.newcfg

MD5 9d7d1e9f9d2deb27c01a724e1069f2b6
SHA1 169f8371c2efdc209ce72398c4699b1fe4b6fef0
SHA256 dcfd028b4131f95c3054545902f924fc34b3c52f79f8c4e6316850528db4f649
SHA512 8179098c960f7897656b442d4fd99fdd0c7adb23d596bd674ebc8d02f679bbd2559510d949b585981431137022676666c8bc3fc7bb8639197530d67c92e5c289

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\muro3ccz.newcfg

MD5 27fbde42b00f0a9c01715251b7035188
SHA1 b05881f2c53bddc746e8c07f7e8df43de9d10b52
SHA256 ad638bef10204cf28b0107dd0af667a89e21fe1d9e05a3a1f1fd98f9c4ce1048
SHA512 290c30ca1662ad1040745222f7ff359b42182c7e9391f87066c963bc68dde2657b6f08ab07ce7a0083f38f816988720a29b96b716f31c8d9a5824d3fc3a519d5

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\UpdatedGameInfo.db

MD5 297a27d82811a3766fa969c297ae1a69
SHA1 af93c3e8ece23361ca24a0542f06bf94d5f0f36d
SHA256 31bb262511246a145c2dfe4e3bb4ac54872e7bf2222807713e8abbff10fd1d4a
SHA512 fa6181019626035562e2aa7f6751dba642ac2067c78f2826e8f5da27f968e98044aee5e4cd7c0a9a03f624475a45c10100bbd59fa8b57aee471c4f6e05d60227

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Updatedindex2.db

MD5 17c5862bac88d5f021422ff9a5cdebae
SHA1 370ae08c4b41577d8eaf17726ba84678ccba8498
SHA256 f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94
SHA512 308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c

C:\Users\Admin\AppData\Local\Medal\recorder-3.818.0\Updatedevents.json

MD5 18e0f66f3d09939d94b9a7c18d23e9f6
SHA1 2e6da2aeab8b647107d36b57ea9a687b46100294
SHA256 9f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32
SHA512 57eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\pw5qckin.newcfg

MD5 25e475da3f0474f3850df860f5390f56
SHA1 3c2f73a4162e18f5bba3436a30befb631d5ceea4
SHA256 8e9819e15413149842865d1b214c56a848f9c35b52d6277ebbbd7ff40a2b6a56
SHA512 2aa1b2e2961afd4e65b7e742fda3bc523d2fb1563cb785215671f8cfdd14a292c5a15b6108c7c1689a02898a30d9ca571c41f13d3bd5ff7cdc4d22fcf8a51730

C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.1169483475

MD5 0d8d560b03158bfd0f251e828f8954cf
SHA1 ad59a080222425281a8810114202c77b221d799a
SHA256 249817a35bfb8694a63e774694aa48072cc8dbf058f2f9f267e73678b4466898
SHA512 5ccc2da369bbcad93202f2df7f78358469935b8139839f2ccfd90e910aaa06bf4650932841cd0ca37d856d0679dc581fec0d25d874644e33777bb30b9726e8f3

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\hz3zshot.newcfg

MD5 55f6f79473fef5cdb6141191b88609fa
SHA1 b69ad3c6f0d0eddc700f48db9109b25a3fa189e4
SHA256 605dd271093b9e956d428a22959a8c1a039854d3f7330000c02991b4c48d6293
SHA512 fcea4ae4a5b4249843159f734fa8422612f95f4b08b41f44b57f4dce91f5cdf6ea81a125b25e9baf0e46149deb56e2db456c3e1b1fa3e17c771630ef08daac65

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\24hz5r2t.newcfg

MD5 65891223196ff7a8a65981d393627455
SHA1 9dfa850d674c1d6a775a5a35d831b14cc75aa1a1
SHA256 940ba892cfe7a54d4534cf8d05b0bf2e6112c88e918b36e6b48be483565099ab
SHA512 f3903f33b244f86cb2e2bc9162fb9f5ed38ccb7770a3718f9ced65c9fc3974497956cb2d3f6f138606a1c64d807b4b6a684e064961f7e06e1f8896e4830fe94b

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\m0ginpab.newcfg

MD5 c812408644361a4278418b18812d7ae6
SHA1 c7f636ce35ad1f814b02df4cd2ff7ceebfa38e3c
SHA256 cfff5a743ffb177b6bfacf403e24b18a51406df83de2f4979318858d9d7d33a3
SHA512 f23facfb3f2d14f25b883daee453dafe7feb468dd948f6024a8b77fb67fd66beaba146e13ea49730c51f388560f66d51f431ac4483c1315bca5cb5832c128cbb

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\zvmensmp.newcfg

MD5 005373147d15f0d7f5d816c5638db613
SHA1 44f91c2826ed0216a6af96d1f62ced8b854b5017
SHA256 5ebf1b4d711f4f118b435e28a1359cf9ca9b6701d8c3098fd7e2b5ceb6247450
SHA512 4296ca2c53468ba4b997bc14e4da844ac4e3e3ea84657bc64c215d596b9cf2107f6c0cc5558b2e8ce5e981a873a24cfcac463c30b0150363a3de5703da410323

