d1273886847ed68aa98bb847cd0afcdb411ae57e80775ccf18ded854fcefc96c

Analysis

max time kernel
301s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe
Size

143.1MB
MD5

1e622810ec211cc44426d5482a1d5d0f
SHA1

da7e158a2092fc64664e260626c847eaee3684ed
SHA256

d1273886847ed68aa98bb847cd0afcdb411ae57e80775ccf18ded854fcefc96c
SHA512

6f55a70223e0f8c917145edf63a51d16c991537382f7fcacf5af9e143cae77df0d1265d24e829588d4fe535c8e644feb9034aeb8ef5b147ed093511aae9bb0a8
SSDEEP

3145728:o5xGeJvRWj9zzug3X1rpMDM+a2LFdoeJoL4zc8HJvGWbpLJh4Ohojs:oXVQj9vdUaOd9qsddAs

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\""	reg.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Medal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Medal.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
4984	powershell.exe
2520	powershell.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
3424	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 22 IoCs

pid	Process
2416	Update.exe
1644	Squirrel.exe
3624	Medal.exe
3976	Medal.exe
5000	Update.exe
4440	Medal.exe
3144	Medal.exe
1164	Medal.exe
1464	Medal.exe
4280	Medal.exe
3716	Medal.exe
2204	Medal.exe
4116	Medal.exe
1552	Medal.exe
1052	ffmpeg.exe
1544	Medal.exe
544	Medal.exe
4948	ffmpeg.exe
1160	Medal.exe
1548	MedalEncoder.exe
3856	crashpad_handler.exe
5800	Medal.exe

Loads dropped DLL 49 IoCs

pid	Process
3624	Medal.exe
3976	Medal.exe
4440	Medal.exe
3144	Medal.exe
4440	Medal.exe
4440	Medal.exe
4440	Medal.exe
4440	Medal.exe
1164	Medal.exe
1464	Medal.exe
4280	Medal.exe
3716	Medal.exe
4280	Medal.exe
4280	Medal.exe
4280	Medal.exe
4280	Medal.exe
2204	Medal.exe
4116	Medal.exe
1552	Medal.exe
4116	Medal.exe
4116	Medal.exe
4116	Medal.exe
4116	Medal.exe
4116	Medal.exe
1544	Medal.exe
544	Medal.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
5800	Medal.exe
5800	Medal.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{A97F438B-A2C9-48F1-8DB8-E6311EE0324C}	MedalEncoder.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\ = "URL:medal"	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\shell	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\shell\open	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2535.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2535.0\\--squirrel-firstrun\" \"%1\""	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{4F9C480C-5ADD-444B-9EED-A84A31C27073}	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\URL Protocol	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\medal\shell\open\command	Medal.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
3808	reg.exe
3492	reg.exe
4960	reg.exe
3048	reg.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3624	Medal.exe
3624	Medal.exe
3624	Medal.exe
3624	Medal.exe
2416	Update.exe
2416	Update.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
4116	Medal.exe
4116	Medal.exe
4116	Medal.exe
4116	Medal.exe
1552	Medal.exe
1552	Medal.exe
1552	Medal.exe
1552	Medal.exe
4984	powershell.exe
4984	powershell.exe
4984	powershell.exe
1836	powershell.exe
1836	powershell.exe
1836	powershell.exe
2520	powershell.exe
2520	powershell.exe
2520	powershell.exe
1160	Medal.exe
1160	Medal.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
5800	Medal.exe
5800	Medal.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe
1548	MedalEncoder.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2032	WMIC.exe
Token: SeSecurityPrivilege	2032	WMIC.exe
Token: SeTakeOwnershipPrivilege	2032	WMIC.exe
Token: SeLoadDriverPrivilege	2032	WMIC.exe
Token: SeSystemProfilePrivilege	2032	WMIC.exe
Token: SeSystemtimePrivilege	2032	WMIC.exe
Token: SeProfSingleProcessPrivilege	2032	WMIC.exe
Token: SeIncBasePriorityPrivilege	2032	WMIC.exe
Token: SeCreatePagefilePrivilege	2032	WMIC.exe
Token: SeBackupPrivilege	2032	WMIC.exe
Token: SeRestorePrivilege	2032	WMIC.exe
Token: SeShutdownPrivilege	2032	WMIC.exe
Token: SeDebugPrivilege	2032	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2032	WMIC.exe
Token: SeRemoteShutdownPrivilege	2032	WMIC.exe
Token: SeUndockPrivilege	2032	WMIC.exe
Token: SeManageVolumePrivilege	2032	WMIC.exe
Token: 33	2032	WMIC.exe
Token: 34	2032	WMIC.exe
Token: 35	2032	WMIC.exe
Token: 36	2032	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1440	WMIC.exe
Token: SeSecurityPrivilege	1440	WMIC.exe
Token: SeTakeOwnershipPrivilege	1440	WMIC.exe
Token: SeLoadDriverPrivilege	1440	WMIC.exe
Token: SeSystemProfilePrivilege	1440	WMIC.exe
Token: SeSystemtimePrivilege	1440	WMIC.exe
Token: SeProfSingleProcessPrivilege	1440	WMIC.exe
Token: SeIncBasePriorityPrivilege	1440	WMIC.exe
Token: SeCreatePagefilePrivilege	1440	WMIC.exe
Token: SeBackupPrivilege	1440	WMIC.exe
Token: SeRestorePrivilege	1440	WMIC.exe
Token: SeShutdownPrivilege	1440	WMIC.exe
Token: SeDebugPrivilege	1440	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1440	WMIC.exe
Token: SeRemoteShutdownPrivilege	1440	WMIC.exe
Token: SeUndockPrivilege	1440	WMIC.exe
Token: SeManageVolumePrivilege	1440	WMIC.exe
Token: 33	1440	WMIC.exe
Token: 34	1440	WMIC.exe
Token: 35	1440	WMIC.exe
Token: 36	1440	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1440	WMIC.exe
Token: SeSecurityPrivilege	1440	WMIC.exe
Token: SeTakeOwnershipPrivilege	1440	WMIC.exe
Token: SeLoadDriverPrivilege	1440	WMIC.exe
Token: SeSystemProfilePrivilege	1440	WMIC.exe
Token: SeSystemtimePrivilege	1440	WMIC.exe
Token: SeProfSingleProcessPrivilege	1440	WMIC.exe
Token: SeIncBasePriorityPrivilege	1440	WMIC.exe
Token: SeCreatePagefilePrivilege	1440	WMIC.exe
Token: SeBackupPrivilege	1440	WMIC.exe
Token: SeRestorePrivilege	1440	WMIC.exe
Token: SeShutdownPrivilege	1440	WMIC.exe
Token: SeDebugPrivilege	1440	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1440	WMIC.exe
Token: SeRemoteShutdownPrivilege	1440	WMIC.exe
Token: SeUndockPrivilege	1440	WMIC.exe
Token: SeManageVolumePrivilege	1440	WMIC.exe
Token: 33	1440	WMIC.exe
Token: 34	1440	WMIC.exe
Token: 35	1440	WMIC.exe
Token: 36	1440	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2032	WMIC.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2416	Update.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe
1164	Medal.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1548	MedalEncoder.exe
1548	MedalEncoder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2416	2732	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe	86
PID 2732 wrote to memory of 2416	2732	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe	86
PID 2416 wrote to memory of 1644	2416	Update.exe	87
PID 2416 wrote to memory of 1644	2416	Update.exe	87
PID 2416 wrote to memory of 3624	2416	Update.exe	88
PID 2416 wrote to memory of 3624	2416	Update.exe	88
PID 3624 wrote to memory of 3976	3624	Medal.exe	89
PID 3624 wrote to memory of 3976	3624	Medal.exe	89
PID 3624 wrote to memory of 1768	3624	Medal.exe	90
PID 3624 wrote to memory of 1768	3624	Medal.exe	90
PID 3624 wrote to memory of 2024	3624	Medal.exe	92
PID 3624 wrote to memory of 2024	3624	Medal.exe	92
PID 1768 wrote to memory of 1440	1768	cmd.exe	94
PID 1768 wrote to memory of 1440	1768	cmd.exe	94
PID 2024 wrote to memory of 2032	2024	cmd.exe	95
PID 2024 wrote to memory of 2032	2024	cmd.exe	95
PID 3624 wrote to memory of 756	3624	Medal.exe	97
PID 3624 wrote to memory of 756	3624	Medal.exe	97
PID 756 wrote to memory of 3356	756	cmd.exe	99
PID 756 wrote to memory of 3356	756	cmd.exe	99
PID 3624 wrote to memory of 5000	3624	Medal.exe	100
PID 3624 wrote to memory of 5000	3624	Medal.exe	100
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 4440	3624	Medal.exe	101
PID 3624 wrote to memory of 3144	3624	Medal.exe	102
PID 3624 wrote to memory of 3144	3624	Medal.exe	102
PID 2416 wrote to memory of 1164	2416	Update.exe	104

