3c5374b59d9138e20ceaf7f1763122d73280568e61d6884df924881f9a4ad576

Analysis

max time kernel
151s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25/09/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe
Size

143.6MB
MD5

710c36ecb04ca9c48ed190a4e394bb8a
SHA1

455ec60b5e579df028cfe74cd58f753e1f473eec
SHA256

3c5374b59d9138e20ceaf7f1763122d73280568e61d6884df924881f9a4ad576
SHA512

f5954e96b550009e7b8b5258920479a68c50fe8b834aed98c53fe9649cf3593aba59bb50d0046231e705cace5eb31bab887a941acda8ff9a5fad4435124d08c7
SSDEEP

3145728:VNkfElKqPlhx65Rf+seBcAGxQFbd2NEeWx++s/FbZzruCnPB:Vkx2lhgaGxsRCWx+n/Foe5

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\""	reg.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
6088	powershell.exe
6016	powershell.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
5648	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Executes dropped EXE 22 IoCs

pid	Process
1060	Update.exe
1036	Squirrel.exe
2468	Medal.exe
4992	Medal.exe
3332	Update.exe
4544	Medal.exe
404	Medal.exe
4092	Medal.exe
848	Medal.exe
3120	Medal.exe
2728	Medal.exe
4400	Medal.exe
4980	Medal.exe
1400	Medal.exe
4296	ffmpeg.exe
3156	Medal.exe
4920	Medal.exe
5616	ffmpeg.exe
5464	Medal.exe
6092	MedalEncoder.exe
6060	crashpad_handler.exe
6972	Medal.exe

Loads dropped DLL 43 IoCs

pid	Process
2468	Medal.exe
4992	Medal.exe
4544	Medal.exe
404	Medal.exe
4544	Medal.exe
4544	Medal.exe
4544	Medal.exe
4544	Medal.exe
4092	Medal.exe
848	Medal.exe
3120	Medal.exe
2728	Medal.exe
3120	Medal.exe
3120	Medal.exe
3120	Medal.exe
3120	Medal.exe
4400	Medal.exe
4980	Medal.exe
1400	Medal.exe
4980	Medal.exe
4980	Medal.exe
4980	Medal.exe
4980	Medal.exe
4980	Medal.exe
3156	Medal.exe
4920	Medal.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6972	Medal.exe
6972	Medal.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717823359143543"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\shell\open	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\URL Protocol	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\ = "URL:medal"	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\shell\open\command	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\shell	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2523.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2523.0\\--squirrel-firstrun\" \"%1\""	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{A48E9918-FADE-4C75-B0AE-791D91639A71}	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{D7173C7D-DEB1-412C-93E4-79C323361974}	MedalEncoder.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
3196	reg.exe
4868	reg.exe
4220	reg.exe
3384	reg.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2468	Medal.exe
2468	Medal.exe
2468	Medal.exe
2468	Medal.exe
3300	powershell.exe
3300	powershell.exe
3036	powershell.exe
3036	powershell.exe
1060	Update.exe
1060	Update.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
904	powershell.exe
904	powershell.exe
2160	powershell.exe
2160	powershell.exe
3632	powershell.exe
3632	powershell.exe
4092	Medal.exe
4092	Medal.exe
4980	Medal.exe
4980	Medal.exe
4980	Medal.exe
4980	Medal.exe
5064	powershell.exe
5064	powershell.exe
1400	Medal.exe
1400	Medal.exe
1400	Medal.exe
1400	Medal.exe
2900	chrome.exe
2900	chrome.exe
1296	powershell.exe
1296	powershell.exe
1296	powershell.exe
6088	powershell.exe
6088	powershell.exe
6088	powershell.exe
5632	powershell.exe
5632	powershell.exe
5632	powershell.exe
6016	powershell.exe
6016	powershell.exe
6016	powershell.exe
5464	Medal.exe
5464	Medal.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe
6092	MedalEncoder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4168	WMIC.exe
Token: SeSecurityPrivilege	4168	WMIC.exe
Token: SeTakeOwnershipPrivilege	4168	WMIC.exe
Token: SeLoadDriverPrivilege	4168	WMIC.exe
Token: SeSystemProfilePrivilege	4168	WMIC.exe
Token: SeSystemtimePrivilege	4168	WMIC.exe
Token: SeProfSingleProcessPrivilege	4168	WMIC.exe
Token: SeIncBasePriorityPrivilege	4168	WMIC.exe
Token: SeCreatePagefilePrivilege	4168	WMIC.exe
Token: SeBackupPrivilege	4168	WMIC.exe
Token: SeRestorePrivilege	4168	WMIC.exe
Token: SeShutdownPrivilege	4168	WMIC.exe
Token: SeDebugPrivilege	4168	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4168	WMIC.exe
Token: SeRemoteShutdownPrivilege	4168	WMIC.exe
Token: SeUndockPrivilege	4168	WMIC.exe
Token: SeManageVolumePrivilege	4168	WMIC.exe
Token: 33	4168	WMIC.exe
Token: 34	4168	WMIC.exe
Token: 35	4168	WMIC.exe
Token: 36	4168	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4168	WMIC.exe
Token: SeSecurityPrivilege	4168	WMIC.exe
Token: SeTakeOwnershipPrivilege	4168	WMIC.exe
Token: SeLoadDriverPrivilege	4168	WMIC.exe
Token: SeSystemProfilePrivilege	4168	WMIC.exe
Token: SeSystemtimePrivilege	4168	WMIC.exe
Token: SeProfSingleProcessPrivilege	4168	WMIC.exe
Token: SeIncBasePriorityPrivilege	4168	WMIC.exe
Token: SeCreatePagefilePrivilege	4168	WMIC.exe
Token: SeBackupPrivilege	4168	WMIC.exe
Token: SeRestorePrivilege	4168	WMIC.exe
Token: SeShutdownPrivilege	4168	WMIC.exe
Token: SeDebugPrivilege	4168	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4168	WMIC.exe
Token: SeRemoteShutdownPrivilege	4168	WMIC.exe
Token: SeUndockPrivilege	4168	WMIC.exe
Token: SeManageVolumePrivilege	4168	WMIC.exe
Token: 33	4168	WMIC.exe
Token: 34	4168	WMIC.exe
Token: 35	4168	WMIC.exe
Token: 36	4168	WMIC.exe
Token: SeDebugPrivilege	3300	powershell.exe
Token: SeDebugPrivilege	3036	powershell.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe
Token: SeShutdownPrivilege	2468	Medal.exe
Token: SeCreatePagefilePrivilege	2468	Medal.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
1060	Update.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
4092	Medal.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6092	MedalEncoder.exe
6092	MedalEncoder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1060	2020	MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe	77
PID 2020 wrote to memory of 1060	2020	MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe	77
PID 1060 wrote to memory of 1036	1060	Update.exe	78
PID 1060 wrote to memory of 1036	1060	Update.exe	78
PID 1060 wrote to memory of 2468	1060	Update.exe	79
PID 1060 wrote to memory of 2468	1060	Update.exe	79
PID 2468 wrote to memory of 4992	2468	Medal.exe	80
PID 2468 wrote to memory of 4992	2468	Medal.exe	80
PID 2468 wrote to memory of 3300	2468	Medal.exe	81
PID 2468 wrote to memory of 3300	2468	Medal.exe	81
PID 2468 wrote to memory of 4796	2468	Medal.exe	83
PID 2468 wrote to memory of 4796	2468	Medal.exe	83
PID 4796 wrote to memory of 4168	4796	cmd.exe	85
PID 4796 wrote to memory of 4168	4796	cmd.exe	85
PID 2468 wrote to memory of 3036	2468	Medal.exe	87
PID 2468 wrote to memory of 3036	2468	Medal.exe	87
PID 2468 wrote to memory of 3332	2468	Medal.exe	89
PID 2468 wrote to memory of 3332	2468	Medal.exe	89
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 4544	2468	Medal.exe	90
PID 2468 wrote to memory of 404	2468	Medal.exe	91
PID 2468 wrote to memory of 404	2468	Medal.exe	91
PID 1060 wrote to memory of 4092	1060	Update.exe	93
PID 1060 wrote to memory of 4092	1060	Update.exe	93
PID 4092 wrote to memory of 848	4092	Medal.exe	94
PID 4092 wrote to memory of 848	4092	Medal.exe	94
PID 4092 wrote to memory of 904	4092	Medal.exe	95

C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.MjcyMzQyODY3LDEsbm9yZWY=.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1060
- - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:1036
- - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --squirrel-install 4.2523.0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2523.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x510,0x518,0x51c,0x4ec,0x520,0x7ff737e31898,0x7ff737e318a8,0x7ff737e318b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4992
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3300
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4796
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4168
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3036
  - - C:\Users\Admin\AppData\Local\Medal\Update.exe
      C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
      4⤵
      Executes dropped EXE
      PID:3332
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1976,i,12801081614683316700,14895179463259879004,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4544
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2140 --field-trial-handle=1976,i,12801081614683316700,14895179463259879004,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:404
- - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4092
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2523.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x504,0x50c,0x510,0x4e0,0x514,0x7ff737e31898,0x7ff737e318a8,0x7ff737e318b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:848
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      PID:340
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        
        PID:3124
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2160
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3120
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2076 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2728
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3200 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4400
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal
      4⤵
      Modifies registry key
      PID:3196
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4868
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.893.0\\MedalEncoder.exe\"} | Format-List -Property Version"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3632
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3604 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4980
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:4396
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:2004
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.893.0\\MedalEncoder.exe\"} | Format-List -Property Version"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -
        5⤵
        Executes dropped EXE
        
