53e376fe5e59b9a08984e140714e100abb7e74c81ac3b75234100133db23d553

Resubmissions

24-06-2024 18:39

240624-xayzzazeqj 5

24-06-2024 18:31

240624-w6a3cawgma 5

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe
Size

142.4MB
MD5

28ca06cc85b466f8de666c6527b72322
SHA1

d1c6bc45ca4e885123fb793659601d8886cd930d
SHA256

53e376fe5e59b9a08984e140714e100abb7e74c81ac3b75234100133db23d553
SHA512

323b0216e4c4780c8fe8135a3c5f2d76fa532e5390a3242e78c6aaa705bf651b4c0f47e6fe778bbb50fcb45f0e00a1183e254d56eee27a26199135f9d04367ee
SSDEEP

3145728:FgNnsZIwpGgvmki0xPP0QNPvT9B5SrQNCE2w/84FcLV9b42+RQNGfN:F08Iwsguki0ZrBVquCEg4FK9b42xeN

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	Medal.exe

Executes dropped EXE 8 IoCs

pid	Process
2044	Update.exe
3020	Squirrel.exe
1304	Medal.exe
1248	Medal.exe
2372	Update.exe
2408	Medal.exe
332	Medal.exe
2984	Medal.exe

Loads dropped DLL 22 IoCs

pid	Process
2972	MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe
2044	Update.exe
2044	Update.exe
2044	Update.exe
1304	Medal.exe
1248	Medal.exe
2408	Medal.exe
332	Medal.exe
2408	Medal.exe
2408	Medal.exe
2408	Medal.exe
2372	Update.exe
2372	Update.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe
2984	Medal.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3008	reg.exe

