d1273886847ed68aa98bb847cd0afcdb411ae57e80775ccf18ded854fcefc96c

Analysis

max time kernel
301s
max time network
309s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe
Size

143.1MB
MD5

1e622810ec211cc44426d5482a1d5d0f
SHA1

da7e158a2092fc64664e260626c847eaee3684ed
SHA256

d1273886847ed68aa98bb847cd0afcdb411ae57e80775ccf18ded854fcefc96c
SHA512

6f55a70223e0f8c917145edf63a51d16c991537382f7fcacf5af9e143cae77df0d1265d24e829588d4fe535c8e644feb9034aeb8ef5b147ed093511aae9bb0a8
SSDEEP

3145728:o5xGeJvRWj9zzug3X1rpMDM+a2LFdoeJoL4zc8HJvGWbpLJh4Ohojs:oXVQj9vdUaOd9qsddAs

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\Medal = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\update.exe\" --processStart \"Medal.exe\""	reg.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3628	powershell.exe
2692	powershell.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
332	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 22 IoCs

pid	Process
1252	Update.exe
344	Squirrel.exe
5028	Medal.exe
1020	Medal.exe
2160	Update.exe
2356	Medal.exe
2452	Medal.exe
4412	Medal.exe
4868	Medal.exe
3480	Medal.exe
3168	Medal.exe
4220	Medal.exe
4964	Medal.exe
3164	Medal.exe
1520	ffmpeg.exe
4324	Medal.exe
3468	Medal.exe
716	ffmpeg.exe
4532	Medal.exe
2592	MedalEncoder.exe
1140	crashpad_handler.exe
3736	Medal.exe

Loads dropped DLL 47 IoCs

pid	Process
5028	Medal.exe
1020	Medal.exe
2356	Medal.exe
2452	Medal.exe
2356	Medal.exe
2356	Medal.exe
2356	Medal.exe
2356	Medal.exe
4412	Medal.exe
4868	Medal.exe
3480	Medal.exe
3168	Medal.exe
3480	Medal.exe
3480	Medal.exe
3480	Medal.exe
3480	Medal.exe
4220	Medal.exe
4964	Medal.exe
3164	Medal.exe
4964	Medal.exe
4964	Medal.exe
4964	Medal.exe
4964	Medal.exe
4964	Medal.exe
4324	Medal.exe
3468	Medal.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
3736	Medal.exe
3736	Medal.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Medal.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Medal.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Medal.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\ = "URL:medal"	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\shell	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\shell\open	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{70657F6C-B7B3-4CC3-A82B-DE19ACFD076F}	MedalEncoder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\URL Protocol	Medal.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\shell\open\command	Medal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\medal\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2535.0\\Medal.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Medal\\app-4.2535.0\\--squirrel-firstrun\" \"%1\""	Medal.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{2A8D3D05-B2D5-47EF-8A6E-4F8EB7B8CDCB}	Medal.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
344	reg.exe
5000	reg.exe
4620	reg.exe
4892	reg.exe