        PID:4296
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:4220
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:3384
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4000 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:1400
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:1004
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:3004
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.893.0\\MedalEncoder.exe\"} | Format-List -Property Version"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4544 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3156
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4536 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4920
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml
      4⤵
      PID:5260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
      4⤵
      PID:5528
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
        5⤵
        
        PID:5952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
      4⤵
      PID:5536
    - - C:\Windows\system32\cmd.exe
        
        cmd /c query session
        5⤵
        
        PID:6072
      - C:\Windows\system32\query.exe
        
        query session
        6⤵
        
        PID:2264
        
        C:\Windows\system32\qwinsta.exe
        
        "C:\Windows\system32\qwinsta.exe"
        7⤵
        
        PID:5224
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:5568
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
      4⤵
      PID:2456
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
        5⤵
        Enumerates processes with tasklist
        
        PID:5648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\ffmpeg.exe" -version"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\ffmpeg.exe" -version
        5⤵
        Executes dropped EXE
        
        PID:5616
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5632
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\d8dae8d5.txt"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:6016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
      4⤵
      PID:6136
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
        5⤵
        
        PID:112
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\suicide.lock 1402cfff-7fe8-452a-8e82-7b402b22179e
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5464
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\MedalEncoder.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\MedalEncoder.exe" soundOffset=
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\DLLs\crashpad_handler.exe
        
        C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.7.6&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\sentry-db\b72defc0-d69d-49ad-031c-390f299b1ab6.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\sentry-db\b72defc0-d69d-49ad-031c-390f299b1ab6.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\sentry-db\b72defc0-d69d-49ad-031c-390f299b1ab6.run\__sentry-breadcrumb2 --initial-client-data=0xed4,0xecc,0xed8,0xed0,0xedc,0x7ff9c3174d60,0x7ff9c3174d78,0x7ff9c3174d90
        6⤵
        Executes dropped EXE
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\Medal.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3648 --field-trial-handle=1908,i,14892095869035417605,17112247836772143517,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9caafcc40,0x7ff9caafcc4c,0x7ff9caafcc58
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1724,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2052 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3528,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4212,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5172,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3304 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4772,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5076,i,3261114062330545258,7043740344560441027,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:6468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
PID:5028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\00vhugnm.newcfg

Filesize
20KB

MD5
67ebc0c581539885a9abca64a6b7e593

SHA1
1c54c99dd1b66f91830a9c85767505db948e2853

SHA256
7c6fb13e193a0f19f7eb181ab198a914a221635d623bc610f25212d702f2d652

SHA512
1b2d88e458dde0bebe3f88b0d247bd0758e5dd357f4ac6354b233abf38edc1ebc4f59edce9c73c5a2485fa5681c2ddc2f30b015e1f604ff5306e2cf5b36d2aa7

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\2ldwtqfu.newcfg

Filesize
56KB

MD5
be10be00b1171e4210ca7aa1ae8ca090

SHA1
748d3c6d41d7c23149c360531e9233fabcf2e5de

SHA256
58805fd2500d4ce870ef5cf9bdc4814b5baf7bfbc39a4a2a79c82e6136889b5a

SHA512
cc58cdbba1bc8290bec38f77abb7c4b0857c1057736608d16e352837d9d324d48e546429dafdeead7a94640e40c7b03b6e3a545efda0c3c05feef292cc8764d0

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\dyeoafo4.newcfg

Filesize
21KB

MD5
c939dc0e1615fba8f7e3dc9eff70ff0b

SHA1
5e452080ed5ff5718bfb8ead6534b8215216d958

SHA256
eddf9bf79b9f1874447322f21d8d6cef938f01cfeac6e0fc454ea2ed43866814

SHA512
20b247948150923d63db5db516223f88850ddf77896aa7f0ce99beea753b5cafe02dd0726e67961c2c2b756adc9993574d79d1df722907afa27657c0e271ac3a

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\je1t54ei.newcfg

Filesize
46KB

MD5
eef897c1288cf5432d74e44e66c73e20

SHA1
617dd91fb65cb8baa20e2ac85e3bb91121237c39

SHA256
a3004af2cb5b3e94199878e12952a680507d17fbe442595fe52e0eacb4807ba4

SHA512
ce9e1fb2c9ed40dca2282366b1147c820c4b6d68492a080bc22386ece752f66b6c364c339453febaae65b4d1fd1f97cfe696be38abe499d69eccf5c86f423cd4

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\user.config

Filesize
332B

MD5
e37e2958c5378a8c6bb3170fd5abdbaa

SHA1
fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f

SHA256
090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1

SHA512
1e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_nkraz1jbcbtkmbndluz3zhy5w5mqhn50\3.893.0.0\user.config

Filesize
20KB

MD5
136e346b7ed7b42026ab3776113f31e0

SHA1
dc028f64b28a64713e48a5013098e5b05c925dee

SHA256
a629da847b1735b320710089b9c846a50c3ce37660f676c4dd0b54e8f2da794f

SHA512
7e87e93105052f0ab1ba97588d5878e223ae24d0ab2d9c4ff2e9c071577c06acff6ff0365cf33bdeb9c4a5e4205745a1c934f0530b97fed8dd3fd1d2ba8bc3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
07400919456e01b0736e1804a51f8f17

SHA1
70e1bccf4e7971b8a51c056508e6715f61b1093f

SHA256
d3f4bc2384bab6e805ef99752f2e5c7e0c594c988cfb5a513160699903e3b0cc

SHA512
4677939ca8f546d21d0890fb690ca7ea8ae50ccfff0f3127c30712ab9dd6c7fe9b861e51344de30540f6bbf440a5d82dd04622dc174395446ff5521463688a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
51f5fe068ec181dd12df19936cc6f2a1

SHA1
706b0f162abe68b0652df121a2765e1b81265f81

SHA256
cd03ef0d81263b7e0ac61be501d17763205daa48d478d2953554b1a8b50220e5

SHA512
386bce246d2d09c0bc0e3280db75beda65331811de6d3f5e3c1f1fb4717650b4bccd7c62200ecb685b0b4b100bd604060dc1159a0af250b3e2c54e0621517b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
8dc3ce1eae3b16800bf18d0a3bf71aad

SHA1
1022377d761154075d58897240adaebfd73d6fd5

SHA256
aa410d29632b9f738efccb09e644c30a198e2e6a9525aa5ee92a4f5d671095d0

SHA512
1591a9d2b10fd3fa7ef4b18289486ec0616c9cfd552bb71c342331a697fdb4411b0b4cb32f5f1b77c221275f6f66b535d9630e585fdd678d0d1691e31733eeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
148009f5de9389894735749185ba3e23

SHA1
bca1e8bf7028cbd15b65dfa6b6424a89177c6a43

SHA256
4ee37f8e6c5cc1e0751d222c59d33b5497e83a80e836b1533ed45c1ad04ed6cf

SHA512
7c8b31f9081a4b34da38bc925962cce1b166e976646384bc9b708bd93949bd9b05b3c1e65b6529430cb7af41f0f5e9e5820a66f200ce861a7d4e8e03396884d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1610e903732c466741b27e26b810acc

SHA1
b12aef2c9b7c34a7a8d799c06086afb9c36628c8

SHA256
6622e19ae7f4395b0e68754902ddf0f572c26465a99ed4977db9b1a94d1ad148

SHA512
71fce348e020f8637667dc792d3b704a6f8e4147cf79bbde6c7cb8920d0565165265c4aff7accd8ce6c6c99d2812ef53782ff1b79dc81ed753670d55ba20fd49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d5f625b4-4a23-4435-8904-1dea1871c018.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8ba310aa1e8e5b1364fb4379279105d

SHA1
a020e33714b2722e319f32e882b37299ac479196

SHA256
06a2554b7b421ef15a3cabcd3a8c949477c95615b26b324dd06d77044fca68fb

SHA512
7a74d12d1ff419ff69ce1f68f968dbb74b163d980db3a507d26934cb3c23fec5e6284d800611b4116c90e73c8730e5e1d5b264679ee56073435a3ca9df6f7e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8021f689e76196b64b156fae2476a83b

SHA1
fee77995c10aaaf1452509682a13e5013f781dae

SHA256
22e1df0951357df3a3de840b2dcc777448f8a57214b21069fbb83ed13fcd08a8

SHA512
000867d65a73ea5191ce5dc12f62c0188b7b99363d604dd80addb2d1a3b45703ede6341782442f73598bfb0d3f2ef778d76f533693b37738a591956a74d10a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1298ba785e8327d4db041f59cfa1c0a5