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Medal.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1304	Medal.exe
1304	Medal.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2272	WMIC.exe
Token: SeSecurityPrivilege	2272	WMIC.exe
Token: SeTakeOwnershipPrivilege	2272	WMIC.exe
Token: SeLoadDriverPrivilege	2272	WMIC.exe
Token: SeSystemProfilePrivilege	2272	WMIC.exe
Token: SeSystemtimePrivilege	2272	WMIC.exe
Token: SeProfSingleProcessPrivilege	2272	WMIC.exe
Token: SeIncBasePriorityPrivilege	2272	WMIC.exe
Token: SeCreatePagefilePrivilege	2272	WMIC.exe
Token: SeBackupPrivilege	2272	WMIC.exe
Token: SeRestorePrivilege	2272	WMIC.exe
Token: SeShutdownPrivilege	2272	WMIC.exe
Token: SeDebugPrivilege	2272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2272	WMIC.exe
Token: SeRemoteShutdownPrivilege	2272	WMIC.exe
Token: SeUndockPrivilege	2272	WMIC.exe
Token: SeManageVolumePrivilege	2272	WMIC.exe
Token: 33	2272	WMIC.exe
Token: 34	2272	WMIC.exe
Token: 35	2272	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3060	WMIC.exe
Token: SeSecurityPrivilege	3060	WMIC.exe
Token: SeTakeOwnershipPrivilege	3060	WMIC.exe
Token: SeLoadDriverPrivilege	3060	WMIC.exe
Token: SeSystemProfilePrivilege	3060	WMIC.exe
Token: SeSystemtimePrivilege	3060	WMIC.exe
Token: SeProfSingleProcessPrivilege	3060	WMIC.exe
Token: SeIncBasePriorityPrivilege	3060	WMIC.exe
Token: SeCreatePagefilePrivilege	3060	WMIC.exe
Token: SeBackupPrivilege	3060	WMIC.exe
Token: SeRestorePrivilege	3060	WMIC.exe
Token: SeShutdownPrivilege	3060	WMIC.exe
Token: SeDebugPrivilege	3060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3060	WMIC.exe
Token: SeRemoteShutdownPrivilege	3060	WMIC.exe
Token: SeUndockPrivilege	3060	WMIC.exe
Token: SeManageVolumePrivilege	3060	WMIC.exe
Token: 33	3060	WMIC.exe
Token: 34	3060	WMIC.exe
Token: 35	3060	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3060	WMIC.exe
Token: SeSecurityPrivilege	3060	WMIC.exe
Token: SeTakeOwnershipPrivilege	3060	WMIC.exe
Token: SeLoadDriverPrivilege	3060	WMIC.exe
Token: SeSystemProfilePrivilege	3060	WMIC.exe
Token: SeSystemtimePrivilege	3060	WMIC.exe
Token: SeProfSingleProcessPrivilege	3060	WMIC.exe
Token: SeIncBasePriorityPrivilege	3060	WMIC.exe
Token: SeCreatePagefilePrivilege	3060	WMIC.exe
Token: SeBackupPrivilege	3060	WMIC.exe
Token: SeRestorePrivilege	3060	WMIC.exe
Token: SeShutdownPrivilege	3060	WMIC.exe
Token: SeDebugPrivilege	3060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3060	WMIC.exe
Token: SeRemoteShutdownPrivilege	3060	WMIC.exe
Token: SeUndockPrivilege	3060	WMIC.exe
Token: SeManageVolumePrivilege	3060	WMIC.exe
Token: 33	3060	WMIC.exe
Token: 34	3060	WMIC.exe
Token: 35	3060	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2272	WMIC.exe
Token: SeSecurityPrivilege	2272	WMIC.exe
Token: SeTakeOwnershipPrivilege	2272	WMIC.exe
Token: SeLoadDriverPrivilege	2272	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2044	2972	MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe	28
PID 2972 wrote to memory of 2044	2972	MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe	28
PID 2972 wrote to memory of 2044	2972	MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe	28
PID 2972 wrote to memory of 2044	2972	MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe	28
PID 2044 wrote to memory of 3020	2044	Update.exe	29
PID 2044 wrote to memory of 3020	2044	Update.exe	29
PID 2044 wrote to memory of 3020	2044	Update.exe	29
PID 2044 wrote to memory of 1304	2044	Update.exe	30
PID 2044 wrote to memory of 1304	2044	Update.exe	30
PID 2044 wrote to memory of 1304	2044	Update.exe	30
PID 1304 wrote to memory of 1248	1304	Medal.exe	31
PID 1304 wrote to memory of 1248	1304	Medal.exe	31
PID 1304 wrote to memory of 1248	1304	Medal.exe	31
PID 1304 wrote to memory of 892	1304	Medal.exe	32
PID 1304 wrote to memory of 892	1304	Medal.exe	32
PID 1304 wrote to memory of 892	1304	Medal.exe	32
PID 1304 wrote to memory of 280	1304	Medal.exe	34
PID 1304 wrote to memory of 280	1304	Medal.exe	34
PID 1304 wrote to memory of 280	1304	Medal.exe	34
PID 280 wrote to memory of 2272	280	cmd.exe	36
PID 280 wrote to memory of 2272	280	cmd.exe	36
PID 280 wrote to memory of 2272	280	cmd.exe	36
PID 892 wrote to memory of 3060	892	cmd.exe	37
PID 892 wrote to memory of 3060	892	cmd.exe	37
PID 892 wrote to memory of 3060	892	cmd.exe	37
PID 1304 wrote to memory of 1280	1304	Medal.exe	39
PID 1304 wrote to memory of 1280	1304	Medal.exe	39
PID 1304 wrote to memory of 1280	1304	Medal.exe	39
PID 1280 wrote to memory of 3008	1280	cmd.exe	41
PID 1280 wrote to memory of 3008	1280	cmd.exe	41
PID 1280 wrote to memory of 3008	1280	cmd.exe	41
PID 1304 wrote to memory of 2440	1304	Medal.exe	42
PID 1304 wrote to memory of 2440	1304	Medal.exe	42
PID 1304 wrote to memory of 2440	1304	Medal.exe	42
PID 2440 wrote to memory of 2724	2440	cmd.exe	44
PID 2440 wrote to memory of 2724	2440	cmd.exe	44
PID 2440 wrote to memory of 2724	2440	cmd.exe	44
PID 1304 wrote to memory of 2372	1304	Medal.exe	45
PID 1304 wrote to memory of 2372	1304	Medal.exe	45
PID 1304 wrote to memory of 2372	1304	Medal.exe	45
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46
PID 1304 wrote to memory of 2408	1304	Medal.exe	46