Modifies system certificate store 2 TTPs 19 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Medal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Medal.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Medal.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5028	Medal.exe
5028	Medal.exe
5028	Medal.exe
5028	Medal.exe
4424	powershell.exe
4424	powershell.exe
3516	powershell.exe
3516	powershell.exe
1252	Update.exe
1252	Update.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
492	powershell.exe
492	powershell.exe
4804	powershell.exe
4804	powershell.exe
2908	powershell.exe
2908	powershell.exe
4412	Medal.exe
4412	Medal.exe
4964	Medal.exe
4964	Medal.exe
4964	Medal.exe
4964	Medal.exe
3300	powershell.exe
3300	powershell.exe
3164	Medal.exe
3164	Medal.exe
3164	Medal.exe
3164	Medal.exe
4516	powershell.exe
4516	powershell.exe
4516	powershell.exe
2692	powershell.exe
2692	powershell.exe
2692	powershell.exe
1496	powershell.exe
1496	powershell.exe
1496	powershell.exe
3628	powershell.exe
3628	powershell.exe
3628	powershell.exe
4532	Medal.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe
2592	MedalEncoder.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1180	WMIC.exe
Token: SeSecurityPrivilege	1180	WMIC.exe
Token: SeTakeOwnershipPrivilege	1180	WMIC.exe
Token: SeLoadDriverPrivilege	1180	WMIC.exe
Token: SeSystemProfilePrivilege	1180	WMIC.exe
Token: SeSystemtimePrivilege	1180	WMIC.exe
Token: SeProfSingleProcessPrivilege	1180	WMIC.exe
Token: SeIncBasePriorityPrivilege	1180	WMIC.exe
Token: SeCreatePagefilePrivilege	1180	WMIC.exe
Token: SeBackupPrivilege	1180	WMIC.exe
Token: SeRestorePrivilege	1180	WMIC.exe
Token: SeShutdownPrivilege	1180	WMIC.exe
Token: SeDebugPrivilege	1180	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1180	WMIC.exe
Token: SeRemoteShutdownPrivilege	1180	WMIC.exe
Token: SeUndockPrivilege	1180	WMIC.exe
Token: SeManageVolumePrivilege	1180	WMIC.exe
Token: 33	1180	WMIC.exe
Token: 34	1180	WMIC.exe
Token: 35	1180	WMIC.exe
Token: 36	1180	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1180	WMIC.exe
Token: SeSecurityPrivilege	1180	WMIC.exe
Token: SeTakeOwnershipPrivilege	1180	WMIC.exe
Token: SeLoadDriverPrivilege	1180	WMIC.exe
Token: SeSystemProfilePrivilege	1180	WMIC.exe
Token: SeSystemtimePrivilege	1180	WMIC.exe
Token: SeProfSingleProcessPrivilege	1180	WMIC.exe
Token: SeIncBasePriorityPrivilege	1180	WMIC.exe
Token: SeCreatePagefilePrivilege	1180	WMIC.exe
Token: SeBackupPrivilege	1180	WMIC.exe
Token: SeRestorePrivilege	1180	WMIC.exe
Token: SeShutdownPrivilege	1180	WMIC.exe
Token: SeDebugPrivilege	1180	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1180	WMIC.exe
Token: SeRemoteShutdownPrivilege	1180	WMIC.exe
Token: SeUndockPrivilege	1180	WMIC.exe
Token: SeManageVolumePrivilege	1180	WMIC.exe
Token: 33	1180	WMIC.exe
Token: 34	1180	WMIC.exe
Token: 35	1180	WMIC.exe
Token: 36	1180	WMIC.exe
Token: SeDebugPrivilege	4424	powershell.exe
Token: SeDebugPrivilege	3516	powershell.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe
Token: SeShutdownPrivilege	5028	Medal.exe
Token: SeCreatePagefilePrivilege	5028	Medal.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
1252	Update.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe
4412	Medal.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2592	MedalEncoder.exe
2592	MedalEncoder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1252	5044	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe	77
PID 5044 wrote to memory of 1252	5044	MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe	77
PID 1252 wrote to memory of 344	1252	Update.exe	78
PID 1252 wrote to memory of 344	1252	Update.exe	78
PID 1252 wrote to memory of 5028	1252	Update.exe	79
PID 1252 wrote to memory of 5028	1252	Update.exe	79
PID 5028 wrote to memory of 1020	5028	Medal.exe	80
PID 5028 wrote to memory of 1020	5028	Medal.exe	80
PID 5028 wrote to memory of 4424	5028	Medal.exe	81
PID 5028 wrote to memory of 4424	5028	Medal.exe	81
PID 5028 wrote to memory of 248	5028	Medal.exe	83
PID 5028 wrote to memory of 248	5028	Medal.exe	83
PID 248 wrote to memory of 1180	248	cmd.exe	85
PID 248 wrote to memory of 1180	248	cmd.exe	85
PID 5028 wrote to memory of 3516	5028	Medal.exe	87
PID 5028 wrote to memory of 3516	5028	Medal.exe	87
PID 5028 wrote to memory of 2160	5028	Medal.exe	89
PID 5028 wrote to memory of 2160	5028	Medal.exe	89
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2356	5028	Medal.exe	90
PID 5028 wrote to memory of 2452	5028	Medal.exe	91
PID 5028 wrote to memory of 2452	5028	Medal.exe	91
PID 1252 wrote to memory of 4412	1252	Update.exe	93
PID 1252 wrote to memory of 4412	1252	Update.exe	93
PID 4412 wrote to memory of 4868	4412	Medal.exe	94
PID 4412 wrote to memory of 4868	4412	Medal.exe	94
PID 4412 wrote to memory of 492	4412	Medal.exe	95