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g45oun45.newcfg

MD5 39320e1fa196b4035638e4132047d224
SHA1 fc5752c7a3eb7cac2abe11440cb4fb613ee96adf
SHA256 d77ed113ee7f867538af5ea3b47338ac11066a8458278dbea07c40a4322c3e80
SHA512 1c076208db9270b38bd631f28732063839e975985e060e9d44790f6b92aaee70b392052c8f0c3f3656cda7742d962517c1ea9aee9d623b148b4c8703044a8d80

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 ad99057706dacdf1cf052814d201d864
SHA1 36cd75d281d8efbcf9ec2bd0605e90e8a42a98a7
SHA256 b7091f9eb93d4d21816804a2071e682c48c74e3c3636e3036145c4879905c0be
SHA512 e52aabf4219dc1248c2a827ece6d880f007dbbc675eb6e1009494478f235b1e30981fc3ffa7c2cb745554590c42164f2446bb5b7f4da721d42e771a9eb2d7747

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 7a90407392b790558254ffd114cbd515
SHA1 bcebe707721974bb3c34aaaf618992e16faaaec5
SHA256 66c91d490b77f9919846dd3307e0c158de8d3465dc255afe190f01230abe020d
SHA512 b92bb867e64e0bc85856831b890fc8499c0cce00a38bdbc9670ee535d82965866651ef984d119c187d92911a567587153aa8e199b25f0deb610d612a9c4efa77

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 400084807645bf21292bfee95ac1f409
SHA1 97b066f34c9179a634fd47e4d7d571b3ed34ce4e
SHA256 14f83099f1346c12943587e98b98694ec97dec394941eeeed0361b6c4878d672
SHA512 1f8e58f023759d038e7f0a4d7f496ae68fb9a34224d05d91cd4eedd4180c4bb7c651c98b032a847ebdae894791c875f01ccd8718866dd6a59f7b59f0557952c1

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\kkjkna0v.newcfg

MD5 b5c3582e33215c70abd10db82300a8f5
SHA1 e920b3236969536c7ffccc3bc05c1530f4b61d58
SHA256 1b98e91c882c43bded176d76127f4128450ee8d447e0e274c5d8673175e57445
SHA512 78bfe0a5c1025b1ccb26e8ee282ec2c64e3c05688ecbff4f69da89699a5765d7c7ca6418cd2207cd34302cd687b927a057202514f2f2bf09e7fa2a5488398b9e

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\rqskwbpg.newcfg

MD5 68e509701e6c5810f2ef1e11cb33fb7f
SHA1 fa14eb8326bec7ab80faa1e878efce5641eb3d79
SHA256 f156ac9b166f68b6802a7569fb27d93abdf401d2bc82cbb59c466719e0fee3ff
SHA512 3a2755ea2779c3e1b434789d6dc0dcc1149a6a51c2e9a6ab796f2f44394aa1eff608eb98eed498cf248bb6321797d1456d4a0e2dad2947578886a9b2f8254581

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 7a8bcdcd41dbf91d0e7d92c317043b95
SHA1 bf99eeb933c0968748d8509e8b811eed3f0a8111
SHA256 1e666897581bacb3dd0fdb4e68a5c03a0faf162afd85e7d53ac0602826d897b1
SHA512 5a0ee4f3b0eb59765162dc53a70f3378d44bb399656da2f86f3cd17bca53926aaa37a6532d5f1ca03b321551e94cdd9425258ff43a96b902faf45f68190ea5e3

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 4e442a7e11ee45fd63ef4b4c3ef7bd4a
SHA1 5f419f656228f1179ebabdb54d3cf1f7cc999124
SHA256 1ec477e955a60207fa56335d590acbf57ab300891b3643c6d03686524d902b2d
SHA512 2c5f8e2c329fd7703df11e5d66675bc131cb903728231df515e747fde564c111884ca09a36c7035bdcd9dc5b6293d17e38a46ac38ac18c5f119c068f50351e98

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 610a8303a2176b4e29dce1452c605a40
SHA1 c750a3a58f43fb563879af0f2f6b7474d09bf693
SHA256 0ee682af95d59d06095c633cf5a21dd3d176db43d83ebebbb5cbf885546e6b40
SHA512 7f12a07b47091219b95e01b8396199f1bea1df0b5ad279df1a506a907e5d8cb59fd4b307d87d28763fd60198433915bb62a4aa351ef000b8a2e914cbc6c86cbd

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 22babd7c4abf0022a1704c182aceea35
SHA1 6de91bc5f44be0fe193a7af3e0632d0a2b967f0e
SHA256 2c6af1191fd4591ff634714deecf24b0afb9ab5c59c27f6bba1bfc8eb80a7e00
SHA512 4008d96b066679af23d53e0540619135594b86d6d9245b338df4fab445f364ea37522fef6f67e1665d2ea0509aa5cf41dde6a65862146055e8fe670ae756f1b1