C:\Users\Admin\AppData\Local\Temp\MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:1644
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --squirrel-install 4.2535.0
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2535.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4f8,0x500,0x508,0x4d4,0x50c,0x7ff7bf4d1898,0x7ff7bf4d18a8,0x7ff7bf4d18b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3976
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1768
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2024
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:756
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:3356
  - - C:\Users\Admin\AppData\Local\Medal\Update.exe
      C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
      4⤵
      Executes dropped EXE
      PID:5000
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=2040,i,10320594082587091974,2136630122371654452,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4440
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2220 --field-trial-handle=2040,i,10320594082587091974,2136630122371654452,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3144
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1164
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2535.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x4f8,0x500,0x504,0x4d4,0x508,0x7ff7bf4d1898,0x7ff7bf4d18a8,0x7ff7bf4d18b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      PID:1532
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:2156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      PID:2976
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        
        PID:3132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
      4⤵
      PID:4580
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController
        5⤵
        
        PID:2588
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4280
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2124 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3716
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3244 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2204
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal
      4⤵
      Modifies registry key
      PID:3048
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:3808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version"
      4⤵
      PID:4060
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3436 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4116
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:1404
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:4708
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version"
        5⤵
        
        PID:1568
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version
        6⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -
        5⤵
        Executes dropped EXE
        
        PID:1052
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:4960
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:3492
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3840 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:1552
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:116
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:232
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version"
        5⤵
        
        PID:3924
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic datafile where name="C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0\\MedalEncoder.exe" get Version
        6⤵
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3844 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1544
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4516 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:544
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml
      4⤵
      PID:4544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
      4⤵
      PID:2084
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
        5⤵
        
        PID:2644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
      4⤵
      PID:60
    - - C:\Windows\system32\cmd.exe
        
        cmd /c query session
        5⤵
        
        PID:1836
      - C:\Windows\system32\query.exe
        
        query session
        6⤵
        
        PID:392
        
        C:\Windows\system32\qwinsta.exe
        
        "C:\Windows\system32\qwinsta.exe"
        7⤵
        
        PID:4892
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:3612
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\ffmpeg.exe" -version"
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\ffmpeg.exe" -version
        5⤵
        Executes dropped EXE
        
        PID:4948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
      4⤵
      PID:4580
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
        5⤵
        Enumerates processes with tasklist
        
        PID:3424
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1836
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\a7dec54e.txt"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2520
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
      4⤵
      PID:1520
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\suicide.lock b79cf835-4b34-40c0-9236-b01325f4f26d
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1160
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\MedalEncoder.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\MedalEncoder.exe" soundOffset=
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\DLLs\crashpad_handler.exe
        
        C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.7.6&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\sentry-db\2bd647fe-58aa-4370-7c85-2c8808443375.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\sentry-db\2bd647fe-58aa-4370-7c85-2c8808443375.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\sentry-db\2bd647fe-58aa-4370-7c85-2c8808443375.run\__sentry-breadcrumb2 --initial-client-data=0xe88,0xe8c,0xe90,0xe84,0xe94,0x7ffbccea4d60,0x7ffbccea4d78,0x7ffbccea4d90
        6⤵
        Executes dropped EXE
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3532 --field-trial-handle=1992,i,7245760883541653596,11863605970610145461,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x500
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\4ckqiqx2.newcfg

Filesize
47KB

MD5
192c6732ae91e7157f793bbbc2cf6875

SHA1
c9f4049fcb97634cb3a37cb83303d6391c547e86

SHA256
fc214b1dcbb5c84bcef705742cb32f8017d6eef75efefe3651a3b237aadf1764

SHA512
7e75cebc6dee0f3aa91b4e351b3d32bfcc142831f373e6ced80c02056e71c91c4563a39d742a59eebd5c7f128bb68148268eecde86cc5dc5bd3893bd0b0c90f7

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\kbwhslqd.newcfg

Filesize
55KB

MD5
62d6f899bd82c57ca4d12d5b1193f3a0

SHA1
feeeb24640966b829081cf4593d1fcd4c4140de6

SHA256
67b9a71a00391ec1aede007c5eab31f9f08ebbbd6dfb95fc0bbbc34760b06438

SHA512
67c73cfec3e9d309e292df82d49f40629b5157ebb4064304f77e526bca02470110ba6916bc8fbd851ef3b4e041865974cf03428122fcac5d325981b5a9cd208a

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\mezfcqp2.newcfg

Filesize
22KB

MD5
1f6c02a7ed03d2178aee49a0ff70b9e9

SHA1
0998f82e8874a987378b66e72a76716cf721bbee

SHA256
1b586d8d799a9a248dcb9b585043d77fb7424dc6bbc222640ad12ff7fc4d8106

SHA512
517cb25a601a2b21822891b99f0d68e7db99043ddbf864a249fc86d34f20f116fdba51781c7b30c5fec67f9a90f0b4fe8ca47e5259629adb6d0ac20e956da480

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\ol1zubrs.newcfg

Filesize
22KB

MD5
d8c4ddb263ba6cb865b0b00a7224766f

SHA1
4544ae55a8c04b30955329ec39b4c736a2f7830b

SHA256
840cd9e38a4bb048e19f7c5d6da437ef6e4b3083b378911721ec6e00e363a42f

SHA512
44e717b21aa7aeb4913e603e2977a6ca5d8d18e393b043fb31f44ff7c62ac1140335d950e769d3d590802ef389a4c04020e69863ead8165dfae02cfd34c7615d