C:\Users\Admin\AppData\Local\Temp\MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.Mjc5OTEwODQ5LDEsbm9yZWY=.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:344
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --squirrel-install 4.2535.0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:5028
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2535.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x518,0x520,0x528,0x4f4,0x414,0x7ff743651898,0x7ff7436518a8,0x7ff7436518b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1020
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:248
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1180
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3516
  - - C:\Users\Admin\AppData\Local\Medal\Update.exe
      C:\Users\Admin\AppData\Local\Medal\Update.exe --createShortcut=Medal.exe
      4⤵
      Executes dropped EXE
      PID:2160
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1976,i,16930793383890523943,3752406625774088386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2356
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2152 --field-trial-handle=1976,i,16930793383890523943,3752406625774088386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2452
- - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Medal /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Medal\Crashpad --url=https://f.a.k/e --annotation=_productName=Medal --annotation=_version=4.2535.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x500,0x508,0x50c,0x4dc,0x510,0x7ff743651898,0x7ff7436518a8,0x7ff7436518b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4868
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      PID:3104
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        
        PID:4832
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject win32_VideoController | Format-List -Property Name, Description, Caption, AdapterRAM"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4804
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3480
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2064 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3168
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3184 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=splash /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4220
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal
      4⤵
      Modifies registry key
      PID:4620
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Medal /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Medal\update.exe\" --processStart \"Medal.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4892
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0-backup\\MedalEncoder.exe\"} | Format-List -Property Version"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2908
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3768 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=bridge /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4964
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:4236
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:3644
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0-backup\\MedalEncoder.exe\"} | Format-List -Property Version"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\ffmpeg.exe" -hide_banner -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null -
        5⤵
        Executes dropped EXE
        
        PID:1520
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.modules /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:5000
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\SOFTWARE\Medialooks\MFormats\MFFactory\MLLog /v log.path /t REG_SZ /d "" /f
      4⤵
      Modifies registry key
      PID:344
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.medal.medal --app-path="C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --js-flags="--max-old-space-size=8192 --max_old_space_size=8192" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3976 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --renderer_name=main /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:3164
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:3036
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        
        PID:3324
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -c "Get-WmiObject cim_datafile -Filter {Name=\"C:\\Users\\Admin\\AppData\\Local\\Medal\\recorder-3.897.0-backup\\MedalEncoder.exe\"} | Format-List -Property Version"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4344 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4324
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --standard-schemes=medal --secure-schemes=medal,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=4340 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:3468
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_PageFileUsage get /FORMAT:rawxml
      4⤵
      PID:544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full""
      4⤵
      PID:3152
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
        5⤵
        
        PID:4016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "cmd /c query session"
      4⤵
      PID:1644
    - - C:\Windows\system32\cmd.exe
        
        cmd /c query session
        5⤵
        
        PID:4952
      - C:\Windows\system32\query.exe
        
        query session
        6⤵
        
        PID:3628
        
        C:\Windows\system32\qwinsta.exe
        
        "C:\Windows\system32\qwinsta.exe"
        7⤵
        
        PID:3564
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:1148
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "imagename eq MedalEncoder.exe" /fo csv"
      4⤵
      PID:868
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /fi "imagename eq MedalEncoder.exe" /fo csv
        5⤵
        Enumerates processes with tasklist
        
        PID:332
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1496
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-MpComputerStatus | Out-File -Encoding utf8 -FilePath C:\Users\Admin\AppData\Local\Medal\Temp\dfe77bec.txt"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\ffmpeg.exe" -version"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\ffmpeg.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\ffmpeg.exe" -version
        5⤵
        Executes dropped EXE
        
        PID:716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access""
      4⤵
      PID:1428
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
        5⤵
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe
      C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\Medal.exe C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\MedalEncoder.exe C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\suicide.lock 3063fb13-f242-4fe0-83c2-970a7d6311d5
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4532
    - - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\MedalEncoder.exe
        
        "C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\MedalEncoder.exe" soundOffset=
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\DLLs\crashpad_handler.exe
        