C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjQ1OTQzMzUzLDEsbm9yZWY=.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:3020
- - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe" --squirrel-install 4.2452.0
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1304
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2452.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x370,0x374,0x378,0x368,0x37c,0x148b81898,0x148b818a8,0x148b818b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1248
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:892
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:280
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1280
    - - C:\Windows\system32\reg.exe
        
        reg query HKLM\Software\Microsoft\Cryptography /v MachineGuid
        5⤵
        Modifies registry key
        
        PID:3008
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2440
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:2724
  - - C:\Users\Admin\AppData\Local\Medal\Update.exe
      C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2372
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 --field-trial-handle=1388,i,13572989682700492243,310587797377426535,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2408
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1560 --field-trial-handle=1388,i,13572989682700492243,310587797377426535,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:332
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1056 --field-trial-handle=1388,i,13572989682700492243,310587797377426535,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\index.js

Filesize
386B

MD5
5e2fbb9d655e0dd204e8d211ec1b4d0c

SHA1
440dc879e7fb836d97a5f5a40f016bbaa1b7f588

SHA256
8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9

SHA512
d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\main.min.js

Filesize
7.5MB

MD5
cfef120ec426459eca2961abe0814467

SHA1
f902e5ef957793740ad600b30f55d4325c794f20

SHA256
0e1b1e6ecdf1f143f4de72cb4b0e8d267cf1b621a4733940e08017d5aa987d45

SHA512
ef1e03074b42f55694a3e664a1c7c8e1d90b8b66ad51a28f6fb4864433bfb834aacd956b44ab06d575bee401f877c89749041a68b48d7148cd411e9bb97dd2c7

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

Filesize
1KB

MD5
ea817882455c03503f7d014a8f54f095

SHA1
dd164bc611bca7ba8ead40ec4c2851081e5a16b9

SHA256
1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39

SHA512
0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

Filesize
947B

MD5
b0adfc74c8e51ce2ab659bfc13752ed3

SHA1
1b0879db53a00bbfeddcfdc0c190901387bab7bd

SHA256
a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d

SHA512
4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

Filesize
263B

MD5
dfb2813673ea5279a9aa7305e5fe33f3

SHA1
6e6491c1ab3389433d1b39a33b3ac8760649a2c8

SHA256
5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe

SHA512
53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\async\dist\async.js

Filesize
219KB

MD5
1257b1d9deaebe158498a18320cb5206

SHA1
6658b0192f5224d10475378ee50ce927b8b99f13

SHA256
caeea733f6f61bb394a1a5f71d8bda604765dcc9aea0f0a9a0e54243a1d4c7e8

SHA512
244bb4cc9a386415f1ff15392c92ffab5ceee43b78bada2f9836809b015738347cc781c8ec1eec97dd17d8a00e59d100079f7a6f9fa9790dc84f07ce64754fb1

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\async\package.json

Filesize
2KB

MD5
8b25d829d53060e8c855b44bf9f0a163

SHA1
fba8834d773d13fc6c9c74a1ea3ffd013859d7a1

SHA256
ed7622386e4427bbdd4eb08c09c0aca9bcc1d739becdfb421b2cd19c76dae308

SHA512
43427701fb7eaac7fd06ef99ff86cbf5c2a27d0ca28d5bf95b3b9cb0469b00a39dc81afee2d7d2dcb22ec0aef2dd4cc36e01c241ee507865f31be5377d3d9b2e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\b4a\index.js