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\user.config

Filesize
332B

MD5
e37e2958c5378a8c6bb3170fd5abdbaa

SHA1
fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f

SHA256
090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1

SHA512
1e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\user.config

Filesize
20KB

MD5
d7e1d846f3a845a7870c1f8970ea1030

SHA1
fd3dd4b5e668f5e2906086a1f40da6f7d8f86adb

SHA256
6f0b399ebb0bc492106fd8a9c841b3fc35f281c9cd0fdc5a93cad2b77e4178ea

SHA512
abd12c9881ae1e24a2dfc0e5a9f51fed0a2100a34bde8ca457791db97bcaf3bd1fbc70a05c9b912b66d275728bde918999c4b8042951b51eadf9a6b460b76ceb

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_sskcp30nzqu11cmkx5ucxy0tjmxyoja2\3.897.0.0\user.config

Filesize
20KB

MD5
c0f973844dd85af33401ed8cff2f8edb

SHA1
958867004da1b98dc3ad108934afec515cd8efd3

SHA256
64b6f9f63721ba808ece1a71df32f3a80045cbf6450ff8a41fd2de43a73f5edc

SHA512
888496445e34fda4a66c714cbb4c8fa8dbd5f154809e740cc32468f4488887c53f817c8b634ba4c486352c875403f082fcc0f04ca291d12d860a3bf29e36b3cf

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\ffmpeg.dll

Filesize
2.6MB

MD5
ec098a73a78c1e2c26160219c3116fdd

SHA1
ff770841cd5b048c30d6fdb95028a52379aaa72e

SHA256
5603ea667254ee1bec209b9aaff9697684e7aab056d427bf9dcb7276952aa5ba

SHA512
15e76f0974780a11e80607f9edb959fdfbe0ffbd50637e501a0391e2c1d2642bf0027a492a4b874983b914cd224a3e8fce24cae156f6351db13208feede74b97

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\index.js

Filesize
386B

MD5
5e2fbb9d655e0dd204e8d211ec1b4d0c

SHA1
440dc879e7fb836d97a5f5a40f016bbaa1b7f588

SHA256
8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9

SHA512
d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\main.min.js

Filesize
7.6MB

MD5
9a566fe129c3621b3b9087430afb96a7

SHA1
9d01bbd71014ee7d05000ca563f0f1153726f1dd

SHA256
88af76a1bc28dd8d27af7fdf0f55daa9fdc4db54ef6496ec39212c6daff49cf7

SHA512
ece967c2b0884f375ab56a4a29c35b6c9fb1e9c1ad60b1c12d148385359863d907eb1fc4e9e622837271ff8bc21fb1bf79b6c34c2bda73f3751aa633655946a8

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

Filesize
1KB

MD5
ea817882455c03503f7d014a8f54f095

SHA1
dd164bc611bca7ba8ead40ec4c2851081e5a16b9

SHA256
1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39

SHA512
0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

Filesize
947B

MD5
b0adfc74c8e51ce2ab659bfc13752ed3

SHA1
1b0879db53a00bbfeddcfdc0c190901387bab7bd

SHA256
a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d

SHA512
4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

Filesize
263B

MD5
dfb2813673ea5279a9aa7305e5fe33f3

SHA1
6e6491c1ab3389433d1b39a33b3ac8760649a2c8

SHA256
5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe

SHA512
53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\async\dist\async.js

Filesize
219KB

MD5
1257b1d9deaebe158498a18320cb5206

SHA1
6658b0192f5224d10475378ee50ce927b8b99f13

SHA256
caeea733f6f61bb394a1a5f71d8bda604765dcc9aea0f0a9a0e54243a1d4c7e8

SHA512
244bb4cc9a386415f1ff15392c92ffab5ceee43b78bada2f9836809b015738347cc781c8ec1eec97dd17d8a00e59d100079f7a6f9fa9790dc84f07ce64754fb1

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\async\package.json

Filesize
2KB

MD5
8b25d829d53060e8c855b44bf9f0a163

SHA1
fba8834d773d13fc6c9c74a1ea3ffd013859d7a1

SHA256
ed7622386e4427bbdd4eb08c09c0aca9bcc1d739becdfb421b2cd19c76dae308

SHA512
43427701fb7eaac7fd06ef99ff86cbf5c2a27d0ca28d5bf95b3b9cb0469b00a39dc81afee2d7d2dcb22ec0aef2dd4cc36e01c241ee507865f31be5377d3d9b2e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\b4a\index.js

Filesize
3KB

MD5
b792856285e9760aac0ca447b4cdad32

SHA1
c3f23229d5855aa849565a6f4dee345b4471e53e

SHA256
7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64

SHA512
a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\b4a\package.json

Filesize
701B

MD5
530ee244b7c2df2e16d152d4dbe039d5

SHA1
6b5e6be8639f0c3f9828fcae1d2bbae7344edde0

SHA256
287e126e6500f191066f1865ef155a4dd668ad08c177d42821a77a52e0202604

SHA512
5401f101832ba756eb7693751cd857349aef42052ae2c0d29c886fe514f74c356ffd8f4c0dac95508a801c7b8d6b2dbb515f3388c96c63b9ae844e37bf4024b6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\bindings\package.json

Filesize
660B

MD5
17005447df8440e0e386849b8fa2b682

SHA1
14bbbadeb1307b1f711ee10093d5b46a7889677c

SHA256
a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c

SHA512
a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\blake2b.js

Filesize
11KB

MD5
6d4fdddbe0e3df6ede11846ac2d9f104

SHA1
16ed563b7e5eb247279479de76bea594fab392f0

SHA256
ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9

SHA512
f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\index.js

Filesize
4KB

MD5
b1c4d73faad73d98b01810cde1eb52fb

SHA1
67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce

SHA256
0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd

SHA512
bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\package.json

Filesize
782B

MD5
85f6234e8249e84f2a2361d5142707a3

SHA1
d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef

SHA256
5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541

SHA512
e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b\index.js

Filesize
9KB

MD5
350e95a4d11b533abbd5d4414d38005f

SHA1
37f2bb772cc953169bbfc13087b13ba6952ed8b3

SHA256
89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064

SHA512
8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b\package.json

Filesize
742B

MD5
88595359281788f64142b0938af3f9db

SHA1
d35800917d86c3d104b9142926e9daa2ba4bf3dc

SHA256
47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870

SHA512
a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\node_modules\ms\package.json