        C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\DLLs\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\sentry-db --metrics-dir=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\sentry-db --url=https://o150878.ingest.sentry.io:443/api/1509393/minidump/?sentry_client=sentry.native/0.7.6&sentry_key=f2ea4e2bebb44129b30402d5b4076fd5 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\sentry-db\c30f701d-279c-496d-0e5c-d4090967ae57.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\sentry-db\c30f701d-279c-496d-0e5c-d4090967ae57.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\sentry-db\c30f701d-279c-496d-0e5c-d4090967ae57.run\__sentry-breadcrumb2 --initial-client-data=0xc8c,0xc90,0xc88,0xc98,0xc6c,0x287f7ee4d60,0x287f7ee4d78,0x287f7ee4d90
        6⤵
        Executes dropped EXE
        
        PID:1140
  - - C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe
      "C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\Medal.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Medal" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 --field-trial-handle=1932,i,15994637634246245730,15142317930577478065,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B4
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\2kkirovd.newcfg

Filesize
55KB

MD5
62d6f899bd82c57ca4d12d5b1193f3a0

SHA1
feeeb24640966b829081cf4593d1fcd4c4140de6

SHA256
67b9a71a00391ec1aede007c5eab31f9f08ebbbd6dfb95fc0bbbc34760b06438

SHA512
67c73cfec3e9d309e292df82d49f40629b5157ebb4064304f77e526bca02470110ba6916bc8fbd851ef3b4e041865974cf03428122fcac5d325981b5a9cd208a

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\4noous04.newcfg

Filesize
22KB

MD5
4c76e501d912a5fd4db7e6b3351139f6

SHA1
4038e32b46593b9ae1d80fb0d4e8792d5b6c8556

SHA256
7cb005d4f386467eae117cc35c0c164a02f2330899cf1642216094d549e33388

SHA512
8de4aa8b0648f8059997c76e9dd4bd86a91a2ee92a72d62d71e95760f7be1ea50ed3ec644a700621f987cbb4eb040d34571d3802b3bedcd46a6ba1cfbb8cba0a

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\user.config

Filesize
332B

MD5
e37e2958c5378a8c6bb3170fd5abdbaa

SHA1
fcc1e77c9cef08bdda5ba94e741fcc69ae632a8f

SHA256
090a09bb5b228134cd268a3821565eb56e52ce4718601ae098ef9c8715d781c1

SHA512
1e610397ae34961fea6bf7fa76b954a550a324eff7a4ccae2ebcf59baada8535b067e9dc1cc1489b05768e62fadcdd90dd1ae972ad25795a70d0c40856caaeb4

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\user.config

Filesize
20KB

MD5
d7e1d846f3a845a7870c1f8970ea1030

SHA1
fd3dd4b5e668f5e2906086a1f40da6f7d8f86adb

SHA256
6f0b399ebb0bc492106fd8a9c841b3fc35f281c9cd0fdc5a93cad2b77e4178ea

SHA512
abd12c9881ae1e24a2dfc0e5a9f51fed0a2100a34bde8ca457791db97bcaf3bd1fbc70a05c9b912b66d275728bde918999c4b8042951b51eadf9a6b460b76ceb

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\user.config

Filesize
20KB

MD5
c0f973844dd85af33401ed8cff2f8edb

SHA1
958867004da1b98dc3ad108934afec515cd8efd3

SHA256
64b6f9f63721ba808ece1a71df32f3a80045cbf6450ff8a41fd2de43a73f5edc

SHA512
888496445e34fda4a66c714cbb4c8fa8dbd5f154809e740cc32468f4488887c53f817c8b634ba4c486352c875403f082fcc0f04ca291d12d860a3bf29e36b3cf

Download Submit
C:\Users\Admin\AppData\Local\Ferox_Games_B.V\MedalEncoder.exe_Url_by2p53s0uh2k55ssclpil0cddmt2trmj\3.897.0.0\x0ceszws.newcfg

Filesize
46KB

MD5
e7721ee420741177b54d274feeac390b

SHA1
96ff7a7e731581fbfeaa4f43c40ac35bb260df3c

SHA256
04ff04a13bf2ffe60201ac44e311797aec3a0f11a2b0dffc4ed53959d8f5b538

SHA512
9c800584ca9c24994a3af140c30ca1f7b930cd416aa0b92bf969c429ade5ee680d3ef688a6a1632a487e98e92e36429089ab5ac6fd90d6fe2b22cb31c56827ad