SHA1
77cca748dc7c807dd5ab8cfe66c1e3eaca8e2555

SHA256
f20d9b86b6de0c87f91eb652532a9b494c2f469c698006d58c26fbbd8f123689

SHA512
ccb7ddbbc887ad72993ae50ead7a81f7810cdeed1a88e50402a3a7a3325185d2218aa1a03b5ef252973e4e6c09bcb11794c9069c2686db2adf1dba2121688cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa0c5d47ea2af300d3b910c2ff1c1c19

SHA1
a5c8477410196965c861e055f797a115813e30fc

SHA256
1406bcf2ac6bc07997dbc513932e44cc2bafc0f43777334ab56a74533773a13e

SHA512
3b0952f1818f2aabce24ffb84f015cd6b13467af44793d4af02f039b10e0f68fac9f22dec6184e9e00ed0d796f25680acb8222c9f38632cb9d20a47f9040193c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9769b6e020970378c49c8c6d87ea6f5

SHA1
91a162cb16bb950e2207dec4cdde00a9422b71c2

SHA256
0beb7abb5044b6bebd0ddd5f2f8aa48a2b4d6ee8dd9d4a849e3607b56ccffe7d

SHA512
f6aa87fe6a60f1b6b443e0ac8e17f5ab62fadf00cf5678036475524cdb0042c55d592dc08cf9180258a6bdc247daf5c906e89c0f330eea4d01a201e21253f524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bb08b0b1e117db2475a84b4d168c638

SHA1
05fc7fa266f9916188f3d51ec50dee6f212c9f14

SHA256
fb3538fc194bad1044336ba1d93d50d110c2d11429db34b3a77e26206d2e998b

SHA512
fe59a90a6737cae5fad90e9165d50e2a5fa36ad6a56acfe870270daf66dcc2240a83fc531c05c3961c2ab70979b81d8c6264a058b8f74d93daa90af719d4a913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f8db43f5e6b8fa28c61d5d75e972c50

SHA1
6bb1ae9b0468d95efd0f6088a9ab5ebbcaa82854

SHA256
3dbb3fcd32151202e82037e53b0f9d0cbbd2a868dd066dab9e2fa01872694cab

SHA512
ea8474b1a12b6adcc1c4a3a7befd0738660c409d18fd4652cb90d7026d7d74ca9eded51afab79cd19310ff32d6d0e5229461c24d6ce12b345aa83da99efe2d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
04f072520f2682b9f7414a3e29507858

SHA1
24397204713c21da3d593ab324916d7ecd8ecc65

SHA256
c68c7d90a8187b72b7b2b6834566ddc2e3696f4799d3e0a210189323c5b082cc

SHA512
e7fa9a8f184eaa276366c91115b176b0703205c93873fa8c9dc903e8f8053c05fb2e06ba573140cafb89bed72d4d69adb98fbe769640fa7483240e2b3a6b0477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
9c57e3fca2ad61a166bdbf863af9aa64

SHA1
ce2bb424c56f9685b1fe52810f140d6f0d382374

SHA256
d4a194366b50a876b81c30699b75717d6c5f591ecbe1a9ea71c3675d66bd9538

SHA512
cf955aea919da0e1a37f9bed377c2cef8676b12ecf5379a8c1b6a7c93b5a11696654288f9e368a84ce8e0bd54478beb05b063b9d35871bf1aaa037bed0c3351c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
87e03945a57b7db7a74caed021f04af5

SHA1
4213cd0a60668c2b153658c4a5870a1fa738ed9a

SHA256
e769c10f7423d870543eeafdb84e8fd92c050094ed8413ae049d259941bade7e

SHA512
8123aa79a1c900ff478f0c4129990bc207143274b331d71935829fb6b0c109e9a1ef0c0b2a1890758a992840b2b6b2e750977ba7444f069503459643790e5c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
df45e2d0fa8515a6fee5b557cc7765fe

SHA1
285f6a3663f54f22258fcf456d27f4cc442cb662

SHA256
48c0da4d1fa4307dac39a3884191d120880265b365e5bad68f563699c9f1e360

SHA512
5c85c534956264cfa15aa7f146a298d9b44f423cb296cae6536125ab2a41261f6ceebfa25e541ba6f6c73131f8dd29b0132bc789c3782e891a4587f7ca15f647

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\ffmpeg.dll

Filesize
2.6MB

MD5
6fe3d590e86b8c3a07dfe41fc295a491

SHA1
afbf100a22039fb8ef639e7355583e7c3d5fb1b0

SHA256
732b9826c52d3e2ad908240922a36c1670fbe0ab5e3ee6db346515f1ceb13294

SHA512
7b556da32c58b4b373546135310fc25fbe84205bfeb33b60ed36112b1aeb1c38aed9a3a21dc5bfc19732a89ade9178b58aa6a6893502d4c145abea8789b46572

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\index.js

Filesize
386B

MD5
5e2fbb9d655e0dd204e8d211ec1b4d0c

SHA1
440dc879e7fb836d97a5f5a40f016bbaa1b7f588

SHA256
8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9

SHA512
d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\main.min.js

Filesize
7.7MB

MD5
b0e83dedc34729780fa7637acf4d6403

SHA1
bb409f66cf3f41672aef29c08639ee2ade02f7d5

SHA256
170563530d666dc5a0ed4269415c6a98edcfe927fbc721fca8f1dc5266049050

SHA512
8c3ecc32484af2af538ad85b3a6f1e4d309bb239f861bef8f07f3388aea49944497fa0e50b32bae80b1eabb1f36a1acc2dd3cffc5b6e708b786f4a049908e559

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

Filesize
1KB

MD5
ea817882455c03503f7d014a8f54f095

SHA1
dd164bc611bca7ba8ead40ec4c2851081e5a16b9

SHA256
1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39

SHA512
0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

Filesize
947B

MD5
b0adfc74c8e51ce2ab659bfc13752ed3

SHA1
1b0879db53a00bbfeddcfdc0c190901387bab7bd

SHA256
a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d

SHA512
4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

Filesize
263B

MD5
dfb2813673ea5279a9aa7305e5fe33f3

SHA1
6e6491c1ab3389433d1b39a33b3ac8760649a2c8

SHA256
5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe

SHA512
53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\async\dist\async.js

Filesize
219KB

MD5
1257b1d9deaebe158498a18320cb5206

SHA1
6658b0192f5224d10475378ee50ce927b8b99f13

SHA256
caeea733f6f61bb394a1a5f71d8bda604765dcc9aea0f0a9a0e54243a1d4c7e8

SHA512
244bb4cc9a386415f1ff15392c92ffab5ceee43b78bada2f9836809b015738347cc781c8ec1eec97dd17d8a00e59d100079f7a6f9fa9790dc84f07ce64754fb1

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\async\package.json

Filesize
2KB

MD5
8b25d829d53060e8c855b44bf9f0a163

SHA1
fba8834d773d13fc6c9c74a1ea3ffd013859d7a1

SHA256
ed7622386e4427bbdd4eb08c09c0aca9bcc1d739becdfb421b2cd19c76dae308

SHA512
43427701fb7eaac7fd06ef99ff86cbf5c2a27d0ca28d5bf95b3b9cb0469b00a39dc81afee2d7d2dcb22ec0aef2dd4cc36e01c241ee507865f31be5377d3d9b2e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\b4a\index.js

Filesize
3KB

MD5
b792856285e9760aac0ca447b4cdad32

SHA1
c3f23229d5855aa849565a6f4dee345b4471e53e

SHA256
7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64

SHA512
a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\b4a\package.json

Filesize
701B

MD5
530ee244b7c2df2e16d152d4dbe039d5

SHA1
6b5e6be8639f0c3f9828fcae1d2bbae7344edde0

SHA256
287e126e6500f191066f1865ef155a4dd668ad08c177d42821a77a52e0202604

SHA512
5401f101832ba756eb7693751cd857349aef42052ae2c0d29c886fe514f74c356ffd8f4c0dac95508a801c7b8d6b2dbb515f3388c96c63b9ae844e37bf4024b6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\bindings\package.json

Filesize
660B

MD5
17005447df8440e0e386849b8fa2b682

SHA1
14bbbadeb1307b1f711ee10093d5b46a7889677c

SHA256
a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c

SHA512
a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\blake2b-wasm\blake2b.js

Filesize
11KB

MD5
6d4fdddbe0e3df6ede11846ac2d9f104

SHA1
16ed563b7e5eb247279479de76bea594fab392f0

SHA256
ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9

SHA512
f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\blake2b-wasm\index.js

Filesize
4KB

MD5
b1c4d73faad73d98b01810cde1eb52fb

SHA1
67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce

SHA256
0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd

SHA512
bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\blake2b-wasm\package.json

Filesize
782B

MD5
85f6234e8249e84f2a2361d5142707a3

SHA1
d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef

SHA256
5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541

SHA512
e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\blake2b\index.js

Filesize
9KB

MD5
350e95a4d11b533abbd5d4414d38005f

SHA1
37f2bb772cc953169bbfc13087b13ba6952ed8b3

SHA256
89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064

SHA512
8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\blake2b\package.json

Filesize
742B

MD5
88595359281788f64142b0938af3f9db

SHA1
d35800917d86c3d104b9142926e9daa2ba4bf3dc

SHA256
47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870

SHA512
a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\node_modules\ms\package.json