Filesize
705B

MD5
b3ea7267a23f72028e774742792b114a

SHA1
fe112804e727b4f3489e9a52900349d0a4ed302c

SHA256
3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757

SHA512
01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\package.json

Filesize
1KB

MD5
2630a1ac039c8970c8fb0daf0f2f03c4

SHA1
ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7

SHA256
754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb

SHA512
a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\node.js

Filesize
4KB

MD5
6e63fda079262f01e14f03bdf77146c0

SHA1
481608e3c95722f3a474336e5b777a6a521e76f9

SHA256
f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559

SHA512
3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\index.js

Filesize
7KB

MD5
d359d8698706d059e14b6f3eeedced8c

SHA1
9acb5276a78ed09acf81a62e1db439217aff85cf

SHA256
6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773

SHA512
f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\stub.js

Filesize
156B

MD5
62063cc3b8565061daaddf496dd15731

SHA1
206166851431982536333b4a1b9c31f9e5111295

SHA256
3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6

SHA512
a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\templates.js

Filesize
458B

MD5
790b7b8bf5ed00feffce05aac1c79492

SHA1
5ac0afae48c626cc6474268c725342039e5e5ef0

SHA256
6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f

SHA512
2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\package.json

Filesize
1KB

MD5
16fd5b35f0cbaed2b0b719e69f9f5a4b

SHA1
7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4

SHA256
9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c

SHA512
a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\file-uri-to-path\package.json

Filesize
717B

MD5
65f30030f0e7b2eff552eaabd8bb1fe1

SHA1
5dee8a540c467ffbf9025481180c77a06a9f46f2

SHA256
71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0

SHA512
763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
83c46187ed7b1e33a178f4c531c4ea81

SHA1
ea869663486f513cc4d1ca8312ed52a165c417fa

SHA256
e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9

SHA512
51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\ms\package.json

Filesize
732B

MD5
a682078f64a677ddad1f50307a14b678

SHA1
c290eb97736177176d071da4ac855ab995685c97

SHA256
1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40

SHA512
9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\nanoassert\index.js

Filesize
438B

MD5
44d45c7081a567a4d0cb4bbb36bf6be6

SHA1
69a7954eab536502b052557d5911acb9de503dad

SHA256
5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb

SHA512
0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\nanoassert\package.json

Filesize
647B

MD5
de6935b833716ef4d703b58e188ace78

SHA1
01cb598615db0cb08979b3ff1e4324d047eb1fa0

SHA256
2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd

SHA512
b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\index.js

Filesize
7KB

MD5
7d598c8605e26cafe489544f1730d380

SHA1
02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4

SHA256
8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e

SHA512
f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\lib\mappingTable.json

Filesize
253KB

MD5
26c6da7a34c8a051a60b3592287d3fea

SHA1
6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da

SHA256
b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff

SHA512
8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\package.json

Filesize
732B

MD5
36ce158498fb4f35c9a42edb60665bbe

SHA1
49c76b0a075effa9325c17f55c4d6472ddf3c7a9

SHA256
615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779

SHA512
676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\package.json

Filesize
9KB

MD5
a86e209d4b8219384556d7b641e571c2

SHA1
5453945c75646cd23bd9cd562c52ec86aae69189

SHA256
0c8bb2d6ce351c4dad829b23178c271b10d4cf028ba239edf4f687756cf2420e

SHA512
db612348233d366e249ed83f240c6144a16195979792c62f48b6af03f9c7648aa8593c122df99cae63fc1a007b5a7b04089b989270afc57a5e715ed754f41ba7

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
20B

MD5
adeb46363a0d587d0d93784e223ce1de

SHA1
ef8936254d20fdee5f1fcf80a43e5bab277d4993

SHA256
507a929a125c5038b68c113a1e4c7a17ccea1978fe43a4a92a16f905c54a41ec

SHA512
0479e1c3aee76e4ff939965655452716a99f9ad4457ae567d43cd3c12adfd80439908ad10146020b6c0548e620278377da762bb2556b3c1db54f74a5e709dfa6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
90B

MD5
9bdcbe4d42586be22764e1b3ce4dae0d

SHA1
13fd17ce1470f94624692b5fec9c1230699c6b73

SHA256
31fc4c7febea3b7bb7068fc56a55644eece5b6d85536febbe560766c1fd1f608

SHA512
213b4fadde1f747023f926ad78620f17e108311d09522d57e6f49c16bdac794140eb822b734f3c0ee1128ab019f3386f25d55d0c4dd2a2775372a3509c885a30

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
44B

MD5
2b5e220a8873020b99c4bdb50c799b05

SHA1
04fd1be66a66ed2a231705b34a03580ca5e2f967

SHA256
d34f802da2c872234ddb17eb60d4de4fdf3644288ee693b9c71895a4e69d96c3

SHA512
09a65f666f273cc3faa2925f5cfbc6a32dbf5c5547505089d123cd4cc11946e8982dc1382bf81f7f483e8685de7e371afd524a21a071592dec1f4137eb489111

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
59KB

MD5
1eaf151c638887e91274ba78b4971b82

SHA1
e9133c67a618a0ab37a4e72db2430eab4651883a

SHA256
bccde14e9d7d6e2d63e598dd792169ddc977daba1b4869472be81fab60ddaa67

SHA512
69ac502da8d4fc8d916301caf36dc16ee58394bcc28e67189a5ee8c337dace2fdfe2c013eee2c11abbfef5061c328e520c51069818ad0f26af1fecdf024ac25b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\squirrel.exe

Filesize
2.0MB

MD5
ccea2b1c1820bc3c0431b3f713c14181

SHA1
eda155902d7c5104eddb404f0e03c8368165e745

SHA256
05989a097711e8628f5b3912321e23f66394b7873c319a775bde977908a09436

SHA512
00da888d8e9ddbb5ff9a85e90db3919e443cbf1e5bd8e237eff544216ec445e889395a3a54f70de2a6c314081deeb666414117c01ec1041dc15c90e2719344aa

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\v8_context_snapshot.bin

Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\UpdatedGameInfo.db

Filesize
704KB

MD5
c802ab8b172b592638403da2c08147d6

SHA1
c7822fd2b1b26b234f705a817df47fce54728ede

SHA256
8d2c921be6608e5bf89cc5a48e6928cb5964369d8ef5640833404050294fc25c

SHA512
dd2fe89ec24073787c0ac6eef3dcd32b25eccdfe928263f3aad9f3046d575a8626c63a0855fb4021ce16a9a0cf5fd0323a02a76f4f4d11bc53a2ce2c592df1b7

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\Updatedindex2.db

Filesize
1.6MB

MD5
17c5862bac88d5f021422ff9a5cdebae

SHA1
370ae08c4b41577d8eaf17726ba84678ccba8498

SHA256
f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94

SHA512
308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0\events.json

Filesize
30KB

MD5
18e0f66f3d09939d94b9a7c18d23e9f6

SHA1
2e6da2aeab8b647107d36b57ea9a687b46100294

SHA256
9f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32

SHA512
57eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
969371ddd9f9b4db6179c4fdc6e56545

SHA1
959e571107d82970405e322164c97cef9540b6eb

SHA256
d684a6dc4ed1c4ac7a5dabfa27fe8b10d2532b65fa1132ef6f8a0da5e46578c0

SHA512
678ea1f8af47eb91d2b7d066bffba1658c3638df27527a2d7d076a93e2307f2df23489038652d4311297ca7d9913a0ac6c063214867ca93fb7ba6d38ce7486ee

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
d1eb407d80c6dd2b86df39c2f5a7c0c8