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\5dmuzmyj.newcfg

MD5 d40d22417fe17246bec287155c710d61
SHA1 f6fc6e116e26dc44a5010f56e7f3493370a39028
SHA256 158d4f3739e76e27e44477c0d89075c33760e7f4901a7211db750b58f5509aa7
SHA512 944492f845dd3604e0b4edfbd5bdf8ca29830304bdb5ff11dabc197b333df26c47d10159b0330fcc8c4958bd555fc5177cb4c15ba3d773059b1f63fd82258bd3

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 2f80c9a91127cf5d71aa977839fdb917
SHA1 a5de8bcd83202003734a1ecc5f4265f3b8c4b098
SHA256 5cafe494e8ea05675fee77f18003a71c5f8aaa5d1e5df8617d9a1834518f391e
SHA512 46a0b6255087974311bff97bd13c84e9e3c76d8507f69283315c92ba0af5a4bdb035d2cfc9cbbfcf09f01086fc10e8dc11ffbbb45fc39140482ac99425333543

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 9ca9e3bde1030b4ae7551a83b0b5cb1f
SHA1 e210720a1fbb996da49cefaba5263beaecc629ac
SHA256 8f021454e53081a35a9ee879c470d5814f5198236103985814902c2c3eadca45
SHA512 865722563fe0ccd51c724dab071002f4f6ebde5360897204144dbbbaa223fa71a4ddeef425fd1ef8a81515fea151f7d040a5159efcd76797c50e753b2d46f7c2

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 6955dd6caec21ad3833270782fa48aa7
SHA1 27577d3dd48de1db2aca7422d3d07f4cf6647cdc
SHA256 6426d82db370e00c1dc98c3a4c0b307c156ad284fea7b213250045c3423c6ad9
SHA512 c1e3b0fd4805d1a0e52673e3695af2f7a060643c300fbfd956252bfd644f6754614a091948af82dbea8d0bcaf73caacf564fc12b736a763a7a8af4e7c037bf22

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 d349b0fc8e7ba3c05ad77486de44fbf6
SHA1 d95f7933b6e5b1c5492bbb2cdb3f1490e6d24e8a
SHA256 be07f46be5052b732e23fabf78745e3628466cb05907d5ca83982ba1519d42ad
SHA512 4eeda682b970e6b7c2b779d8832633d8fa13d88e7d6f4ba50e74edb12e438ee74824058d93dfa27f3a79669b36688913e3106039dac370a6af262036d5d9d82b

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\g2e3j2ip.newcfg

MD5 93d160871ac21a4c972125e1534d59cb
SHA1 261d363e401305594a802b23cc71998649b6a1ff
SHA256 f58e4f9e1257f1c6ec3960aeed4d12f0b6d1e2015472b6d84bdfa4ab0564574a
SHA512 941c71b511e3405fddfa31fcea4fe24ece035e67517f7ec9cf0342c3916bbfd087794f04edabeb6fb9dfbe5aabb33b2f6cf5ed1cfa4b2f2432f3a5cc05ba67e6

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\gnszpvf3.newcfg

MD5 17b1ca8545fa2503672fad4a0d8cab4f
SHA1 cb10d57c9f4dd8062ee669e7eb8d196ae501aa8c
SHA256 d16072fa13d867275e3d8721f9f3f5b91144abe4cd32c916eb69ece1a0f1878d
SHA512 60ff76134306fe1dd6e4f1815a47961d89d8bd51637257febfb9a82aeb57ae5482967ef1decbd4d0fb5484780de7f505da5243ba4ccb75e6b4993d18e92301cb

C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.836920394

MD5 9c91830a2ccca45a9c67f22d54dbd9bc
SHA1 961c68182b8a6caaf31a9bff77a62cff6d599f16
SHA256 787b38ea664adf0df801ca69f3ce7d15b379940919b13c80512406daac17b63b
SHA512 8a13ca8c9844e0f3fdbefd06114270ac19acbbe22a423d6f6dc8778f907d68bb5117c0b6deae3fa26e33cf39f0c8a73d85f48933f5d7d6383fa407bfe90d90e0

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 895ccc381a068b5ebcfd561318ba608c
SHA1 c7d2d3d663bec40256ca27b954b5504f454a3676
SHA256 c801ffa6e7cf71f10eb9f08833c7ec002fabb755f69e9fec92a389482dfeb4c0
SHA512 88716470423d520e99b2f540e3f3b52e6ba231a1606fa6ce2296de57f98826a082ded36ff46bdce9285980c76d0c7c774aa7b7a34e96928e97a055b971e73393

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_3d2pk105vbyyim3mezk22hjfedstoodz\3.818.0.0\user.config