Filesize
3KB

MD5
b792856285e9760aac0ca447b4cdad32

SHA1
c3f23229d5855aa849565a6f4dee345b4471e53e

SHA256
7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64

SHA512
a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\b4a\package.json

Filesize
701B

MD5
530ee244b7c2df2e16d152d4dbe039d5

SHA1
6b5e6be8639f0c3f9828fcae1d2bbae7344edde0

SHA256
287e126e6500f191066f1865ef155a4dd668ad08c177d42821a77a52e0202604

SHA512
5401f101832ba756eb7693751cd857349aef42052ae2c0d29c886fe514f74c356ffd8f4c0dac95508a801c7b8d6b2dbb515f3388c96c63b9ae844e37bf4024b6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\bindings\package.json

Filesize
660B

MD5
17005447df8440e0e386849b8fa2b682

SHA1
14bbbadeb1307b1f711ee10093d5b46a7889677c

SHA256
a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c

SHA512
a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\blake2b-wasm\blake2b.js

Filesize
11KB

MD5
6d4fdddbe0e3df6ede11846ac2d9f104

SHA1
16ed563b7e5eb247279479de76bea594fab392f0

SHA256
ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9

SHA512
f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\blake2b-wasm\index.js

Filesize
4KB

MD5
b1c4d73faad73d98b01810cde1eb52fb

SHA1
67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce

SHA256
0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd

SHA512
bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\blake2b-wasm\package.json

Filesize
782B

MD5
85f6234e8249e84f2a2361d5142707a3

SHA1
d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef

SHA256
5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541

SHA512
e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\blake2b\index.js

Filesize
9KB

MD5
350e95a4d11b533abbd5d4414d38005f

SHA1
37f2bb772cc953169bbfc13087b13ba6952ed8b3

SHA256
89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064

SHA512
8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\blake2b\package.json

Filesize
742B

MD5
88595359281788f64142b0938af3f9db

SHA1
d35800917d86c3d104b9142926e9daa2ba4bf3dc

SHA256
47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870

SHA512
a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\node_modules\ms\package.json

Filesize
705B

MD5
b3ea7267a23f72028e774742792b114a

SHA1
fe112804e727b4f3489e9a52900349d0a4ed302c

SHA256
3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757

SHA512
01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\package.json

Filesize
1KB

MD5
2630a1ac039c8970c8fb0daf0f2f03c4

SHA1
ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7

SHA256
754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb

SHA512
a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\debug\src\node.js

Filesize
4KB

MD5
6e63fda079262f01e14f03bdf77146c0

SHA1
481608e3c95722f3a474336e5b777a6a521e76f9

SHA256
f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559

SHA512
3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\electron-deeplink\dist\index.js

Filesize
7KB

MD5
d359d8698706d059e14b6f3eeedced8c

SHA1
9acb5276a78ed09acf81a62e1db439217aff85cf

SHA256
6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773

SHA512
f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\electron-deeplink\dist\stub.js

Filesize
156B

MD5
62063cc3b8565061daaddf496dd15731

SHA1
206166851431982536333b4a1b9c31f9e5111295

SHA256
3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6

SHA512
a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\electron-deeplink\dist\templates.js

Filesize
458B

MD5
790b7b8bf5ed00feffce05aac1c79492

SHA1
5ac0afae48c626cc6474268c725342039e5e5ef0

SHA256
6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f

SHA512
2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\electron-deeplink\package.json

Filesize
1KB

MD5
16fd5b35f0cbaed2b0b719e69f9f5a4b

SHA1
7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4

SHA256
9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c

SHA512
a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\file-uri-to-path\package.json

Filesize
717B

MD5
65f30030f0e7b2eff552eaabd8bb1fe1

SHA1
5dee8a540c467ffbf9025481180c77a06a9f46f2

SHA256
71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0

SHA512
763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\lodash\lodash.js

Filesize
531KB

MD5
bbb588cc4360df5d317ebff5f5c1ac9c

SHA1
03d60d1510d24a952ff370b77035b031a87c4158

SHA256
4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54

SHA512
da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\lodash\package.json

Filesize
578B

MD5
188f386c15507c982c3e0d5a2db5b60d

SHA1
2c1ec9f730323c72f6f76e73f48b24902cc853c2

SHA256
8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2

SHA512
a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
83c46187ed7b1e33a178f4c531c4ea81