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\ffmpeg.dll

Filesize
2.6MB

MD5
ec098a73a78c1e2c26160219c3116fdd

SHA1
ff770841cd5b048c30d6fdb95028a52379aaa72e

SHA256
5603ea667254ee1bec209b9aaff9697684e7aab056d427bf9dcb7276952aa5ba

SHA512
15e76f0974780a11e80607f9edb959fdfbe0ffbd50637e501a0391e2c1d2642bf0027a492a4b874983b914cd224a3e8fce24cae156f6351db13208feede74b97

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\index.js

Filesize
386B

MD5
5e2fbb9d655e0dd204e8d211ec1b4d0c

SHA1
440dc879e7fb836d97a5f5a40f016bbaa1b7f588

SHA256
8debe05417ec5d5e42661e2697a8d0db3ba30fa9bd4ac70c62c992ec01527bf9

SHA512
d6445a850642c562aa6affe907580fbf5b4faf70c51ad7b12613120a27ce1d6ee049571a709334fc588ff45c32ee918836bbae2188d4394a94c5810265139b2f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\main.min.js

Filesize
7.6MB

MD5
9a566fe129c3621b3b9087430afb96a7

SHA1
9d01bbd71014ee7d05000ca563f0f1153726f1dd

SHA256
88af76a1bc28dd8d27af7fdf0f55daa9fdc4db54ef6496ec39212c6daff49cf7

SHA512
ece967c2b0884f375ab56a4a29c35b6c9fb1e9c1ad60b1c12d148385359863d907eb1fc4e9e622837271ff8bc21fb1bf79b6c34c2bda73f3751aa633655946a8

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\LICENSE

Filesize
1KB

MD5
ea817882455c03503f7d014a8f54f095

SHA1
dd164bc611bca7ba8ead40ec4c2851081e5a16b9

SHA256
1e76029602ae9b21cc4e612db2496d92febed882ba13ba745f8b3309e85f9d39

SHA512
0ea343d0e696ba27877dc0611766c526aa73f6e7af46df5a0f83840dc4c7851fb5837b7f6bda8a014302bf877fe3b4b3e392b943cefb3af979e8afc67559a5ff

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\output\index.js

Filesize
947B

MD5
b0adfc74c8e51ce2ab659bfc13752ed3

SHA1
1b0879db53a00bbfeddcfdc0c190901387bab7bd

SHA256
a27d1a72ed1ecddffc57e70187a4b72467ed0dd34092b7e3d2817b9f4359ab5d

SHA512
4bd96fa626592e856431c3da18f7f2c5262fcf7f8fc95a4fa8b3ecd6bd7f53e82ee27d3255711df0addaaaa3fc7ba5e11104dd448f90f490e5517eabc1cdad42

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@electron\universal\node_modules\fs-extra\lib\path-exists\index.js

Filesize
263B

MD5
dfb2813673ea5279a9aa7305e5fe33f3

SHA1
6e6491c1ab3389433d1b39a33b3ac8760649a2c8

SHA256
5ce096c95daec0259817248921b39a9e0df4d342db171138ccb62440cc7a0cbe

SHA512
53d93b66ed4a2eca23046e6f2b08fcbe4cde40a2b841ab38db838ac75b0882947371024cb74ae43d2c9a2e095e2457e2207979c45f07d46e6e2b5f99efcfc794

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\@lwahonen\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\async\dist\async.js

Filesize
219KB

MD5
1257b1d9deaebe158498a18320cb5206

SHA1
6658b0192f5224d10475378ee50ce927b8b99f13

SHA256
caeea733f6f61bb394a1a5f71d8bda604765dcc9aea0f0a9a0e54243a1d4c7e8

SHA512
244bb4cc9a386415f1ff15392c92ffab5ceee43b78bada2f9836809b015738347cc781c8ec1eec97dd17d8a00e59d100079f7a6f9fa9790dc84f07ce64754fb1

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\async\package.json

Filesize
2KB

MD5
8b25d829d53060e8c855b44bf9f0a163

SHA1
fba8834d773d13fc6c9c74a1ea3ffd013859d7a1

SHA256
ed7622386e4427bbdd4eb08c09c0aca9bcc1d739becdfb421b2cd19c76dae308

SHA512
43427701fb7eaac7fd06ef99ff86cbf5c2a27d0ca28d5bf95b3b9cb0469b00a39dc81afee2d7d2dcb22ec0aef2dd4cc36e01c241ee507865f31be5377d3d9b2e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\b4a\index.js