MD5 4c419a50cc9fdcf80a011c6fdeadb3b1
SHA1 89bd325e968bb623c425471e04f71e415030ee9b
SHA256 f31a4826a8e3cbe0513aabc3a239f8325f005cb5404baeb7a57ac81f7001117f
SHA512 d1aafaa82ce1f521969f38d4717f2082b2bbc1ecb6b5515294978dee2bbf44ee27d92adb448d74ffe1aa480a6345c1d234855ec9a0bd25011763e5edc3f25df0

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 4f80c077ef8407ab87d333dc55ad9b30
SHA1 c750411bde1b390dc3dfe9b2d01425c5b7cf14f8
SHA256 ab8476472937dfacbdbec756d8641e67594b09dd53cde309ad41b9e1364e6b30
SHA512 c766cca6abf5f52fb93f2600729711a27b3ffa03129b80c6279d35ba649c7fa5f48e6c7489318136a34eef631d253d4104763eb873e7fd7737ebfb229e5f99d3

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 c9fe6c769aaa296cc9a351b11c1107ad
SHA1 ceb568cb12a48718e8969bace8a756fef2d82269
SHA256 db7953d8eb3fcf4257b69d0f3b276f09355a24ac0f05f766923a304d10fba4ad
SHA512 21f6dd5cba36608279dcfac4d7d1d4b701c25378e648f17be9c65e6b7b58f614c2fe410b047fe9ec983fe971c80e0b2c639b6d418a7d7599756f4a9e0d03d16a

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 5054cb1ad9c51e458ab7b269d49814c3
SHA1 9509c28cfd523b863835f1429ffaf258d049b109
SHA256 2e527a20cc06b2c42330fd0bff0686706cab3ebeaeb037ee0c5535d7b3173083
SHA512 4d1f4acef6bca053b29d5d08c8aebd121de2553002beff16760407a45b39cab0a0da0483af9f99243720989d6d6295c1c4be78da1ec8558c75cd3af0a4897bba

C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

MD5 3c8fd983d66f35e016defe2ec41ea9bd
SHA1 478747493ab99eac17541c3a3da94eb378584ea9
SHA256 b92a6a00e7aa146549a4352b8e0063107efef4a0dae3972a9ac072588156fce6
SHA512 17810eed41d680288fcc56d683dec768c91d863c436f10cd079aa2f7b105644994ce44f741aa613b551c6b6ca06e4d705ed05374c595501f459c51d13fa9f622

memory/1864-7557-0x00007FF890490000-0x00007FF890D80000-memory.dmp

memory/1864-7559-0x00007FF897750000-0x00007FF8977E5000-memory.dmp

memory/1864-7558-0x00007FF8977F0000-0x00007FF8978B2000-memory.dmp

memory/1864-7560-0x000001FDACB00000-0x000001FDAF135000-memory.dmp

memory/1864-7561-0x00007FF8976A0000-0x00007FF897746000-memory.dmp

memory/1864-7562-0x000000006F040000-0x000000006F074000-memory.dmp

memory/1864-7563-0x0000000066500000-0x000000006657D000-memory.dmp

memory/1864-7564-0x000000006DB00000-0x000000006DB17000-memory.dmp

memory/1864-7565-0x00007FF88EFC0000-0x00007FF890482000-memory.dmp

memory/1864-7566-0x00007FF898930000-0x00007FF898960000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

MD5 d4f2a60afa0606dd4373f448007b3bf3
SHA1 c2272f0822cd8f20b5e6ef2ab389bb0f0d05422d
SHA256 3b0b66c0734067d0002951a2dd923d2bdfe7c16636c7476e134922ead1212e7f
SHA512 1c99012d27285dd79c189639df4e1e2c7ebae1364596f5d0fc291c95d3d861de88dc874164e73bdf2cbfe53c8bfb33376a1cf08d997c63c8041c09a78e8e0f8f

C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

MD5 fae1e6f41730c4fea299014197e10705
SHA1 ed0cb9f7b9b4bc89614ed35fd88ba3b1f885b9f1
SHA256 dd3b8464988572987b6877dd39d54af331a39a6432a33a376df89c93704a9ec3
SHA512 5f598d293be11df3a154a6fe70281ced5eed5c59ed1ca3733581f6487240300b8fac4cc3c41019c071b189289e66902810a04bd8fb218afa8bd30f43900178ea

C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

MD5 efe1ebcad1952cf1012350baae6813f0
SHA1 bd6079ccb9e772e343265aa091ebf240cf53be03
SHA256 43b326c1eb70d7d90c44b988e6943627801b1d7ad5f54f281976aa79b7d74aa0
SHA512 566ff7384b1bf8ee41d7b8774be518dddf74a67c39dd66436d534d2070e5e9571d62ce13b050db09582b11d9284754bc433e817cfa3057cd91764bee6440842c