SHA1
ea869663486f513cc4d1ca8312ed52a165c417fa

SHA256
e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9

SHA512
51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\ms\package.json

Filesize
732B

MD5
a682078f64a677ddad1f50307a14b678

SHA1
c290eb97736177176d071da4ac855ab995685c97

SHA256
1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40

SHA512
9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\nanoassert\index.js

Filesize
438B

MD5
44d45c7081a567a4d0cb4bbb36bf6be6

SHA1
69a7954eab536502b052557d5911acb9de503dad

SHA256
5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb

SHA512
0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\nanoassert\package.json

Filesize
647B

MD5
de6935b833716ef4d703b58e188ace78

SHA1
01cb598615db0cb08979b3ff1e4324d047eb1fa0

SHA256
2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd

SHA512
b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\node-gyp-build\index.js

Filesize
390B

MD5
caa8dbb9acb0b39387e9db3895ec2f4e

SHA1
6c165ff1c6b62331fe315bebfe1c1765d83d5415

SHA256
a7ed0d5ae218a19bdbdf15a590d0893790ddf536313b66a787554693cfaae078

SHA512
32300dde85101fda577a3ba148f9f2887998cbebf7853c527e70580d1e713a38314011a9f92de20c2648b646c7c072cc5337c00ba464cfa2621fd0beec47fd01

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js

Filesize
5KB

MD5
4a8a7a2c5aa7ad0c304de54ef266bb74

SHA1
146485e9d64fbeb5ac80affd8a411ea3f6e550ed

SHA256
134f0585f7c665db89f332a379158c6f113274422e42aaf54e0aa9d5ac37f577

SHA512
a28642c67b3f100c2214c6795ce585c8cc623e25e86da53a09bb9041fe850d20f7eac1acbe626a580f6a7a9e9a3a16a8bd93913e338251a0139972f9e8d2c5b8

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\node-gyp-build\package.json

Filesize
772B

MD5
db5eb8c791ad3efa9eccff958a78d019

SHA1
b52359d86cb133ce16df39fc3852e8ef297e15d4

SHA256
1094c5e3e46e002b61931c83a7272225d74ecfb4125cad74c176a8584595c7dd

SHA512
e5b28fdaedea387a8a7d73ae8704ed6ab8151c72367b87c62bd1bcf032e318a51ca1eb727f34c2a5c15ffe1b5ae155cc44cfbb78810f4388e58e0695b7e50de4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\tr46\index.js

Filesize
7KB

MD5
7d598c8605e26cafe489544f1730d380

SHA1
02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4

SHA256
8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e

SHA512
f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\tr46\lib\mappingTable.json

Filesize
253KB

MD5
26c6da7a34c8a051a60b3592287d3fea

SHA1
6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da

SHA256
b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff

SHA512
8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\node_modules\tr46\package.json

Filesize
732B

MD5
36ce158498fb4f35c9a42edb60665bbe

SHA1
49c76b0a075effa9325c17f55c4d6472ddf3c7a9

SHA256
615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779

SHA512
676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\package.json

Filesize
10KB

MD5
0e3c202c047d2c9ed8ffc19dc26d919a

SHA1
be317517f334b42b815831ea1bccff08a840b37c

SHA256
1343f458a9ee14d7d118d224859541de32c4b84535780bf2826c505ade78ef37

SHA512
7bdaa2b695ccad36708b30d4a6201ad7e36b3a981159741dfd18337bdeb7b5fd6857f955c67ac05810c3bfb5ba557fe9da31343eed36e6e90b651d6aacd22c47

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\resources\app\version.json

Filesize
20B

MD5
3be3c0f79f7c8fcd20c48214df9575cc

SHA1
f9583c3f41569a62907e2648afd839736f5bb877

SHA256
6a9831979148c37833c4fd8ccc23268a2b27687910b5f34e6b005fc1fcc51f69

SHA512
3c05d7dcf4887b965ca8542aa8adb3cdbf3d8749dbf1aeba3a9b7df15584504c98bf05da9cc328a43ef481d3a386d73b9bf068043b97b1e958f8ff45ea2eb5f3