SHA1
3c09fb7f21e90b61e5495603d48e1423daaa98de

SHA256
01d8f8aca664ecd655bdaf80003de490015ef67daa685a8d5abc1faa7af6a609

SHA512
56debfefbe89c5ad5476a1fe2ab114752a326adde6b8e867bb398a0a1b4d35405f3db2df96f295c9c2adb27d1eb49aac0ae5389f444271d56da85e4d1e4671b5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
356KB

MD5
b15e2e40fac551f7aaac328b423e5a31

SHA1
71e2bcdf47e0097a30c849b1c65611cfab7b9441

SHA256
08581fd1729f3ef887b32a9c943bd8d3bb2c0e71adea75065a990327cb46ce60

SHA512
c5ac4d3ee876a046b6c66e12c1d41e9991300e83ec736c2051297c9f711bf5e95f95fbac8dca51332c2911251a640844059aa33b965b2ec8733c63886e3cc715

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fybdnpjz.jcc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\install.log

Filesize
1002B

MD5
348b0308bed3514f92fe3a8c65f10fdb

SHA1
ccddb7a4092390ba80211713979d2e71374ab05c

SHA256
3b48febf7b8d90c3d307a96150d8201e77d4ae532d86ba28a4c6ba28578d2f06

SHA512
5d30e6a796893ba1d02cd9decf4dd6b7c9b393e8a5fc3659bffa3480c8bba5ff5e4e4eb5808e95b9e2b2ce39d4c310bd2e980b52c241e417bfe06d246db96e02

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\main-error.log

Filesize
6KB

MD5
5ad79e0f09787634d4cf8a6a85a3fd8b

SHA1
01a29c02ad5cd4d0941144b8e15ef2ba36af5621

SHA256
9eb51fa0531e37c20fae0a23340570874083d294f9abd721cde41e7b00c5c510

SHA512
22d524b15fd269d3d250a41324f3fd6ef7d0fdf81857dd4ea999503bce7be9f20385fc9922ffb053c82d49e5a153c0096a674048d982fe49daad71d8bc09c42d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
b10c3c3297c587102411d13b4e395b65

SHA1
f285a84cbbef1dc3b140fb2c78aebf871adebb81

SHA256
65de2b53c3530351c87dda11d73f3be5b54c8cbae5bf79ada304a6580ebafae2

SHA512
90348ddb7046667344c916728059f8e2647b987c1b019f80260172cf777f3f7a52d645fa47afdd19ea336cf00944606a6c72701bca61e85a57d5fb6b93938865

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
cdfb48301a1703fdc3810925cd17620c

SHA1
66ea6df86ef56d9f3c2b0deddda4932598f2e7d4

SHA256
67b9897451ce69fef993c3b31819a53dc9b8f40ed95245241329c802de7015ec

SHA512
ca55038c11bf4b7ef1084d3c24c71beada962256aeb132558b0bb8483c6f18237e1df66feff8f9f7d7859e470244db4881297ae33f35c842dbcac50a6d52b6b6

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
37513278e4f2145878898d3cacf4ffdc

SHA1
b1573ce7cbd32aaa62228b760ba0c85205505851

SHA256
040b0ee80664da008723c8c4f9c99927f22a61756c798bc044d269adb7be7f16

SHA512
3e6eef6f704883cf3e53109cf74e542b6f7faaaae4fbf08a15551d0f29491dc5b3f9f8ca59fd31794273b3366cf01e010b1edf837f320e15fbee8a38650dd37a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
245342ec5f848f1ac832337614907359

SHA1
cd76fe27c4fda0a07d2dd63e4bba0b387fe17829

SHA256
58e9e3ac60c22e3bf570c2d0202b38472b3e9701fe904c9582464b40950fdeaf

SHA512
f0053e228d80ffa6007f3d83b9f19636d114ffd8a5ee626db356ee86633c08b8a4896157237dff615477dac56868ac01f8ebde7c24f5abbe57b2239c857f1e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
dadc7d968678760262656ebd5e6f517f

SHA1
d5d9d6c55571f700dbead943bdc877a549f3a237

SHA256
523d22d37e6ebb8f67327b81fc8828d9f1004fea92831d2a7be64406d212d2a4

SHA512
e1d6d980a542742e89c1cbd4aac35bde89ce14d7378fe72da03d816eaa5f927dea85b1180221358c8e25e6b9337e5f7578de1cb0596064df47fa0c73b07dd388

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe586992.TMP

Filesize
539B

MD5
b4576d3c6aa59afa0bd10259a6738728

SHA1
a8639e0c77bb8fee9f8172929d320ab950f70914

SHA256
91257614cbabebb9bf25d86849ec048d26157921d0fdfe2e6cf7ca8bf12cde3b

SHA512
b80cc13d46316cf421fb08c626cc3d0193ce3d1d13781dcb16a9dfb62d6542e42a0a8f56ba5ecbb0c2ed3aa7a51b016251d19352ea2e7fb5ccf3f18f4f79bd0c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
300B

MD5
76343ace82c41c7926610051fb7df203

SHA1
de3deb65d1b95de4ac23f34d17256565575234ce

SHA256
896ca1ed32259c0c67c39b14b113d29914c763bb78e3943c475aa14926adedc3

SHA512
6d18d1c811db8c9ff5c3df41e5184982c99bffbb8925c0f0c7d962733b307eba80202ea2baff19f95171482450facabd6bc0dace3ff540ed7b9cf80294712c2d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
132B

MD5
ff39c09acbb7defb25c6df946e004743

SHA1
94a27ab62e53520ed095fa0beeacbb1566394271

SHA256
ca40c3da22d620dbb4a8dd953da54c6c0763847a80db556a633b48d9986480ea

SHA512
35da76e4c155dae27a917f4c78d3144e65da26467075a37f77b20e370901b3113808c4a3156dca7cf8fe3d492ffe4c51c87dea57e2dc3a6220ede8358871847a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v3.json

Filesize
21KB

MD5
d758071565fe233df60719414463c9d5

SHA1
aeb52bbcd6afd9a5be29272ac6fe5731519fec6b

SHA256
1b6272cad98455de9bfd9c9b3b668ff1f3df8ef573bb279ab022d7f4db6e2e6b

SHA512
c3e40053ba510b2808e8494c4e000415fcf75116bfc506c77a933587da2582fe9c8d8fca6ef5c73922b7ce13e50d22c92886e9c6b3768dc8e37eeb49c8f37018

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\game.json.2035258894

Filesize
3.6MB

MD5
8d1fb5965d11332a5787b859293cf85d

SHA1
4ee0e29e4b40429a56b394c1ca7373662a36c1ef

SHA256
4106f76fbd44126b95affa2d437dc70300a73c8dbd9fd1a9618f5146fdf5e4a9

SHA512
9a0f46dedbca3900d2e9a81eaeda44ee204f4c7e30d7d7357e37b5b8fc32c10ce77a27a1833407064ad479e7614ce61c0b418bb0d6ff658d910e701fa6458d33

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json

Filesize
5KB

MD5
d5f6d057d558cf1db1d982a648139108

SHA1
091daf7bc73e59662ee2846104b42291bd21bd19

SHA256
638c97e220ded5cd56c3dcda4daed7d318be0bdf6b4d28417ef541c3389b3db2

SHA512
1d3ac44bac52625316abeeac5cdc183e228bfd359704e06d8f7a8c41ac21619e353d85b155af572f600c5e33ae5895ba165b33de2a40c22226da928c238e1dda