C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

MD5 a4ce8f459fc3615a2717f3a7a1f5ddac
SHA1 ca831dc1b08fa214d42e4cdb639c5977f101c489
SHA256 9ed3ed69aec326d675c04ce075e9cead064f31d255352a6ce839695468617857
SHA512 c2ddce8dfb11374de32db1884046f90e43c7f2b743606f3513dd825397fb74c8e759deb9529cc8fc2cf260c9773d625b71e6320d79f6e87136f26c949aa461e2

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-04 13:29

Reported

2024-04-04 13:38

Platform

win10v2004-20240226-en

Max time kernel

92s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3660 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 3660 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 5072 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
PID 5072 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe
PID 5072 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 5072 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 2968 wrote to memory of 3724 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2968 wrote to memory of 3724 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1848 wrote to memory of 2856 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1848 wrote to memory of 2856 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 384 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 4324 wrote to memory of 432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4324 wrote to memory of 432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 384 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Windows\system32\cmd.exe
PID 4228 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4228 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\Update.exe
PID 384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\Update.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe
PID 384 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe

"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjI2MDYxMjE5LDEsbm9yZWY=.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --squirrel-install 4.2378.0

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2378.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x508,0x514,0x518,0x4e0,0x51c,0x7ff63aa71898,0x7ff63aa718a8,0x7ff63aa718b8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"

C:\Windows\system32\reg.exe

reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController

C:\Users\Admin\AppData\Local\Medal\Update.exe

C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=2036,i,9196610571524264587,9503335970829697244,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

"C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,9196610571524264587,9503335970829697244,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 cdn.medal.tv udp
GB 104.86.110.209:443 cdn.medal.tv tcp
GB 104.86.110.209:443 cdn.medal.tv tcp
US 8.8.8.8:53 sentry.medal.tv udp
US 104.18.162.67:443 sentry.medal.tv tcp
US 104.18.162.67:443 sentry.medal.tv tcp
US 8.8.8.8:53 209.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 104.86.111.153:80 apps.identrust.com tcp
US 8.8.8.8:53 67.162.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 9.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 57224988f28efe075be1ed9d9dd96a19
SHA1 dc77165aadda56a212c999b6ce668ad020d6a920
SHA256 25b35db89d1d4bb7fbc719f5ee37d0578cd0ab0559585c45c33f2721b13a8123
SHA512 37968b63e2e6e843207359de06bbd3160b509d8a0de780a4908863747940730e222923241472cf7c3e897985b71e4c98a0e4a5e67205ad240b37c8bfc27d6188

memory/5072-9-0x0000000000840000-0x0000000000A16000-memory.dmp

memory/5072-10-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

memory/5072-11-0x000000001B7D0000-0x000000001B7E0000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 61792456a528e8d4e83c5d79cbb011f8
SHA1 f32f53deb042cb86e2141bbcab1724dbdb46da74
SHA256 9419ef6b8e251e3f04ddb39f43ccc7a77b5e9827f411f0c8bbb0fb6e9f305cf8
SHA512 c8f0d74a05160224f05a85e8573f8e292ea2b444ccb374458a5ae9dce0ea4078d6bb5dac0079af056c4e21a0e9dbf77986d6f8adfa254483b74ff3e7c0820db8

C:\Users\Admin\AppData\Local\SquirrelTemp\Medal-4.2378.0-full.nupkg

MD5 1f1afe3eaa19389e2923984d2e575218
SHA1 348302752f6869aa2b9b67e891847d8939c18199
SHA256 71f1bd8cf6b61d7b11a59e0abcc28583e8c092b6b6ef80b36f438ba9caab302f
SHA512 5622fc962efa3e14f19798c1cc0e734eff28168424f9d1042122947bc895ef57bef8438a5ab1ad8505507d5fcc55514e3d66bf532481f162ebe2d17c068ef428

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

MD5 ea817882455c03503f7d014a8f54f095
SHA1 dd164bc611bca7ba8ead40ec4c2851081e5a16b9
SHA256 1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39
SHA512 0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

MD5 dfb2813673ea5279a9aa7305e5fe33f3
SHA1 6e6491c1ab3389433d1b39a33b3ac8760649a2c8
SHA256 5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe
SHA512 53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

MD5 b0adfc74c8e51ce2ab659bfc13752ed3
SHA1 1b0879db53a00bbfeddcfdc0c190901387bab7bd
SHA256 a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d
SHA512 4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 614c451436d08f584b631455ae01932b
SHA1 f343b42ad4729d575daac5af1344313959428454
SHA256 551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244
SHA512 8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c

C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

MD5 4fe78278c727ca838a6b0a8b5d2fc924
SHA1 7eba94ab9295e387f43fba20fcb79bc3db1dde64
SHA256 af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45
SHA512 ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

memory/5072-1282-0x00000000209F0000-0x0000000020A28000-memory.dmp

memory/5072-1314-0x00000000209C0000-0x00000000209CE000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

MD5 4c8fce7c4f0bee30b8f03d94fba5b66c
SHA1 4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5
SHA256 bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466
SHA512 0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