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\squirrel.exe

Filesize
2.0MB

MD5
a22041e448a910f8aa1d8ec6d1066f60

SHA1
4c5a66d7d396341798f4a75232524984d72a5a4f

SHA256
fe31cfd6471a0515b1846633820f4fe99d60fbf1ba7d4e20f105c2d36359cdb1

SHA512
ff3667934f9d389aebc777f9ec39fa1e020537a56aa7d71f545195738fadb049baa78c2b16be24a41ab15c5f29900715105f2fbae52b645e7c9d8a71fb6efaff

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2452.0\v8_context_snapshot.bin

Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
c72d31e191bfe86ea652e62288458a95

SHA1
c7e7021361082446cf470710aa3405c681ab552a

SHA256
095dcedfd672f450f445b1ce816e5bd0a72cc61ec960c945e21c808358fb50ce

SHA512
786cedda2473394ed65b156b32705f599a3deb7578f11a67e58919def986873edce2923a18aef78dd3e1288eaf3830373f3e4efd92895b97ca4320fb9ca51a0c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
1.1MB

MD5
614c451436d08f584b631455ae01932b

SHA1
f343b42ad4729d575daac5af1344313959428454

SHA256
551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244

SHA512
8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar487C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Local Storage\leveldb\CURRENT~RFf7644ae.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
9835d0a15fc9bf1816ce37d53c30baae

SHA1
05af276f5472abacf9c798883e8dc1a80d82f0cd

SHA256
15ab4b436c01a4481e610e0878297225f34f1e1f11c8a6e2be39f463533b207d

SHA512
4aec02d5ec3960a2bd2d0bfc5252de20bd25d60babb6d3f3dec518965f4850456cea05987362237b762ac0a8e36e89d53060c8453019fa8fd4eccf23952beab5

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
115B

MD5
4ee9b46980a26225041439ca5aa36d36

SHA1
86973ef7ab0bcd7657a3e98da1fcf278d06969cd

SHA256
13abe2f04da096845b2250f56dd1c5db45c503bba45edb681a41b6f44ff51aef

SHA512
01c28e2b1e463fdd2c91bd1075b211973c39f4c9cbc54f38846d3ce1d96fc877dc52951fb51c65ebfc65c9b798dcb49f87daef5f7ee0275161ddc1b3aab2e712

Download Submit
\Users\Admin\AppData\Local\Medal\app-4.2452.0\ffmpeg.dll

Filesize
2.6MB

MD5
f9e749204e6b7cf39adf8399369b1d1e

SHA1
bbe9dfdb2922d3160ff2a8aebc04cdef112ada20

SHA256
de9b9f1e5488bcd5eaa1e7150b5bbe64acb006520a1fd32dba8c4d6bc5e9072e

SHA512
030ebd063e94eb851fb1ca98a5b0abc3fbe3eca5e5fb71bb5f777a67af1c82a9ab7334242f0af4fc218d507b30c89d2031bfa8fcfb6ccc6e80f068e8d35b8df9

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
e530391986bee6403de2647ef4d28e07

SHA1
d697b934f9ec4de5e2a7ad3f21843e92cf7e960a

SHA256
6bd92b52f30861aad3a9c3a1b7a5175ef6446438354de8f1121021eb40400b30

SHA512
4a1045e473bdafc27a732c88a4821f39804d215ad9d8e01604ba5076af2ab474d51afe3b3d99cda79fbf59f075bda8f77595a23f878093b8ef6e014122a580ab

Download Submit
memory/2044-1432-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2044-1431-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2044-10-0x0000000000D60000-0x0000000000F36000-memory.dmp

Filesize
1.8MB

Download
memory/2044-4453-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2372-4217-0x00000000000E0000-0x00000000002B6000-memory.dmp

Filesize
1.8MB

Download
memory/2408-4253-0x0000000077910000-0x0000000077911000-memory.dmp

Filesize
4KB

Download
memory/2408-4223-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/3020-4153-0x00000000012E0000-0x00000000014D6000-memory.dmp

Filesize
2.0MB

Download