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.3174692491

Filesize
6KB

MD5
8ddeb934e56255fd6e9a67b3c7d40e9f

SHA1
44d9a0b268f0a9e800fc2662a8847c8c72d26a94

SHA256
03926c59431f8501bbe69eaf526cd899854025bde13c8204594d6fac7a0c4b41

SHA512
109d69029e4619e4275b877b6f5a670b094b879bb4f8e895d055d5089866b2da3c46c7f7cbe5ae53980534b7a5e55c46df03285a1e03ff726718df4bf027a16e

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
31B

MD5
8a2127897e4b91cad71da2c76cdc1f6c

SHA1
4ffe91ea6e2ca6f6c558cddefa105d6ab4791d16

SHA256
12414874e44f2b4632e4d66fc44b9044134d79c9bbf7f7d22b6d10293a10c121

SHA512
36827e22a6fc5b029807a0cf9a2abe5c0d3687bb6b48ac3a3c54ebd7b619b72e1624d7343eebd9ccb9504d11765785568e49b7dd2a2065fc281633310a10ab0e

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
111B

MD5
0c50e4457c2b95997acb170ce0886815

SHA1
8b59f94f4ed1d6420f56ef282979bb57eba2c3ff

SHA256
cc253411f4dbf7ee67e3c150abace384638f7c5ce0f40cb9dde3c4b6962a7f53

SHA512
4e1841f8d360a484d3ab31046b5d58381806b4c4265a346023887dea76e4989a4fcd7f89efd1291f6107d27dad90f7f6ffac45c9cf90f1cff42d2f302296abbc

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3554514436

Filesize
180B

MD5
92d764dcbe682df18124c390b509a351

SHA1
0f624f13af8e2e4f3c48c2e6d1194419a49ce8f0

SHA256
cd9be9c1790a98647a0a149e16e04c60e2fc4d1c631c8e5771dadcea139ab683

SHA512
9190510bc7cb41c115f8807443d1d39e7db7fba783612b7e805adea5a0985702f904a5728d7bac90f3daeb390250aa13d08352b945066e155fec3284de117c6b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3993156071

Filesize
61B

MD5
07eb20788872c089b6c70701d9d8ba51

SHA1
a3d6d19a53566ee446f54c6a32940abbf78b6141

SHA256
9ba697c22e08d9d25156e160a8fe539ef52c802d6a8ba1151be6a51cc1d0e925

SHA512
abb806a72ac1455c847df79e88ccb220c6e01824e3c4e762acd690cc1f1e4a7530f5a73db39b99e8821a48691e9dc12e8d5488642c392790f079f85b2e7cea1f

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
70B

MD5
3a15daf1281b0af19279ac873eafef58

SHA1
abce7f2b8e6180efc6ede8e114f544e1480c9f4f

SHA256
62396ea0a8150cd36a37328203ac964ba4afca22b61610e68ce4550784bb213b

SHA512
26427778d25800aaba4119602651b3f486910043dc32817e3c2adbc033bd754af2938254d9249983f8323a79ade9d7dd003ccaf1962dbb0a54adcd0f0b4dbb41

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
118B

MD5
108dfbaaece2c4be12844ec7aa27cadf

SHA1
804c5bcaf817a749f525c2217a3036addb5c4657

SHA256
ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848

SHA512
5f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
262B

MD5
ae5055c5ecea85ebdd7825d083607244

SHA1
9cd22cd7a63724950648653d054d13cde0de63bd

SHA256
e5d3757b164d8c2c80ca57881843e0f05adf71c74aff95a6aca175dcc68b62a1

SHA512
9c47bca9a3e2debc6dc8b0fc9303713fb93b29322c86d80937ff85532f0a2fbf8d9b8e0a795198d7a5665a4f92892f0497bc5bc10814a60fc9e79170952596ce

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
ac21d61d6df28bdffd99505e37320bdb

SHA1
9b4b38b19cda9b065ee7cf48f5f09f08e37a7f5a

SHA256
c392b10bbc535cd0575b70e71be42f8cb3f7e37953ae1687ab67e36f2069e4d6

SHA512
84540faa36a4da73abbfeabca63f652abc2e3b216118e312edc8c60f4b84997e470edbe188958bccd838dc35bdd4cdb223eea8bf7297f8b4797a27c59f876590

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
1KB

MD5
305ff5e3b8e0dee4a9a64ef696911621

SHA1
177f48cc3a01b2f5b7ca218a8333398a9188b981

SHA256
1774da9c5578fbc36436273a6fdcc81e68feb71e7db89df00d245ae09874f546

SHA512
73ae3b408a7e95716e86af341fa812c5488570cfc1de8c907600a9bd9e1ecb265fe5fab5fdc62d94f63e11e740c6077b9718552bf67ee5adb90f3ed3fb751154

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
8KB

MD5
029805752c39f5b9501446f02c4d2b14

SHA1
0d1a18f2f9139171475c1e814ab36fc64a4affb6

SHA256
2510e0bfd021ee80bc725bc95b5c5c0da7dea30698562a35c14f8ce91abe88f7

SHA512
73480226998c75c491bdee20bb1591a48092d9d90a77b18a89d43c449da1e0e683312ab17883813af23a5efcea5c6c81d004f5291735582084500848517d5e2d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
2KB

MD5
fb2324e476a5cf1b8534237f5ac79413

SHA1
5fece4311e437ecd617805c5fff69e16833df230

SHA256
3a2057a8b00dd96ebf163c371531fd1e652ff77baf6f278faac8c661dc23b184

SHA512
0438a5e8fa0bbbf3d22f36cf34810ebc7693dd9ccea125e6ed85c22d670d77d6f03151f6f9dc5d26ec4a5e1614da1eeb7b29339a12236790087e33cb6ae21a0f

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1834790813

Filesize
1KB

MD5
0fd53f9aef23b365ce35be65e5713c8a

SHA1
4249ac1f8270e8d41b5ba186ecc9c2daaaa1d058

SHA256
e2c8b7e3905ee5b81204a58217da493943dc0786d60f9dd5713d8ae2bbb9418f

SHA512
ed4e8b5136f1f891e4138a51ac140fbf2d7aa82ae3aad6d64f3b8ea5fb20da0e1f4ba043688c2a7c463bafe5a09e5fa559e679bc1f62cce5304cec166e0c6969

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.2934877965

Filesize
219B

MD5
c7edfd4f4a45da662a5cef2a154479db

SHA1
a4eee898d9cd6946c855f092f89e8794f01be1bd

SHA256
623ab81cef6c0c2dde44d0b4ebfc3dcfc9b758074cadd82345ea7e15a64094de

SHA512
132057c5159093e65245cfd2f853beaf7e1960d99e863b6e14a8d388368b46c3579285a5f9320d1ca9dc8cea60077df98b593ec9aadf6074caae552da7350e8c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3386315680