MD5 4ef9928ec21c398681ed3357aa400c48
SHA1 5bafcdf7c4ff860ce7f94c5260159e7bf063243b
SHA256 ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0
SHA512 c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\squirrel.exe

MD5 de69057f909c088b393d2084b7797b50
SHA1 7fc6b978d405b752584485840b88f785df06af37
SHA256 e9a3a9d5dcc3644a043354164a6d736260b9417dad144cba7264bdbd4f988488
SHA512 059146702f4903bbcb434c42ced3b57ad636fb38a8665c7956824d08356c819413027bdf6e4a829555f1c354568c01028a8104388e3cc55a254042663cff2b60

memory/3968-4088-0x0000000000DF0000-0x0000000000FE6000-memory.dmp

memory/3968-4091-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

memory/3968-4092-0x000000001BC60000-0x000000001BC70000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\Medal.exe

MD5 36f4fecf0ae0e64d7e96a8e2654acc60
SHA1 9ddca82682f8edb3362beafff15c4f975c0c1d47
SHA256 c8c7ef2267391bb3498e27454bd5ec277672a47d63096d9e33e124b6235bb58d
SHA512 94b60d2c6c8767bdbd2a4cf997ccf3ffc690419453543194b363c15695934675ff15ed7686ac77c53602ecfed32fe6431eb55b5bd2a42202597df92223de449b

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\ffmpeg.dll

MD5 ee8851a16185d4a89cbb050f41850bf6
SHA1 249cf372165a99f83f08586b2da048da6a100a5c
SHA256 ff58a1a30d30d178f35bed269d4536b835f8ad07ddc791d3d5bd8652b8f0f266
SHA512 85546e191d183b4576fcc91408f2f1f285b5eab9a077cb6cc93315b4d798b016e3d45707a1e6171fa49cd5e0c55c4586d60c65d800d1736a7d3b6b630e26ebc1

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\v8_context_snapshot.bin

MD5 6503b392ac5c25ff020189fa38fbaecb
SHA1 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b
SHA256 add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470
SHA512 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\package.json

MD5 9bdfdca3e22b43f399180dc40f053fdb
SHA1 1533e72ca0202b900b90e209c4385affd458962f
SHA256 b33596e8a1f8875749690db291c8990b34cdfc4a4ae4196023b77a2a3c24117f
SHA512 b76997231495b1cd07b8d4e992602c04a10f29d52ee5feda863097b7985d5a97a572ea32924749f8c0a5d5ff2a1581a72516552911c26e592d6bb7b677fceeb8

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\main.min.js

MD5 f3685735e0d27d4dfbc0e4e86769d4ea
SHA1 61944c564aa7c0b60812ef9d26e6114ac608f83d
SHA256 8c1a4470a25dba99f997a7d9de66afedf67f3312d419b15f4316f7d921ce76cb
SHA512 e60a6ad57ea46251c4710e3611b2bbf9b440464b0060e41735171c51e14a0a988c482c652cbf527722773b3b133e92da24534a47f7dd0d8408d8f20d8976841c

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\index.js

MD5 5e2fbb9d655e0dd204e8d211ec1b4d0c
SHA1 440dc879e7fb836d97a5f5a40f016bbaa1b7f588
SHA256 8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9
SHA512 d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\index.js

MD5 fddcc2097091479666d0865c176d6615
SHA1 55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694
SHA256 55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c
SHA512 252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\lodash.js

MD5 bbb588cc4360df5d317ebff5f5c1ac9c
SHA1 03d60d1510d24a952ff370b77035b031a87c4158
SHA256 4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54
SHA512 da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\index.js

MD5 d98f7c699c54e0e90f408a44feb3188b
SHA1 0ffd660201ce0749053d108c53e5606b9da158d6
SHA256 e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7
SHA512 7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\version.json

MD5 21c428fea6bd57296e3d92711ca7eb0d
SHA1 ec301b512cfe223b839d708e5098fcd57f6155ef
SHA256 91a2b97d5ee0dc5f526bb03879c10e301699c5ae4db9cb744489050abf8b1b7d
SHA512 de0d88c77a7a6a0994cf5625f031d94bd1dcf6bc2eacc76f8ff36a762f872f271fd20bb5c062308bc39ed67c7f68668144974aa09b86b28fb3df6cbec64ed63d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\file-uri-to-path\package.json

MD5 65f30030f0e7b2eff552eaabd8bb1fe1
SHA1 5dee8a540c467ffbf9025481180c77a06a9f46f2
SHA256 71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0
SHA512 763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\bindings.js

MD5 13c05ea1a2f638b707aa56eea958810c
SHA1 c93878e75a9f0545f73aa8d6fba3a761c4ceda36
SHA256 8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6
SHA512 f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\bindings\package.json

MD5 17005447df8440e0e386849b8fa2b682
SHA1 14bbbadeb1307b1f711ee10093d5b46a7889677c
SHA256 a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c
SHA512 a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\dist\async.js