Filesize
705B

MD5
b3ea7267a23f72028e774742792b114a

SHA1
fe112804e727b4f3489e9a52900349d0a4ed302c

SHA256
3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757

SHA512
01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\package.json

Filesize
1KB

MD5
2630a1ac039c8970c8fb0daf0f2f03c4

SHA1
ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7

SHA256
754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb

SHA512
a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\debug\src\node.js

Filesize
4KB

MD5
6e63fda079262f01e14f03bdf77146c0

SHA1
481608e3c95722f3a474336e5b777a6a521e76f9

SHA256
f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559

SHA512
3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\electron-deeplink\dist\index.js

Filesize
7KB

MD5
d359d8698706d059e14b6f3eeedced8c

SHA1
9acb5276a78ed09acf81a62e1db439217aff85cf

SHA256
6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773

SHA512
f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\electron-deeplink\dist\stub.js

Filesize
156B

MD5
62063cc3b8565061daaddf496dd15731

SHA1
206166851431982536333b4a1b9c31f9e5111295

SHA256
3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6

SHA512
a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\electron-deeplink\dist\templates.js

Filesize
458B

MD5
790b7b8bf5ed00feffce05aac1c79492

SHA1
5ac0afae48c626cc6474268c725342039e5e5ef0

SHA256
6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f

SHA512
2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\electron-deeplink\package.json

Filesize
1KB

MD5
16fd5b35f0cbaed2b0b719e69f9f5a4b

SHA1
7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4

SHA256
9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c

SHA512
a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\file-uri-to-path\package.json

Filesize
717B

MD5
65f30030f0e7b2eff552eaabd8bb1fe1

SHA1
5dee8a540c467ffbf9025481180c77a06a9f46f2

SHA256
71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0

SHA512
763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\lodash\lodash.js

Filesize
531KB

MD5
bbb588cc4360df5d317ebff5f5c1ac9c

SHA1
03d60d1510d24a952ff370b77035b031a87c4158

SHA256
4c04561befdf653aef017a42ac5addf68ea943cdfca6bdee5ce04e04e8139f54

SHA512
da2c021e3ba3f8f99d0b2bdbf3cacc39c87451c290c551e2fe0b009a5d5f3777a0f3620368efdc773cde5d7e221765732087acee9383135fc6d2db37401c2c94

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\lodash\package.json

Filesize
578B

MD5
188f386c15507c982c3e0d5a2db5b60d

SHA1
2c1ec9f730323c72f6f76e73f48b24902cc853c2

SHA256
8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2

SHA512
a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
83c46187ed7b1e33a178f4c531c4ea81

SHA1
ea869663486f513cc4d1ca8312ed52a165c417fa

SHA256
e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9

SHA512
51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\ms\package.json

Filesize
732B

MD5
a682078f64a677ddad1f50307a14b678

SHA1
c290eb97736177176d071da4ac855ab995685c97

SHA256
1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40

SHA512
9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\nanoassert\index.js

Filesize
438B

MD5
44d45c7081a567a4d0cb4bbb36bf6be6

SHA1
69a7954eab536502b052557d5911acb9de503dad

SHA256
5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb

SHA512
0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\nanoassert\package.json

Filesize
647B

MD5
de6935b833716ef4d703b58e188ace78

SHA1
01cb598615db0cb08979b3ff1e4324d047eb1fa0

SHA256
2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd

SHA512
b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\node-gyp-build\index.js

Filesize
390B

MD5
caa8dbb9acb0b39387e9db3895ec2f4e

SHA1
6c165ff1c6b62331fe315bebfe1c1765d83d5415

SHA256
a7ed0d5ae218a19bdbdf15a590d0893790ddf536313b66a787554693cfaae078

SHA512
32300dde85101fda577a3ba148f9f2887998cbebf7853c527e70580d1e713a38314011a9f92de20c2648b646c7c072cc5337c00ba464cfa2621fd0beec47fd01

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\node-gyp-build\node-gyp-build.js

Filesize
5KB

MD5
4a8a7a2c5aa7ad0c304de54ef266bb74

SHA1
146485e9d64fbeb5ac80affd8a411ea3f6e550ed

SHA256
134f0585f7c665db89f332a379158c6f113274422e42aaf54e0aa9d5ac37f577

SHA512
a28642c67b3f100c2214c6795ce585c8cc623e25e86da53a09bb9041fe850d20f7eac1acbe626a580f6a7a9e9a3a16a8bd93913e338251a0139972f9e8d2c5b8

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\node-gyp-build\package.json

Filesize
772B

MD5
db5eb8c791ad3efa9eccff958a78d019

SHA1
b52359d86cb133ce16df39fc3852e8ef297e15d4

SHA256
1094c5e3e46e002b61931c83a7272225d74ecfb4125cad74c176a8584595c7dd

SHA512
e5b28fdaedea387a8a7d73ae8704ed6ab8151c72367b87c62bd1bcf032e318a51ca1eb727f34c2a5c15ffe1b5ae155cc44cfbb78810f4388e58e0695b7e50de4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\tr46\index.js

Filesize
7KB

MD5
7d598c8605e26cafe489544f1730d380

SHA1
02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4

SHA256
8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e

SHA512
f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\tr46\lib\mappingTable.json

Filesize
253KB

MD5
26c6da7a34c8a051a60b3592287d3fea

SHA1
6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da

SHA256
b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff

SHA512
8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\node_modules\tr46\package.json

Filesize
732B

MD5
36ce158498fb4f35c9a42edb60665bbe

SHA1
49c76b0a075effa9325c17f55c4d6472ddf3c7a9

SHA256
615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779

SHA512
676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\package.json

Filesize
10KB

MD5
af84e291e0787066247beda2b99f0bb4

SHA1
99b0328517f94996a3840d37544edaf744638ad6

SHA256
4b0f9ca603a4d14f6a63892d41230620b20a61426fcadb2defb62f4f9c2f7e80

SHA512
36f85a5a225fc86fa60b82f5fe4b63a0c5bfdf29ba228e1d8f1b49d4e7c37b744755db6b0095fd3a9aefbefa0fd7ac0052da9b6839f1f07b06918348372adfe5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\version.json

Filesize
20B

MD5
2e19981970327df6448b65130b721614

SHA1
ba64e7d80147080599902a289d02ecc5ef4f9aa9

SHA256
3cc764ee331dc979a84d52c4c561e0d7d123dfddcc03f76eac1578c4319fdd22

SHA512
957295cc826ed1840ea5ffe1616f8c7914278ecd82b1afe8d7b2419f644c4409182fc855885e1f4be87b8312500aa104fefa1db50f4e670688ed914bd57b00f6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\version.json

Filesize
44B

MD5
1441ac91ef50d0b2db6177e4e86a5eec

SHA1
e131bd514780f86bcbfb2c2ec124067e22ac2687

SHA256
1f63d44451b05e3f22a74d93ab62241935de476260635f52007f656c0ac631ce

SHA512
7063d71848dbdc20fd8e430df8f2d849772b9d87743ff807c2d08429a55c32ccfd39f0f20a3e7eb8a7fff97b6a56f820ca0b823134dc8c8e4fbfebf1088aa04b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\version.json

Filesize
90B

MD5
d2ada0e0878d995b14c5d0238cfde4db

SHA1
ae42451ccfed20081e972c98053092c04da0f6a6

SHA256
a5fd19c52a76d3af89c46fa3b22e41a1b37a1ae0e4c7c38f30f22de0cf9413f7

SHA512
b14316299d4df9b1b9ffed81c445df814d2c5e4f0e830c72a04460fefa5c4cb48d61349d31a7fd7b1b82a611badc91347c7c942963acde9577babe70f1c6597b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\version.json

Filesize
59KB

MD5
621cb95c43a585475ef1047c16fb82a1

SHA1
4fd68b2685d98633f08edb8c3d6a02129c6d27f1

SHA256
56202c0bb3817fc3f605ffa8d860d366e523fa9e18b148c0f4db6efa7f7acdd9

SHA512
ff9d67eaa28d91183d49719b9a41a009861dbc52d34fe3534ca2c54b93491342e504cda5f8d9b31a163e2ae6cc15403d616a89b3da677f72c5ad8f64132eb9d5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\resources\app\version.json.2539200600

Filesize
116B

MD5
8a7eee0137bcc2e3bc21983023377d45

SHA1
6fa46479ba056dc6af4b09d44281757a0cf5e6fc

SHA256
0cfe3add4eae56c1894e0116a461bab48683135953e8e6f3d3aa0e2fa2ccbfe9

SHA512
51688371a04e7f4ba6e52f6bd2008acfbe5907bc021dcdbeae1c40b4eea4a665ed44fc5d34bdd3d6f1c0254741d3b4da47c0db185ec57576fefb0252e564d693

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\squirrel.exe

Filesize
2.0MB

MD5
4dac60bf37a9b9ff4e11584810c24fe7

SHA1
c30ea3b7d8c9a4edca9ae03e3146af0c66a1654b

SHA256
27af119d2fd6e97d62cf982c21c2e1c142911d31fb9a22d57c57de5315a31f01

SHA512
0fa9184995eeab467eda2630a48322598076276c75715d7bd0b1c39238588d5313f1d676757d2aaec38e3bb55e7bb1520fac673cb9875af803af766ae78becf9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2523.0\v8_context_snapshot.bin

Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\UpdatedGameInfo.db

Filesize
697KB

MD5
087b54c00bc5ad26289bcf1299d83eae

SHA1
9320ad4d924f8da90aec96e5a831f0a070e152e9

SHA256
9e4e1f5b62bbc1dd9ec6e57a99e9a7ea139d2e9b59fdbe540555f23b98a1691a

SHA512
30fead8d366b33ca74ea26cbadf2e7170a9be5364cf5b775cd25569c3a1c54a9153771c124d737b6db996e78b3fb09d6705acc3f3fcb28c714ab18e867cca288

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\Updatedindex2.db

Filesize
1.6MB

MD5
17c5862bac88d5f021422ff9a5cdebae

SHA1
370ae08c4b41577d8eaf17726ba84678ccba8498

SHA256
f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94

SHA512
308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.893.0\events.json

Filesize
30KB

MD5
18e0f66f3d09939d94b9a7c18d23e9f6

SHA1
2e6da2aeab8b647107d36b57ea9a687b46100294

SHA256
9f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32

SHA512
57eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
887b49cbf8909ec1ef69a2db050661e3

SHA1
8ad96b33c12d977479d2652868f91243b337fcb6

SHA256
8b95b825588302231eac72fbe8a07e039df8883ca5a11b9d928bb5525342d331

SHA512
b4c63c604fbb6051f329191486f59b3a4400bb106fb04f1205f79f3c56692fe3d51c100bd110bc0e95c9968e03b380d9c90e43cba83e8733bf77d723d9b3aa66

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
1d43f50bf59d2f33d031e94508dc9a1c

SHA1
1eb0318e0f0e59b4f5eaad827d48a605a4ee7d54

SHA256
5b77387238fd42e166e165b9ea3e3b8e26ea5b8323e6de2c678f4a2c75b518e1

SHA512
12daec2c131d2e4da5221650d178c6a3307936a34bd96205f07d9470764f921c33a5acb21449dbcb01585999621cbfb1ec41d3b50bfc41ff2ad166413c12741c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
356KB

MD5
b15e2e40fac551f7aaac328b423e5a31

SHA1
71e2bcdf47e0097a30c849b1c65611cfab7b9441

SHA256
08581fd1729f3ef887b32a9c943bd8d3bb2c0e71adea75065a990327cb46ce60

SHA512
c5ac4d3ee876a046b6c66e12c1d41e9991300e83ec736c2051297c9f711bf5e95f95fbac8dca51332c2911251a640844059aa33b965b2ec8733c63886e3cc715

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y1bbdm3f.dl3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\install.log

Filesize
1002B

MD5
36853f8088c24d96a61db535d53bde78

SHA1
dd752e391bc6f2e975796348cbdd3b7cc406b3a4

SHA256
061809a8dfe9608a39fbb2ae1343b22585597cec0020fec4bbfe3997d404ffc6

SHA512
1871833b29fe5d8e913c60d30425bcc7b11d6f1593cc8d714ac89d80ced0da5c92b9da1f07ea4cab38a34b3ec5edf798709d8f3dd09271b4c7b492f551407f0c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\main-error.log

Filesize
5KB

MD5
9b2c20830fc5762d1a83da15c3162e3e

SHA1
e8737a049fceda3df6d588e710fc85a8a226f614

SHA256
9e242115497841ca4f0277131f89ea1910d35f1371e663508c863aa97a62a049

SHA512
428bd86501ea4155fff60b986586399d31a872893a770a5004f0d8046187782ddec10ed6c1b21f807720642b0616f044e7b055c0dc90618f9c8033468004b35a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
656f68ac766762effb16743a4a3536d3

SHA1
b5c256b801a99c8c195c6da1637eff19cf64cffb

SHA256
b6bf6628f3ccd84b675de36706280327bb3b283954b2f1d11fb024643e0a11a6

SHA512
d3a265027898487bfa69f8e198d587140e56b4bac31575b8cb27e115105b77628f87733eb44bd59f9453c777e635a2ea4e133957e736e4bfcade65f36fee59b8

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
707B

MD5
527955922eb3264f90a51349ec46cb22

SHA1
a26e2ad718253acf06b02c65defa706e4def9b4d

SHA256
21bbdd1bb93b8e806f2d3cde6a0dbce10824355b412e68ea14c24903447a452f

SHA512
1587ce317e4f18938df6a7e975bf7baac269b23a8a3c9fc9e53a11b4aa6b3c1c6555bd78c2cbd6ef82463430cb4485e3358d2a3229a92715f1466d2398126f28

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
aab50dd780b29237702db43720b80025

SHA1
7d7bd94cc77bbaab269a49f19a0c7cb2296f1269

SHA256
90757a8796d6f6ba433d50e812cdb586f28361770c0b9525bfb3d3f217c64ca3

SHA512
d9aa888130b93f424f28efaf1660e8881ffe929a31f0029cd5133693588d5c6067c7b04772a65b502be5dadf764263c42f71702c5f6ef79e0970e67b497cdada

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
8e8d27f4a2dd52027ec337c202381f19

SHA1
7feb2e07ec12759b248be589d4ceeb4a43b70cb4

SHA256
8994486201d17af3502548e77158cdbc46c6c06b939b3f5060f6d126d5d4c5c5

SHA512
bad4db316653dc8afefb0920009ed4f2b7e4a3b0adff82263cfee227ca41c88706e73db81de9e9a8079a9886c3dccecedfaaa0e19278d324b4d1d298c8931a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe58b1a7.TMP

Filesize
539B

MD5
835883e118454e6464c61c7d5b54a6af

SHA1
04c4421334e700e3bb7f53519bb4c39a3c479514

SHA256
86b7e6ddb18fbefb67bd3cad4c6c891598b2d0ee844ffa5d07a42acec89b75f5

SHA512
db5a45c27abe1d22f5ea3cfe78807ed568424ae17ed5d68c403db7f5fd504386688d5f912bf3e85f96d784e223516df350001ef1e65f843a72fe34149222158a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
300B

MD5
73c0d93a5ad9606a4a83f7725eb07807

SHA1
8a1c830d433b68273ecf953dc5a2d244d0fe54ee

SHA256
96897aa1aa14d8cab0097948537c2e5a6cc2820b4ff455dbf02665dc3ccbf485

SHA512
276983537ab198dbb09867c5133008116f4a1bc602effde200a654f5c8584d64bb8e3618ab66c315522f4849d191e0a366c05d928c3bfa9643dc3b2547a8eea7

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
132B

MD5
b47b2dcfdc27a453d573edd62fd0474f

SHA1
e7aaaac6ddc08f439b817525786d74e133425794

SHA256
c0cf8950ca65a185e81bd8eed55485613d14657248ddf77a15abd10ec4c24876

SHA512
45ccfcdbcfb1073ed72a284f8fa490340fcfe934f4eb84f30637cadd201ee38744829b8e14525d2d3d595b1778ed98e1c63e42e13e86844c762192d6aac038d7

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v3.json

Filesize
21KB

MD5
8b02a8d29d90e4245d07fa054d5de296

SHA1
d1673a278e61c29ae8a60b484ca841923cd67bdb

SHA256
49da32cdf88575fad82cad19a1721edd97fa0635975e0ebe71e1e69a7cbfef4e

SHA512
a14d9150b07cb5739b824cd7708573b9c90d235fdaf35982319604e8aa0251c254faa7e69a214e455d33f98c4dfa9106d1ca36e50e91434b3426e88b7100e648

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\game.json.4293733014

Filesize
3.6MB

MD5
11bfcc076ed91fc25d599c6d0cbb275b

SHA1
cc8a05d3b78487a4528589e60a7e51e8c158d2f7

SHA256
07b78864769e5e8f2c3a75bd5e0f7771b811ef60f27159043f6873c8860fd46b

SHA512
7bcf264a501e8bf62a0647fb86d820d5e6abce4824c6086d1d3f7e7875eccffb10a0562f4dc208212a7b140cd855be7d0b762821595dfa535078ce54da561dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json

Filesize
5KB

MD5
d5f6d057d558cf1db1d982a648139108

SHA1
091daf7bc73e59662ee2846104b42291bd21bd19

SHA256
638c97e220ded5cd56c3dcda4daed7d318be0bdf6b4d28417ef541c3389b3db2

SHA512
1d3ac44bac52625316abeeac5cdc183e228bfd359704e06d8f7a8c41ac21619e353d85b155af572f600c5e33ae5895ba165b33de2a40c22226da928c238e1dda

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.3302112088

Filesize
6KB

MD5
8ddeb934e56255fd6e9a67b3c7d40e9f

SHA1
44d9a0b268f0a9e800fc2662a8847c8c72d26a94

SHA256
03926c59431f8501bbe69eaf526cd899854025bde13c8204594d6fac7a0c4b41

SHA512
109d69029e4619e4275b877b6f5a670b094b879bb4f8e895d055d5089866b2da3c46c7f7cbe5ae53980534b7a5e55c46df03285a1e03ff726718df4bf027a16e