Filesize
2KB

MD5
1c0c0f439c2e6d9e3517fd5596beb90f

SHA1
e95ba4ec2565f7b77e2cda5ee5c5f7dcf112b5df

SHA256
04561dd8b1e19ac7f6fd190711daeebd819740f105c65946df4b2379b54524fd

SHA512
5df14438d333b109241b3ef91c4469dfad1e24d62d817c529f06a9668792a5e29e36d85483847cb113363523ef749386210e188c5578566b45be1d0ce717f71d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3681205605

Filesize
520B

MD5
09b88832bebf355005d45db64052860c

SHA1
8a65a7b84c66edee992c64b29b11d031938fc22c

SHA256
281211de7e10331a2e97580c8d781991fad3d6b2d3272af0de9ce938374344fc

SHA512
0a46e27c7bfc8e4842c0b3a92e6297298e5aceb5afe5d8b07296318e8dc6996f605548e2f2e33face831cad4ada592c33ef1331406cf2a058b602bb8fe801fd1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3985477684

Filesize
548B

MD5
85cf215ac6f3d64d62cda5a692376b1b

SHA1
614ae947111e7c33a07c5a6371a286996909a159

SHA256
d76184d5a7f9104b06ee4d8a56fbd124b21cf2f567e57ff27403cb54b4eb9722

SHA512
f1b186db7c6dda884649ddd4872be2663baf569f615c027c11fadc5954f4102dc001d77489289f848faf2575e80088894c3004ff19a6cbb3fcf46a7de05319d5

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.4014758034

Filesize
121B

MD5
a85b70d3a04f44484e0a02906319a2c0

SHA1
d76f340566d6bfee3fe5ab97bb16911394691676

SHA256
f19ff08f4ad256a37d3b028e7a18e74bdfabb505dfd264bdee68dce89c52f822

SHA512
5b1b1646ab6668d0eebcbc1b50c8a3c932adeb1bdc3cfe40465de879ea6e4d74059756bbbddfec081fc8c2e2dd559b27ed9e2f4a354412b624167580eecb198c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
cc1e781746a10c871ab43371f83365d0

SHA1
fff371aad75c5078b8f8b85feb4c78cbd09aac9b

SHA256
99a92cf9458942a1991b5015ec935427ea0a7da9cab3fbfb53eed5b21f8b7208

SHA512
8ec7f79977e978e76bb9ee4d049e14737a3fd9d28e4925db3a89a3370a14ca22a46710676f8fe76156bc438c59ebcb278b12f8252a51eeffd5e1a5575e5eb01c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
0b0c8de8988bdfe1abe1774a76bc32e2

SHA1
b87196ed568086c859eefc6b3f8bdbf4eec3a7c5

SHA256
9f7ff4b3c52986abcbf2d3f6433d973d201a7f4e729893073d7bae29653138e8

SHA512
157e8730e763efbb56ea4f5b0c9a22025a29220c12ba68a4fde250ee8dfac26d2f2adadb009f13ec5a2b29170008a9c6f131c2f0f0235e877dcc223c85c2c7b2

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
19KB

MD5
b603b46e91840f7b00a356073b8cc12d

SHA1
d0dc75f951afdd4208274bf095e59c670b302956

SHA256
a1c12ca06dd1f424e6f397d6b899748f388e4dcfac244bf33647f5a7e2086984

SHA512
fb3cadfc6ca5b547b3ac9541b42cbd4544b0ed6a6cc339cdd03c790ea6151cb428588a07561aa5adeb8eaf25e0228bf8588e1db8066beda12c0d0aeec06108f5

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.2968707961

Filesize
115B

MD5
461187589174e6e4f08ba526f9b6988b

SHA1
e9f7501f866f1d723b340464a87c1ba1f37da1d3

SHA256
38bbb5b36a4c5c65d71338d82656e7f7b197c3678c2402f08cb745a757e3463c

SHA512
b33ef667da3cf79ec4962722d06728759b5b3790b16b64b3623f4c28aa00e9d699a2389cbd97e88c85c871540693c14f0c771b9efd099f6d244966fe5d6cc7d1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.3431496761

Filesize
115B

MD5
31af231f90edd46b13bd4371a47420b4

SHA1
1d60e2db2f25a004b3e5825acd6a6aaad2cefefb

SHA256
a624416fe446d8f82657fb336b777c129f4beccba9c38df53ce006ca5580370b

SHA512
68c4f663e4f44123f6c70d7fcc55ced3cc204b6dccbb0aa8a3a32d05eb0d92351c1c45cd4a120f7efa77265ff48d2d7a1a1c3ebee2e8922446dc418b52232870

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Documents\Medal\MedalLog20241013.txt

Filesize
4KB

MD5
609262852b08b3feb5a49d3a4a9dba20

SHA1
b7d4dfda879bf60e8b8580aca9d776bad67514b1

SHA256
8b34003da66ecea8070f4f4f3323c738217b50de6a01a83c9852a69a0df3a926

SHA512
5fac2b80504d560b6fc5a7a9346e9e376603ce8504fafa3c20320095441b77d1e94b8bb449f7e2d23dbc840fe842644462667cabc67c1ba3069bbcaaeffd5a15

Download Submit
memory/1052-8666-0x00007FF7ABC50000-0x00007FF7B0D95000-memory.dmp