MD5 8e1598d40fb098345d3a535b64283ded
SHA1 69a84082a52a16bb9d3842729265d6d852687631
SHA256 df034df3912bed7ddc43844d7318c6aa82fbb90046053e8b97fbe1d69825d153
SHA512 5c50096857817ab1799891876f1b84d4ed245cd9a7488e23cbf6e69e514eee0220b1c00b4c262ffa8ae8ae81421c11496f3b1459d590b4c646c1aec1736aa828

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\async\package.json

MD5 f61c8b5330d5b02b636e3bc1f919b38d
SHA1 435a1425e76245b3817da540d9184b6392ecda71
SHA256 e77ef78b8bb1e7e441778f069a7b1e5d394ac1b5f1b06e6eecce9bcb89a148d7
SHA512 49cc14e13a4772ebebd4358437d94f704198014f2fea96b87d3178c80478067791d4b4462f54c34cb5eee1c3bc54457e5eda9f97e220f98b0d2523a5c8c68bdd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js

MD5 67711547b1766f72c279f23cb8e6cfeb
SHA1 2b404eb9de9b81bc5a758a18244d66e497ec06e6
SHA256 7f1cb3728c432ce4f796f7d70fa44d17383811e4028cd3ad35b340599cf05f61
SHA512 16ad783d56a6477e141a0b0479f0f87c63dd571996490692fbed8b8ee422d33a1625f5a4aaafd7e29fbc45e71ca73c8c85cedad961abec39f7131f428381708c

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\index.js

MD5 f1d2cfebcfeb0bbebdc649f14c890cd6
SHA1 94a1d57b67c83c95d48d4fcde53942f012518d42
SHA256 fc780fe9c792729536e92b506ea20d642e9135ba2f0891c04e3a7965bc52c524
SHA512 8c2302557596fc99dcb48a68fac45128ca1c4676be33bcd47505b57b0150c38895462f48148e48d0205bd0d78a4c972d81b811d1085f8da6f78f18c2e73a0dfd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\node-gyp-build\package.json

MD5 bc1654a40e474095d945850841a17ecc
SHA1 ee2b067153f014a2616eae1a1fb1cd1f763b5ec8
SHA256 1e44359c41302af8cf600363c7346d2011edb7125cd05af8114aff0f780eb889
SHA512 2191604f3073af1798dd6fe460056aa3d75dcce02b24e331c112bcfd5e8630654f8a9dd3052174ccb1ef9ea770b2884f195e6b30b484f7741b7c7fc216db5109

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\blake2b.js

MD5 6d4fdddbe0e3df6ede11846ac2d9f104
SHA1 16ed563b7e5eb247279479de76bea594fab392f0
SHA256 ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9
SHA512 f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\index.js

MD5 b792856285e9760aac0ca447b4cdad32
SHA1 c3f23229d5855aa849565a6f4dee345b4471e53e
SHA256 7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64
SHA512 a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\b4a\package.json

MD5 0d8a61020dfcd3eacd3203aac69c4758
SHA1 9aaf999e183e6a5a65bc8d7ac4bea3f99be250e3
SHA256 eb9b447bd66da6845b8c637526f65f9c792bcf8c242e9c1ce4f78f3b474b2445
SHA512 2c0addcbd2b57d28eb13ac9faa64aa9b741c4797e97afffe12341d803aa34403fcee226604bf3407246349f8bcd21faf76198b8c2a609ec682ee93c98d258d08

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\index.js

MD5 b1c4d73faad73d98b01810cde1eb52fb
SHA1 67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce
SHA256 0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd
SHA512 bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b-wasm\package.json

MD5 85f6234e8249e84f2a2361d5142707a3
SHA1 d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef
SHA256 5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541
SHA512 e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources.pak

MD5 f5ab76d2b17459b5288b6269b0925890
SHA1 75be4046f33919340014a88815f415beb454a641
SHA256 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA512 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

memory/2716-4176-0x0000000000C20000-0x0000000000C40000-memory.dmp

C:\Users\Admin\AppData\Roaming\Medal\store\store.json

MD5 3068cf68ceb904bca747668350ce56cf
SHA1 4004e3a47e8ffb7ba5223ac1545bae0db02242cc
SHA256 9571666c801a754c3148e943460195a6c7734dc97ee94c3ea37fbfc1f2944eca
SHA512 f2da550c64d0eb5b8b8e9c60dfeab8a8c34fc6b3548cf33979e376a0c57ec074fb426ab5e37503ddc26cc4f907e74ea40e9400d7e02aa05f35f95e8cb6de261b

C:\Users\Admin\AppData\Roaming\Medal\store\store.json.116269056

MD5 1567fb48d4121c4877b3dcc7df8a2df4
SHA1 364fd279d8a7860b749efcd3e1316fc19126b7fa
SHA256 0601e12abb754c04d9b8fdc1f53c84c044fa26ffb571575e476971b1edc26086
SHA512 785a6d73465f4e73c29febad4eb107ba5c07a1961b78eec8def4289c15ecf223b0fd41d745a76e9ce765a206519bed41bcb857db6bd3df8c72e298aa048839db