Filesize
3KB

MD5
b792856285e9760aac0ca447b4cdad32

SHA1
c3f23229d5855aa849565a6f4dee345b4471e53e

SHA256
7bb04f74fe05865a5382a76b07cf11cf34f53a18d7e44679a70e3ad33baa4d64

SHA512
a147f23a7d0104812ec98d07604c96c47359aecef4873a912b87823737ed8fa4898e7574152815317c7c30c72f5857913453abc0616de20b998c151034bf818e

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\b4a\package.json

Filesize
701B

MD5
530ee244b7c2df2e16d152d4dbe039d5

SHA1
6b5e6be8639f0c3f9828fcae1d2bbae7344edde0

SHA256
287e126e6500f191066f1865ef155a4dd668ad08c177d42821a77a52e0202604

SHA512
5401f101832ba756eb7693751cd857349aef42052ae2c0d29c886fe514f74c356ffd8f4c0dac95508a801c7b8d6b2dbb515f3388c96c63b9ae844e37bf4024b6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\bindings\package.json

Filesize
660B

MD5
17005447df8440e0e386849b8fa2b682

SHA1
14bbbadeb1307b1f711ee10093d5b46a7889677c

SHA256
a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c

SHA512
a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\blake2b.js

Filesize
11KB

MD5
6d4fdddbe0e3df6ede11846ac2d9f104

SHA1
16ed563b7e5eb247279479de76bea594fab392f0

SHA256
ab8919c1546bd3015afb834e6f0948a7c53121be4f4107ce2a3f4eb31c3e77e9

SHA512
f895785e1143a0952c033db6317f9f7d1dfd8c220827019d4857f0c0a6fc67f08fb89ce2aa8fc45d601ee1afc40950c91de2532fc76fefda1c461fa25229c1f9

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\index.js

Filesize
4KB

MD5
b1c4d73faad73d98b01810cde1eb52fb

SHA1
67c75686ab7cbee0ac60c3a7f8a5a9ae083dc0ce

SHA256
0ab2389048116330718b012ce387aa693e3f318e9cc9b697d32a96d65bef25bd

SHA512
bb5440c3bc7f2f309b1aa237015b493e01ebf53c595413225658feed63e48d42851064615a45323f3c13c7f55c7193f5c73c2f9c1f196406e474813fc2feab4d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b-wasm\package.json

Filesize
782B

MD5
85f6234e8249e84f2a2361d5142707a3

SHA1
d3714b3f9fa05401342b89d5c9f9d47f9bdcd7ef

SHA256
5bda19aefb010a8fccff1fc5dce0e9d3ff75ae1921e584d1becb4c371b3b4541

SHA512
e6919601c8dd1f7dbbe487c42ec441411338cf7fcf3a2da0a4f7f91ed1d963d2db7e8a00ec4a4bbde5be8323db1fab55b44b364fc8684c710a041148c99b1e73

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b\index.js

Filesize
9KB

MD5
350e95a4d11b533abbd5d4414d38005f

SHA1
37f2bb772cc953169bbfc13087b13ba6952ed8b3

SHA256
89d35ca4687b8ad3bd659b1a39f44a8a4a393ac977be5af1e1ce32116c25c064

SHA512
8e9648cedceb87e36e915e050329d8ce246bfba0ac18f9d491efb0160e7e89defa7a4a33301def1dd4a2b72bf8b1ea6c64cf03dafb90c615f1e23d5d016e0863

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\blake2b\package.json

Filesize
742B

MD5
88595359281788f64142b0938af3f9db

SHA1
d35800917d86c3d104b9142926e9daa2ba4bf3dc

SHA256
47bcf83fa22df55efb1759c46153bc6e994036c2146d5a0de3867953a603f870

SHA512
a2b8cfc39020dce3384ecccb149df4092905e8ff77c14c93c6162eb35788c11b3141f2dc1382dbead2e0bbcc7f0970bc0e1af97b4e9795e2e0193f9fef4f7ef4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\node_modules\ms\package.json