Filesize
81.3MB

Download
memory/1052-8668-0x00007FF7ABC50000-0x00007FF7B0D95000-memory.dmp

Filesize
81.3MB

Download
memory/1160-8987-0x00000197A0330000-0x00000197A035A000-memory.dmp

Filesize
168KB

Download
memory/1544-8997-0x000001C1FC9B0000-0x000001C1FD0EF000-memory.dmp

Filesize
7.2MB

Download
memory/1548-9131-0x0000029740D90000-0x0000029740DBC000-memory.dmp

Filesize
176KB

Download
memory/1548-9145-0x0000029740D60000-0x0000029740D68000-memory.dmp

Filesize
32KB

Download
memory/1548-9021-0x00000297407E0000-0x0000029740814000-memory.dmp

Filesize
208KB

Download
memory/1548-9024-0x00000297402A0000-0x00000297402AA000-memory.dmp

Filesize
40KB

Download
memory/1548-9025-0x00000297402C0000-0x00000297402CA000-memory.dmp

Filesize
40KB

Download
memory/1548-9026-0x00000297402B0000-0x00000297402BA000-memory.dmp

Filesize
40KB

Download
memory/1548-9027-0x0000029740540000-0x000002974055C000-memory.dmp

Filesize
112KB

Download
memory/1548-9028-0x0000029740320000-0x000002974032A000-memory.dmp

Filesize
40KB

Download
memory/1548-9029-0x0000029740560000-0x0000029740568000-memory.dmp

Filesize
32KB

Download
memory/1548-9030-0x0000029740570000-0x0000029740580000-memory.dmp

Filesize
64KB

Download
memory/1548-9031-0x00000297405C0000-0x00000297405C8000-memory.dmp

Filesize
32KB

Download
memory/1548-9032-0x00000297405D0000-0x00000297405E0000-memory.dmp

Filesize
64KB

Download
memory/1548-9033-0x0000029740870000-0x0000029740878000-memory.dmp

Filesize
32KB

Download
memory/1548-9034-0x0000029740900000-0x0000029740908000-memory.dmp

Filesize
32KB

Download
memory/1548-9035-0x0000029740880000-0x0000029740888000-memory.dmp

Filesize
32KB

Download
memory/1548-9036-0x0000029740910000-0x0000029740918000-memory.dmp

Filesize
32KB

Download
memory/1548-9037-0x0000029740930000-0x0000029740938000-memory.dmp

Filesize
32KB

Download
memory/1548-9020-0x0000029740E00000-0x0000029741418000-memory.dmp

Filesize
6.1MB

Download
memory/1548-9095-0x0000029740C00000-0x0000029740C5A000-memory.dmp

Filesize
360KB

Download
memory/1548-9096-0x0000029740BD0000-0x0000029740BF6000-memory.dmp

Filesize
152KB

Download
memory/1548-9019-0x0000029740580000-0x00000297405B2000-memory.dmp

Filesize
200KB

Download
memory/1548-9740-0x0000029745BC0000-0x0000029745BC8000-memory.dmp

Filesize
32KB

Download
memory/1548-9132-0x0000029741870000-0x00000297418B8000-memory.dmp

Filesize
288KB

Download
memory/1548-9133-0x0000029741820000-0x000002974184A000-memory.dmp

Filesize
168KB

Download
memory/1548-9134-0x00000297418F0000-0x0000029741906000-memory.dmp

Filesize
88KB

Download
memory/1548-9135-0x00000297453E0000-0x0000029745462000-memory.dmp

Filesize
520KB

Download
memory/1548-9139-0x00000297418C0000-0x00000297418EA000-memory.dmp

Filesize
168KB

Download
memory/1548-9022-0x0000029740890000-0x00000297408FC000-memory.dmp

Filesize
432KB

Download
memory/1548-9147-0x0000029740D70000-0x0000029740D7A000-memory.dmp

Filesize
40KB

Download
memory/1548-9516-0x00000297458F0000-0x0000029745908000-memory.dmp

Filesize
96KB

Download
memory/1548-9199-0x0000029745910000-0x0000029745990000-memory.dmp

Filesize
512KB

Download
memory/1548-9007-0x00000297405F0000-0x00000297406A0000-memory.dmp

Filesize
704KB

Download
memory/1548-8996-0x0000029727860000-0x000002972787A000-memory.dmp

Filesize
104KB

Download
memory/1548-9518-0x00000297458C0000-0x00000297458C8000-memory.dmp

Filesize
32KB

Download
memory/1548-8995-0x0000029727840000-0x000002972785C000-memory.dmp

Filesize
112KB

Download
memory/1548-8994-0x0000029740080000-0x00000297400C8000-memory.dmp

Filesize
288KB

Download
memory/1548-8993-0x00000297259D0000-0x0000029725B94000-memory.dmp

Filesize
1.8MB

Download
memory/1548-9233-0x00000297453A0000-0x00000297453AE000-memory.dmp

Filesize
56KB

Download
memory/1548-9193-0x0000029745850000-0x0000029745884000-memory.dmp

Filesize
208KB

Download
memory/1548-9519-0x00000297458B0000-0x00000297458BA000-memory.dmp

Filesize
40KB

Download
memory/1548-9174-0x0000029745470000-0x00000297454BC000-memory.dmp

Filesize
304KB

Download
memory/1548-9523-0x00000297461F0000-0x00000297461F8000-memory.dmp

Filesize
32KB

Download
memory/1548-9531-0x0000029746240000-0x0000029746252000-memory.dmp

Filesize
72KB

Download
memory/1548-9530-0x0000029746400000-0x0000029746432000-memory.dmp

Filesize
200KB

Download
memory/1548-9529-0x0000029746220000-0x0000029746234000-memory.dmp

Filesize
80KB

Download
memory/1548-9528-0x0000029746380000-0x00000297463F2000-memory.dmp

Filesize
456KB

Download
memory/1548-9527-0x00000297462E0000-0x00000297462FE000-memory.dmp

Filesize
120KB

Download
memory/1548-9526-0x0000029746260000-0x0000029746274000-memory.dmp

Filesize
80KB

Download
memory/1548-9525-0x00000297462C0000-0x00000297462DC000-memory.dmp

Filesize
112KB

Download
memory/1548-9524-0x0000029746290000-0x00000297462B2000-memory.dmp

Filesize
136KB

Download
memory/1644-7793-0x0000000000660000-0x0000000000856000-memory.dmp

Filesize
2.0MB

Download
memory/1836-8909-0x0000021769250000-0x0000021769294000-memory.dmp

Filesize
272KB

Download
memory/2416-9-0x0000000000D70000-0x0000000000F46000-memory.dmp

Filesize
1.8MB

Download
memory/2416-2069-0x00000000224F0000-0x0000000022528000-memory.dmp

Filesize
224KB

Download
memory/2416-2070-0x00000000224C0000-0x00000000224CE000-memory.dmp

Filesize
56KB

Download
memory/4116-8659-0x0000020BFFE90000-0x0000020BFFEAE000-memory.dmp

Filesize
120KB

Download
memory/4116-8661-0x0000031C58E60000-0x0000031C59388000-memory.dmp

Filesize
5.2MB

Download
memory/4116-8653-0x0000000000B40000-0x0000000000B4E000-memory.dmp

Filesize
56KB

Download
memory/4116-8654-0x0000000059810000-0x000000005981E000-memory.dmp

Filesize
56KB

Download
memory/4116-8656-0x0000020BFFDF0000-0x0000020BFFE02000-memory.dmp

Filesize
72KB

Download
memory/4116-8655-0x0000020BFFE40000-0x0000020BFFE72000-memory.dmp

Filesize
200KB

Download
memory/4116-8658-0x0000031C58590000-0x0000031C58606000-memory.dmp

Filesize
472KB

Download
memory/4116-8657-0x0000031C58760000-0x0000031C58922000-memory.dmp

Filesize
1.8MB

Download
memory/4280-8225-0x0000021400000000-0x000002140073F000-memory.dmp

Filesize
7.2MB

Download
memory/4440-7957-0x00000193B5B70000-0x00000193B62AF000-memory.dmp

Filesize
7.2MB

Download
memory/4440-7861-0x00007FFBEE950000-0x00007FFBEE951000-memory.dmp

Filesize
4KB

Download
memory/4948-8874-0x00007FF7ABC50000-0x00007FF7B0D95000-memory.dmp

Filesize
81.3MB

Download
memory/4984-8866-0x000001A7FA4D0000-0x000001A7FA4F2000-memory.dmp

Filesize
136KB

Download
memory/4984-8876-0x000001A7FA530000-0x000001A7FA554000-memory.dmp

Filesize
144KB

Download
memory/4984-8875-0x000001A7FA530000-0x000001A7FA55A000-memory.dmp

Filesize
168KB

Download
memory/5000-7950-0x0000000003040000-0x0000000003060000-memory.dmp

Filesize
128KB

Download
memory/5800-9967-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9966-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9971-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9972-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9977-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9976-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9975-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9973-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9974-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download
memory/5800-9965-0x0000019314180000-0x0000019314181000-memory.dmp

Filesize
4KB

Download