C:\Users\Admin\AppData\Roaming\Medal\store\store.json.2831386690

MD5 c7f1a15b8d4eb24b1ba330880e4ba8e4
SHA1 bedb427cfe601875c9f600794088726e7595efab
SHA256 e50b69776a36c43b20fcdef8ab0c1f70c11dbb500c68f7c4759aff9959ee1d2c
SHA512 1e5b7df1846044e53f4043db77012769b7c157bd1eb5bc1fad818e17ef631818767c605d984bf7def768abec4db97a76ab18e63edbffb2b83bb800d5089bde57

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/4784-4167-0x00007FF9CEC70000-0x00007FF9CEC71000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

memory/2716-4153-0x0000000000BF0000-0x0000000000C00000-memory.dmp

memory/2716-4152-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\index.js

MD5 44d45c7081a567a4d0cb4bbb36bf6be6
SHA1 69a7954eab536502b052557d5911acb9de503dad
SHA256 5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb
SHA512 0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\nanoassert\package.json

MD5 de6935b833716ef4d703b58e188ace78
SHA1 01cb598615db0cb08979b3ff1e4324d047eb1fa0
SHA256 2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd
SHA512 b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

memory/2716-4251-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\index.js

MD5 350e95a4d11b533abbd5d4414d38005f
SHA1 37f2bb772cc953169bbfc13087b13ba6952ed8b3
SHA256 89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064
SHA512 8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\blake2b\package.json

MD5 88595359281788f64142b0938af3f9db
SHA1 d35800917d86c3d104b9142926e9daa2ba4bf3dc
SHA256 47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870
SHA512 a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\lodash\package.json

MD5 188f386c15507c982c3e0d5a2db5b60d
SHA1 2c1ec9f730323c72f6f76e73f48b24902cc853c2
SHA256 8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2
SHA512 a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\index.js

MD5 83c46187ed7b1e33a178f4c531c4ea81
SHA1 ea869663486f513cc4d1ca8312ed52a165c417fa
SHA256 e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9
SHA512 51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\ms\package.json

MD5 a682078f64a677ddad1f50307a14b678
SHA1 c290eb97736177176d071da4ac855ab995685c97
SHA256 1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40
SHA512 9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\templates.js

MD5 790b7b8bf5ed00feffce05aac1c79492
SHA1 5ac0afae48c626cc6474268c725342039e5e5ef0
SHA256 6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f
SHA512 2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\stub.js

MD5 62063cc3b8565061daaddf496dd15731
SHA1 206166851431982536333b4a1b9c31f9e5111295
SHA256 3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6
SHA512 a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\dist\index.js

MD5 d359d8698706d059e14b6f3eeedced8c
SHA1 9acb5276a78ed09acf81a62e1db439217aff85cf
SHA256 6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773
SHA512 f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\electron-deeplink\package.json

MD5 16fd5b35f0cbaed2b0b719e69f9f5a4b
SHA1 7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4
SHA256 9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c
SHA512 a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\lib\mappingTable.json

MD5 26c6da7a34c8a051a60b3592287d3fea
SHA1 6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da
SHA256 b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff
SHA512 8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\index.js

MD5 7d598c8605e26cafe489544f1730d380
SHA1 02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4
SHA256 8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e
SHA512 f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\tr46\package.json

MD5 36ce158498fb4f35c9a42edb60665bbe
SHA1 49c76b0a075effa9325c17f55c4d6472ddf3c7a9
SHA256 615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779
SHA512 676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\node_modules\ms\package.json

MD5 b3ea7267a23f72028e774742792b114a
SHA1 fe112804e727b4f3489e9a52900349d0a4ed302c
SHA256 3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757
SHA512 01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\common.js

MD5 28e94a3cc7d081498bea5ced383038f6
SHA1 c9707394c09387b56864a8865158d29fd307774a
SHA256 c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37
SHA512 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\node.js

MD5 6e63fda079262f01e14f03bdf77146c0
SHA1 481608e3c95722f3a474336e5b777a6a521e76f9
SHA256 f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA512 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\src\index.js

MD5 d6c53f5a0dd8f256d91210ad530a2f3e
SHA1 0f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256 aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA512 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

C:\Users\Admin\AppData\Local\Medal\app-4.2378.0\resources\app\node_modules\debug\package.json

MD5 2630a1ac039c8970c8fb0daf0f2f03c4
SHA1 ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7
SHA256 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb
SHA512 a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

memory/5072-4288-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

memory/5072-4289-0x000000001B7D0000-0x000000001B7E0000-memory.dmp

memory/3968-4290-0x00007FF9B01D0000-0x00007FF9B0C91000-memory.dmp

memory/3968-4291-0x000000001BC60000-0x000000001BC70000-memory.dmp