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
112B

MD5
9a68b34bc6ec26e6670710233d318224

SHA1
a717483634d9882944d1ba8c59df39347e6166a9

SHA256
4edb8fd78fe41d6287ebc8f72b64f6c7bf22209d85595c472ee306ed848a6fbc

SHA512
7e6451a1ff178d1604e16806dde88e79a980a94787dad2b95eb6737a08ee0f22b6d4265833912b735e7f03d13f7d341f13272d07a902d4004bebf3f85ee32850

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
32B

MD5
85e87aacfa3518639d14e7d44d155f27

SHA1
99545627fc0e0887ab04b85ffbafabe1aca15c41

SHA256
008418ae69c264c53cfc6d02d9bf3d70d3596c21888c9cda6322c7ac5587e826

SHA512
f12cfbb2c4b5a654f8706bf1289390f1183dd84f4a6101e26c587861d6d87d83c733819a86932320adacabc3b877fd8a9139d4319f5f925476f3f8015a3cbcc8

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.265559221

Filesize
180B

MD5
b37ca31c52fc062fc77566581ff3e672

SHA1
9bcbf3536c17a9c11c06aad7a06bd9b993c203ab

SHA256
d2c64746d39dad3199c37d992e0d3dd597c7fbf7c3c797b29f682ae11a71c109

SHA512
43b0b7266c7317214eaf68f92bb7f20022215410f677d228ccc70e41e67b73f47cadaa28b8f26429aa25b7be192a27da1bc5bf854f49a8aa01a68732d5b39261

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3830255823

Filesize
62B

MD5
59bc4a78e39dea1cd7ecabc613083338

SHA1
211316f199d03c6aaa532f561f9dcc561c53e04c

SHA256
a9af47c1448faccc7338411f17ac5f5bdf3f4fb92f1eeaea0290fa7d852ed6f2

SHA512
410cbfc02a859c2afcc7b2b91f56e3ce5851824db8cfd2fef9013ef664a7a2af8f7541b564323f37af6751e1359c9d04f6ac5f98b604a9eabd1793697e1e515a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
262B

MD5
044ec9f43d69f2686759a922366c3076

SHA1
169b054ba35fdec95b48e4bf09c001256c720862

SHA256
1e77a294821e52488ff4a6f889d4fbd2b566b3da75d1e958156d0dc49c2cd248

SHA512
d7232b300c68d34e721fb5cca62cb225a00cd02799d6fc57fa40fa9176bbb2ba531b56a53f6a81f76b405d3161fba6d960ec6f393c95483f0f3708a959e0df19

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
333B

MD5
24d36c5a0eed3057ce6b9456538497d8

SHA1
d83c5170fd710b5efde43054ddc14a1f1a0f1a29

SHA256
202420bb8e54a6b87f4c78575053d55c6b7027772df3706f7e20c67bf01d1bb1

SHA512
1ca96ca26eca30a52422261da86eee2b6b6133546afe762fb70c68fd27a362ed9735d9eb9ebe73eb68a6facbe2ea7e77184417f42ec60359b015398c9cc83d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
449B

MD5
c5a3456287fd84cf6c4efd01f954cd17

SHA1
7df0333b06c95f89fee86fb567b9103bad6ee9c8

SHA256
7733cb8bad75aa8ff02664cb0d5405f063d350581f74dc7c5b4f14f972419cda

SHA512
d332619f0a7b44040809e2f0f17f36e21b57c079373fb754714f96fd15d594cc200077096934700481a6d57e6618813c9f4d0df079055a3d9fa208d99184a23a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
497B

MD5
e4c71b4cc3abbbd2a37c8acb5e15c686

SHA1
e839bd30960abf6d78c043eefc2221b290fbdbd9

SHA256
e43213bc4c03ded0301c8d7e1c1f3303d17459e6020ed0e56082ab8981a169bb

SHA512
a6a1453b4fb50ebdb0e570ac78058439307038116d6352c790bef477e6b760e3538b47ccf4b4323db99c66298e453bdfb1a918f6073cd714b94875a87559d030

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
2KB

MD5
677342c29db60fa0d6bf3048abee38bf

SHA1
cc3310c23cf55fa9d03b8fdf2d46d9aa62771f02

SHA256
421f5a5876ef94da8abc8dfbc9e3bbb99c517a9c34c51b7639f4ebf7c8ccd3d9

SHA512
8ca4ec1f9b02de53fa8369046487235216ddddbac9f9a35f73a7ca8e77334de509369ff58a801f15ce861ba16ac4df332ab2e2f3c13653a49418c2925508d770

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
0c0112cc5ebd9282658ba82695edb1ab

SHA1
71b0c68037ed07c42bf2b352360995ffee0579b5

SHA256
3ff08050bf36866a0f5799b81deee4e890d6bdf9cff904067c190819558662db

SHA512
e485c40f89bc4aa2f14a1743cbfa4ab3d6468f236b5fee9220393220933b430f268ba1875bb580adaa6373d93ae36111e5bca90c18a17af2b4890e1a4aa22be1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
2KB

MD5
cb304dfd448ca852931f2056628cc720

SHA1
a872dc18763df1d360c0dc2f9ad7861963e231d0

SHA256
fd4b4b81434fc1dfad5e5ff03e27c25903782c88e4d1e25310663e3d0ad46b38

SHA512
147f44c8dcc2d117b5643fccc3c96c3637af5f2b7f54abee6dc3772e0a9c562aae938f6f416e85231f023a3d5fb6531b4fb48d0e68ba16cb4119dd66af6e6b8a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
70B

MD5
3a15daf1281b0af19279ac873eafef58

SHA1
abce7f2b8e6180efc6ede8e114f544e1480c9f4f

SHA256
62396ea0a8150cd36a37328203ac964ba4afca22b61610e68ce4550784bb213b

SHA512
26427778d25800aaba4119602651b3f486910043dc32817e3c2adbc033bd754af2938254d9249983f8323a79ade9d7dd003ccaf1962dbb0a54adcd0f0b4dbb41

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
160B

MD5
650865401f7a1b3cff60d31bea42511c

SHA1
bc460f4a487f06d328ef6504b251ae3d3b6da60c

SHA256
3198dc9360f1fb6d47cc83ff0b01487ef2d20b4c0de4723e04971df3b035d017

SHA512
32a26ea9828716a31d1c58332dc0869e3904a920d0b087a25f1f5157112464ad0c2dfe39a869d5f62bfde6bc5db8150d8463b05c0959377e31f74a0f377dd6f1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
8KB

MD5
64d6d66a4d1a2bd0c2260e1014c127e4

SHA1
19c5e68502d2d42bbd52069319b8bed484b75aaa

SHA256
e20e64304cf0fd47bdbfb7f4a916521835e50c19e121b5b6f763457104006c43

SHA512
10818c8b66d0f870fe32aa7db0dbdd8e1ed2e1c562ac249654fbb4dfbd39a2ab31d1199b7041b05788c0bfcae6c14b682ab2e00eb35019171a0435a9315870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
59cf1e34457f22123c6766c72ac14572

SHA1
9f01c30353e6466e8a3874ca7267945fc4d4ee42

SHA256
e8636a67d9240aeba3d6b9e242600f39fdcbed5a29a1fb8597f43819c551089b

SHA512
4eb8557150f3cd81bc2cc5622d46b47cc17e2af88805d80dcb7c56159ce57334b79628595b0bd8acb3211ce0bbeb667b64ef4382cb2edbc27ce396941c9dcd52

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
96b4522a51bd7f6d5b43cb6d5e90d2a0

SHA1
dcf54cee9af3dc48e231797477748fb73816b42b

SHA256
fc409cc86700917158c98bb120abf42fee6c25501774da6712ec0effc2a47a49

SHA512
27063bd1ef28e2dfcc6a41f02f9f4c65f693d1551061a737b11e56bfde9a5907808aa1ce9d4388906325555322fea6b4149ee58d9df9aa151c3db2de7883da08

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
2KB

MD5
710b0df10fc7b2ae76262c5be2d97beb

SHA1
3706d455eb5bc0034d6e97542ba91c4e36a7fc29

SHA256
f75b4f9ebaecaef870a293977faa871abe4d9b17f0918feea9a88363f5f7f705

SHA512
4691e0814c1c57857d017abc4f09e2f04bd299bb5f235b1114fd5a8a29355eba3235b7853051de3080d5cd73db82650f70cd89a07dad2d7096de74f02bfb0d65

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
9bd9ce4bfe56cbf7bc0b1df211c4f038

SHA1
7f5a092e5a6f6801e1077650ece03241950971d8

SHA256
ebf90bb7be7fe6a7602d7082d1bda2f627bb956021854e111f3f2b34c0fd9ab7

SHA512
257b29d3754b17edc1ee23cc28af813c024e2ce5add86a3c5e82f62343798638aca4000117ee4b993bfb32dd04157a69e082f50af97ed8d9dc61363609cd2665

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
52bd66323af52718a2e7f726f6fc319c