Filesize
705B

MD5
b3ea7267a23f72028e774742792b114a

SHA1
fe112804e727b4f3489e9a52900349d0a4ed302c

SHA256
3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757

SHA512
01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\package.json

Filesize
1KB

MD5
2630a1ac039c8970c8fb0daf0f2f03c4

SHA1
ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7

SHA256
754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb

SHA512
a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\debug\src\node.js

Filesize
4KB

MD5
6e63fda079262f01e14f03bdf77146c0

SHA1
481608e3c95722f3a474336e5b777a6a521e76f9

SHA256
f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559

SHA512
3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\index.js

Filesize
7KB

MD5
d359d8698706d059e14b6f3eeedced8c

SHA1
9acb5276a78ed09acf81a62e1db439217aff85cf

SHA256
6c693e5ca23e904436e4bf6e68901147d319fd7132b2bcff4dd061615bb8a773

SHA512
f44a7196ad9d4f44085966ac6724f48d00566189136d08a9b13b4ac3cc7e6d1addf2e854098fb4c2ec94c28e3f48168f82b0d1134d0066237dd5fba91c35ccfd

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\stub.js

Filesize
156B

MD5
62063cc3b8565061daaddf496dd15731

SHA1
206166851431982536333b4a1b9c31f9e5111295

SHA256
3f39ca63ca2f696207da3702df9a4df21e980a13f0e77528340730e2bf315fd6

SHA512
a6006c18cdf95cf641e54e10c76ff6c7ae47d881435ca54847e2b687fec2a9a129a2e2e3ca600557a328b34c22c54cfd7a6db4865af0f122c6cb5963e65c66e5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\dist\templates.js

Filesize
458B

MD5
790b7b8bf5ed00feffce05aac1c79492

SHA1
5ac0afae48c626cc6474268c725342039e5e5ef0

SHA256
6bd01e7f8ea390760ae26ae469f6627dd7a9447360b477bba6911b76cb0e921f

SHA512
2522716477010a2ba3df3b1faa69fd8bb36cad02f6a43f95b7bbb75a49f516e6c2619e1dab8e1b85c888a2385b3435ffa95f9cda95e0c4dcdcb467cadbd515f5

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\electron-deeplink\package.json

Filesize
1KB

MD5
16fd5b35f0cbaed2b0b719e69f9f5a4b

SHA1
7b82df17cfdfcdfd8f8d4ff02502f1d7a8b964b4

SHA256
9fa3547f74427c8e7b20cd51a27f58d4a97a465f919177a7fb177143624e0e2c

SHA512
a19b574a3009dd7cf823dcfaf84790a60bec7b743211045cccaa3970923fc403af3c80d801d8a706cde599afe79317f99c98f429abefaad4583e6e181d55a5ed

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\file-uri-to-path\package.json

Filesize
717B

MD5
65f30030f0e7b2eff552eaabd8bb1fe1

SHA1
5dee8a540c467ffbf9025481180c77a06a9f46f2

SHA256
71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0

SHA512
763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
83c46187ed7b1e33a178f4c531c4ea81

SHA1
ea869663486f513cc4d1ca8312ed52a165c417fa

SHA256
e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9

SHA512
51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\ms\package.json

Filesize
732B

MD5
a682078f64a677ddad1f50307a14b678

SHA1
c290eb97736177176d071da4ac855ab995685c97

SHA256
1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40

SHA512
9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\nanoassert\index.js

Filesize
438B

MD5
44d45c7081a567a4d0cb4bbb36bf6be6

SHA1
69a7954eab536502b052557d5911acb9de503dad

SHA256
5a3c8dce33093172d9cb3d6bdd34e464d17a1da175a8f8b74f0c0d22dde94fbb

SHA512
0c3195a63b389bab6612e3824a65a5cacc2852aa2f8b272e34717be4608197bc1f9b4529879a13fa9567d0ae9846916dd645349b9797418f88e7ce7bc5d4e504

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\nanoassert\package.json

Filesize
647B

MD5
de6935b833716ef4d703b58e188ace78

SHA1
01cb598615db0cb08979b3ff1e4324d047eb1fa0

SHA256
2152421c559e2aeb7c002ecfeac306340d23cf3783446cea607a284658df30bd

SHA512
b134877eb15c2fa70a5e0549c8a736e8bb8ff84426cac51ed581f707d38c75c110f96c233825409a3948a6943fb1c26cc25617092b40645e68073d6d58f0ee65