SHA1
97a81e7ab31bdb136b5eb72ef685d25e1dd3db03

SHA256
c415c7378c884a387e64d774a8cf0ddb45de7efcdd8ddd9844bc5a102e63afd5

SHA512
e5cdc8e41940f61ae3cc3843d51615099507e9c5788861eb23ddad5c0034c53a6dd1c0e003a08c2fbef36cbf0df64d132c328e39827f1c7c8c4a954e0d9755e7

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1449026925

Filesize
520B

MD5
90b0950e3dbfccb702f29135afdd83e5

SHA1
f8a9b6290555a3003013d6d2563535b3e861d248

SHA256
9e71df33c8567281e8fe33fb060afb0d447e06ac1f1826faba065a9f0b9ff305

SHA512
6edf305b32571e5ae308f456c68f91a6a2a322a654f67a0372a9dc174c96d73781ecd3b6123b0dc43a9ef7c55f6fdcbea9261c947dcf2b8fcfed15f0e8dd1dd4

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.320565312

Filesize
219B

MD5
93f4043459d6ad6028b6f1254397036c

SHA1
f0dd7a703103a2b3abd370254809e5a083462b32

SHA256
e45aa17a60849378d10cbe672bcb203d6ab3612274be35d431fc5526afd3f753

SHA512
775e0430e5d9b3a6149da0ecf7214232ac873bcb903c9044c0357ed13a3372fe504e1cd8e111ca875a7845d13961587c666bcf82d31e0fd30a0ddee6cbf9a0de

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.400620287

Filesize
121B

MD5
a85b70d3a04f44484e0a02906319a2c0

SHA1
d76f340566d6bfee3fe5ab97bb16911394691676

SHA256
f19ff08f4ad256a37d3b028e7a18e74bdfabb505dfd264bdee68dce89c52f822

SHA512
5b1b1646ab6668d0eebcbc1b50c8a3c932adeb1bdc3cfe40465de879ea6e4d74059756bbbddfec081fc8c2e2dd559b27ed9e2f4a354412b624167580eecb198c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.4281476809

Filesize
118B

MD5
108dfbaaece2c4be12844ec7aa27cadf

SHA1
804c5bcaf817a749f525c2217a3036addb5c4657

SHA256
ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848

SHA512
5f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
6246e89395cacb88b518705624d9d685

SHA1
d0d84f664260c0b8c44f92315766bfde2b35394e

SHA256
985c58a87042d3b497b55e3579a18f9d82ecde3fcf7366479a2b8b925bddd7ef

SHA512
053669802f030fb3738b73ee2d8b7279eeaceb4df8b2a40da190c31f059e9d91ad376f7eceb61cb7bef45ef0bc07669883d26dfa2ad3f8fc8f78295f68acd888

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
2a6136c6d19f5f5bfcb2e3e0b73646ab

SHA1
64257c875c143aac9d0e7c6dda3c73bff0b459ac

SHA256
096f045b9ca2e46e1211b41f22053b8fae208448cf24202bae18d51e4047cfbf

SHA512
c230f246bfaa868506c836ef07b71cb598f17fbd9198b52069089c5dc8fb1d86afacfe6c13ea026c8526ded87ca24b259b3b90272c255d84c1fec37770b653ae

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.1895081505

Filesize
115B

MD5
7f05785bf8bd1e910bc2d62c886fba57

SHA1
2afade011fd7fe4035b309dc8ea3310573288439

SHA256
edc2019a70715002e6e27e4868365b1b9e02565e55ca98d9e093c54507b9d73a

SHA512
864c899e7fb544741431fe5359f3fbd73f1075e49bc26e7244f98257d64e8a6441a7e6906e73c297a97b4cbee4c566dee5ad20c217f50b94eac1e60817dd0365

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.3336232393

Filesize
115B

MD5
83e222c1e20c9c81d9ca8e539c965cfb

SHA1
aef99d9d34f6db1f37b8375711164cc8cf4bf28d

SHA256
bb63eaa4573dff84f60c0cc6cc56ff7213550c76a63ef1295dd8bae6f42aa929

SHA512
3f6034f139599a620e737898756d591429d93a12d406647b372917d95a07e0edb19264305d1db4af00eb6973b6db6cd0ddb1af3aa1d78a35b02d118c87218467

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.3636403526

Filesize
19KB

MD5
d48503c0a37cc86b074918d31ded2bed

SHA1
2bda207b6a8163d08c447f6a34ac380c66831da4

SHA256
a75738be5ee15122602ed28e924e387a6827524ec040816f2f08395d1270d4f4

SHA512
045a47ed0c1e60bdbd9407f89d846874358e546b858aea48650afaae9155a17945ce8eb196dc4e777f8d6b9febd689b6e3ea65c837e32e334887e5a37164087f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
d914d9d9a1d1c032536478841808ae45

SHA1
d8ebd01d0e2de39006a6aa64f8101257140d903e

SHA256
8bbabe59e5329531c28aeee74c48ca99f03ec77c3f116ac5062fe46e5f4a2292

SHA512
53568a450c733d9ba69aa62d36f814cb8940b8f0637568ff3efbf3a95940a120643fb93baa1a7163d4fddf3044a3353b4a25c8ff676d73ae05590a08ccc8bf2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
8c19f42ccd3561a76172e36fb5bb16fd

SHA1
edb5a0515ec934aaa4c6a61733bb3096ff156e77

SHA256
c897882b6e5856ffc59f98d9a6848b3ec9cc251c3f2a9520066715737dfa5757

SHA512
12257aa56b54c6fe384cf0d6d230ec7b9c52f683a0b50e635cb837078e16b85ccec4323a61619ac329123083742524daaaa30c75b78230376ea8fbc5355e061f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
057c439224414e125e120d1bd8e9bf97

SHA1
a1705832165d015602924f250195035b54a1038c

SHA256
48fa2971b1f65de17f4309c808cf977fccbc63b47fd731df5f64bceabd14986b

SHA512
2b0f9473c42b557fae069c9796d5297cee597c3d1436388adfc2734b4800aac7f028e6868324a47fd9df1237473ff7f23b7b47a2557158029c2034f4cf35c504

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
1e19fef7b8e240c46b226dba784710ab

SHA1
374a07c96491a02078adeb3999e2e2aeacf2b260

SHA256
998b820c2b02c1beb8f651d299a96c617624591dce5958f1a52bfa8d942d0b51

SHA512
1240c49e1127a18ab70cb7fa6520ce3549b713f92d2b57ceb447ddfb32c620f24824626fec13a8420a615a7e51d7cc3768cfc407098a6b3444fccf4e815b9e5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
2c6cf1b838c3f9be5c8d48b49fb33b5a

SHA1
a3792af6459f7663d60e6d66cab2354bc0b7c885

SHA256
d3ce0c4720aa45312fd7dd81da97ee08e660a2b89f0165f6f16356f208107c9c

SHA512
bf387c5b7ae8728a7c0602b36526b37f6f1f9dfd0063c2e9ab59e27eed8b4f8c61ec499e6d24a8d2a0d968652aca03843a288dddc6dfc410121dec1aa77cec0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
cef9d5c38423fe71640f513c817d300e

SHA1
7d08cc738bcb50b1d10f4ca66141a69b2d04b6b5

SHA256
72f7a7e8904a133979b41b776092c4d7c3a508b6227b29ea58800f7b9c308dd3

SHA512
1c4006099af97b53df1d56ca7ae4605dbbc78b066b2f3cb9cedceafe966026af0cdc22df95b8906803655164ee992dba5db77bf6f0fb7ebeb61c7909d4625980

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
86bda08473a010dfbebb98a55d658208

SHA1
b8488b7efd6857585109063e36ff17e0551a50e5

SHA256
a152300b685d096237ef22ad592fd511ad83d9263fcfeeae402027fd7f76cd2d

SHA512
d875e1ad199e29ac0a27c38cc7d39baaaac06c97cd6e0f95eb44787fae16aaa50488a9520c0d28ae7d3245ffb062d3833dc1ecef5ad0f49421ca94327923a79b

Download Submit
C:\Users\Admin\Documents\Medal\MedalLog20240925.txt

Filesize
5KB

MD5
079aa907e89e2c02b2a91533c652fe43

SHA1
04e29fa8f21c5467aa342d0417ca1e5c7c2026b0

SHA256
0772e0540da7d2894d630d2a8d05e59e8d77f8943f788c519bf2a0317158482f

SHA512
88328caed0fbd7f5b67b715e908c9db4e4efade9f415586df8e69595d4adf1d316ac0dd2914c760c4da33bf42a8f1fb651d368a72ab4129ec01fabb0b48129ce

Download Submit
memory/1036-7787-0x0000000000AF0000-0x0000000000CE6000-memory.dmp

Filesize
2.0MB

Download
memory/1060-9-0x0000000000240000-0x0000000000416000-memory.dmp

Filesize
1.8MB

Download
memory/1060-1747-0x000000001FA20000-0x000000001FA2E000-memory.dmp

Filesize
56KB

Download
memory/1060-1745-0x000000001FA50000-0x000000001FA88000-memory.dmp

Filesize
224KB

Download
memory/3300-7843-0x000001ADD2DC0000-0x000001ADD2DE2000-memory.dmp

Filesize
136KB

Download
memory/3332-7966-0x0000000002830000-0x0000000002850000-memory.dmp

Filesize
128KB

Download
memory/4296-8756-0x00007FF78B080000-0x00007FF7901C5000-memory.dmp

Filesize
81.3MB

Download
memory/4296-9144-0x00007FF78B080000-0x00007FF7901C5000-memory.dmp

Filesize
81.3MB

Download
memory/4296-8759-0x00007FF78B080000-0x00007FF7901C5000-memory.dmp

Filesize
81.3MB

Download
memory/4544-7875-0x00007FF9EEC80000-0x00007FF9EEC81000-memory.dmp

Filesize
4KB

Download
memory/4980-8734-0x000001D6677D0000-0x000001D667802000-memory.dmp

Filesize
200KB

Download
memory/4980-8735-0x000001D667800000-0x000001D667812000-memory.dmp

Filesize
72KB

Download
memory/4980-8748-0x000001D621060000-0x000001D621588000-memory.dmp

Filesize
5.2MB

Download
memory/4980-8736-0x000001D6800E0000-0x000001D6802A2000-memory.dmp

Filesize
1.8MB

Download
memory/4980-8732-0x00000000006E0000-0x00000000006EE000-memory.dmp

Filesize
56KB

Download
memory/4980-8746-0x000001D667840000-0x000001D66785E000-memory.dmp

Filesize
120KB

Download
memory/4980-8745-0x000001D67FF90000-0x000001D680006000-memory.dmp

Filesize
472KB

Download
memory/4980-8733-0x00000000681E0000-0x00000000681EE000-memory.dmp

Filesize
56KB

Download
memory/5464-9253-0x0000017DE7F10000-0x0000017DE7F3A000-memory.dmp

Filesize
168KB

Download
memory/5616-9090-0x00007FF78B080000-0x00007FF7901C5000-memory.dmp

Filesize
81.3MB

Download
memory/5632-9131-0x000001FC9DBB0000-0x000001FC9DBF6000-memory.dmp

Filesize
280KB

Download
memory/6088-9089-0x000001FCF7910000-0x000001FCF7934000-memory.dmp

Filesize
144KB

Download
memory/6088-9088-0x000001FCF7910000-0x000001FCF793A000-memory.dmp

Filesize
168KB

Download
memory/6092-9781-0x000001C9D4E10000-0x000001C9D4E18000-memory.dmp

Filesize
32KB

Download
memory/6092-9291-0x000001C9CF620000-0x000001C9CF654000-memory.dmp

Filesize
208KB

Download
memory/6092-9470-0x000001C9D4580000-0x000001C9D4588000-memory.dmp

Filesize
32KB

Download
memory/6092-9468-0x000001C9D4B00000-0x000001C9D4B80000-memory.dmp

Filesize
512KB

Download
memory/6092-9467-0x000001C9D4A40000-0x000001C9D4A74000-memory.dmp

Filesize
208KB

Download
memory/6092-9469-0x000001C9D4570000-0x000001C9D457A000-memory.dmp

Filesize
40KB

Download
memory/6092-9473-0x000001C9D4AC0000-0x000001C9D4ADE000-memory.dmp

Filesize
120KB

Download
memory/6092-9299-0x000001C9CF770000-0x000001C9CF780000-memory.dmp

Filesize
64KB

Download
memory/6092-9436-0x000001C9D4660000-0x000001C9D46AC000-memory.dmp

Filesize
304KB

Download
memory/6092-9409-0x000001C9D45D0000-0x000001C9D4652000-memory.dmp

Filesize
520KB

Download
memory/6092-9499-0x000001C9D4A80000-0x000001C9D4A8E000-memory.dmp

Filesize
56KB

Download
memory/6092-9471-0x000001C9D4AA0000-0x000001C9D4AB4000-memory.dmp

Filesize
80KB

Download
memory/6092-9301-0x000001C9CF790000-0x000001C9CF7A0000-memory.dmp

Filesize
64KB

Download
memory/6092-9780-0x000001C9D4E60000-0x000001C9D4E78000-memory.dmp

Filesize
96KB

Download
memory/6092-9298-0x000001C9CF760000-0x000001C9CF768000-memory.dmp

Filesize
32KB

Download
memory/6092-9786-0x000001C9D4DE0000-0x000001C9D4DFC000-memory.dmp

Filesize
112KB

Download
memory/6092-9782-0x000001C9D4E20000-0x000001C9D4E42000-memory.dmp

Filesize
136KB

Download
memory/6092-9787-0x000001C9D5D90000-0x000001C9D5E02000-memory.dmp

Filesize
456KB

Download
memory/6092-9788-0x000001C9D4E80000-0x000001C9D4E94000-memory.dmp

Filesize
80KB

Download
memory/6092-9790-0x000001C9D4EA0000-0x000001C9D4EB2000-memory.dmp

Filesize
72KB

Download
memory/6092-9789-0x000001C9D4EE0000-0x000001C9D4F12000-memory.dmp

Filesize
200KB

Download
memory/6092-9297-0x000001C9CF6C0000-0x000001C9CF6CA000-memory.dmp

Filesize
40KB

Download
memory/6092-9295-0x000001C9CF3C0000-0x000001C9CF3CA000-memory.dmp

Filesize
40KB

Download
memory/6092-9294-0x000001C9CF3B0000-0x000001C9CF3BA000-memory.dmp

Filesize
40KB

Download
memory/6092-9293-0x000001C9CF3A0000-0x000001C9CF3AA000-memory.dmp

Filesize
40KB

Download
memory/6092-9292-0x000001C9CF6D0000-0x000001C9CF73C000-memory.dmp

Filesize
432KB

Download
memory/6092-9414-0x000001C9D45A0000-0x000001C9D45CA000-memory.dmp

Filesize
168KB

Download
memory/6092-9300-0x000001C9CF780000-0x000001C9CF788000-memory.dmp

Filesize
32KB

Download
memory/6092-9916-0x000001C9D4DC0000-0x000001C9D4DC8000-memory.dmp

Filesize
32KB

Download
memory/6092-9290-0x000001C9CFC40000-0x000001C9D0258000-memory.dmp

Filesize
6.1MB

Download
memory/6092-9289-0x000001C9CF3E0000-0x000001C9CF412000-memory.dmp

Filesize
200KB

Download
memory/6092-9420-0x000001C9D3B10000-0x000001C9D3B1A000-memory.dmp

Filesize
40KB

Download
memory/6092-9419-0x000001C9D3B00000-0x000001C9D3B08000-memory.dmp

Filesize
32KB

Download
memory/6092-9277-0x000001C9CF420000-0x000001C9CF4D0000-memory.dmp

Filesize
704KB

Download
memory/6092-9263-0x000001C9B4E70000-0x000001C9B4E8A000-memory.dmp

Filesize
104KB

Download
memory/6092-9262-0x000001C9B4E50000-0x000001C9B4E6C000-memory.dmp

Filesize
112KB

Download
memory/6092-9261-0x000001C9B6790000-0x000001C9B67D8000-memory.dmp

Filesize
288KB

Download
memory/6092-10107-0x000001C9CF810000-0x000001C9CFBE6000-memory.dmp

Filesize
3.8MB

Download
memory/6092-9259-0x000001C9B4830000-0x000001C9B49F2000-memory.dmp

Filesize
1.8MB

Download
memory/6092-9407-0x000001C9D4490000-0x000001C9D44BA000-memory.dmp

Filesize
168KB

Download
memory/6092-9408-0x000001C9D4520000-0x000001C9D4536000-memory.dmp

Filesize
88KB

Download
memory/6092-9405-0x000001C9D3BC0000-0x000001C9D3BEC000-memory.dmp

Filesize
176KB

Download
memory/6092-9406-0x000001C9D3C40000-0x000001C9D3C88000-memory.dmp

Filesize
288KB

Download
memory/6092-9368-0x000001C9D3A00000-0x000001C9D3A26000-memory.dmp

Filesize
152KB

Download
memory/6092-9367-0x000001C9D3A60000-0x000001C9D3ABA000-memory.dmp

Filesize
360KB

Download
memory/6092-9305-0x000001C9CF7E0000-0x000001C9CF7E8000-memory.dmp

Filesize
32KB

Download
memory/6092-9306-0x000001C9CF800000-0x000001C9CF808000-memory.dmp

Filesize
32KB

Download
memory/6092-9303-0x000001C9CF7D0000-0x000001C9CF7D8000-memory.dmp

Filesize
32KB

Download
memory/6092-9304-0x000001C9CF7C0000-0x000001C9CF7C8000-memory.dmp

Filesize
32KB

Download
memory/6092-9302-0x000001C9CF7B0000-0x000001C9CF7B8000-memory.dmp

Filesize
32KB

Download
memory/6092-9296-0x000001C9CF740000-0x000001C9CF75C000-memory.dmp

Filesize
112KB

Download
memory/6972-10248-0x00000262E5D30000-0x00000262E5D31000-memory.dmp

Filesize
4KB

Download
memory/6972-10250-0x00000262E5D30000-0x00000262E5D31000-memory.dmp

Filesize
4KB

Download
memory/6972-10249-0x00000262E5D30000-0x00000262E5D31000-memory.dmp

Filesize
4KB

Download