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\index.js

Filesize
7KB

MD5
7d598c8605e26cafe489544f1730d380

SHA1
02c41eea7eb4ce2d32b7faeb4229edaa28b9d8e4

SHA256
8194f9425ce9ab06ea9aebcd64a85ec064d95d61bb349f8f1c98762ad256638e

SHA512
f79b6e635786bb4b38f80562d862a6a2c908ea691b3fc42712aae82591c735acd02d8fd79ccf37468e58f865bba28f9be0d92182b30c8e4b4ef7261bb57f213d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\lib\mappingTable.json

Filesize
253KB

MD5
26c6da7a34c8a051a60b3592287d3fea

SHA1
6e09dfd1d4d65675bba0a9bb69e0bd6393f0d5da

SHA256
b6b39724dca9011113a08d9d6910204062b58169e98952acdfbd19bf2c31bbff

SHA512
8ad552c64f53303c00f2a56c1fdc2d6c644b12aa993c181d5f4847fb4613701b3d03d2a4f8e347e1d755999681585ae3081e865ae54f21340c826196c2af83d4

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\node_modules\tr46\package.json

Filesize
732B

MD5
36ce158498fb4f35c9a42edb60665bbe

SHA1
49c76b0a075effa9325c17f55c4d6472ddf3c7a9

SHA256
615087f58ee138fd35c2b414c355b72e36e5919725b8aecc1c34f6a5585b9779

SHA512
676215940610329d35feef0674d9dc61a9ab7c265d6eedca582e13003acd8b9d8b4894c86e79eaa85e97266682dbbe9637826b99f0b9afa56dbcf9ad077a1a55

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\package.json

Filesize
9KB

MD5
a86e209d4b8219384556d7b641e571c2

SHA1
5453945c75646cd23bd9cd562c52ec86aae69189

SHA256
0c8bb2d6ce351c4dad829b23178c271b10d4cf028ba239edf4f687756cf2420e

SHA512
db612348233d366e249ed83f240c6144a16195979792c62f48b6af03f9c7648aa8593c122df99cae63fc1a007b5a7b04089b989270afc57a5e715ed754f41ba7

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
20B

MD5
adeb46363a0d587d0d93784e223ce1de

SHA1
ef8936254d20fdee5f1fcf80a43e5bab277d4993

SHA256
507a929a125c5038b68c113a1e4c7a17ccea1978fe43a4a92a16f905c54a41ec

SHA512
0479e1c3aee76e4ff939965655452716a99f9ad4457ae567d43cd3c12adfd80439908ad10146020b6c0548e620278377da762bb2556b3c1db54f74a5e709dfa6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
59KB

MD5
1eaf151c638887e91274ba78b4971b82

SHA1
e9133c67a618a0ab37a4e72db2430eab4651883a

SHA256
bccde14e9d7d6e2d63e598dd792169ddc977daba1b4869472be81fab60ddaa67

SHA512
69ac502da8d4fc8d916301caf36dc16ee58394bcc28e67189a5ee8c337dace2fdfe2c013eee2c11abbfef5061c328e520c51069818ad0f26af1fecdf024ac25b

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
90B

MD5
9bdcbe4d42586be22764e1b3ce4dae0d

SHA1
13fd17ce1470f94624692b5fec9c1230699c6b73

SHA256
31fc4c7febea3b7bb7068fc56a55644eece5b6d85536febbe560766c1fd1f608

SHA512
213b4fadde1f747023f926ad78620f17e108311d09522d57e6f49c16bdac794140eb822b734f3c0ee1128ab019f3386f25d55d0c4dd2a2775372a3509c885a30

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\resources\app\version.json

Filesize
44B

MD5
2b5e220a8873020b99c4bdb50c799b05

SHA1
04fd1be66a66ed2a231705b34a03580ca5e2f967

SHA256
d34f802da2c872234ddb17eb60d4de4fdf3644288ee693b9c71895a4e69d96c3

SHA512
09a65f666f273cc3faa2925f5cfbc6a32dbf5c5547505089d123cd4cc11946e8982dc1382bf81f7f483e8685de7e371afd524a21a071592dec1f4137eb489111

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\squirrel.exe

Filesize
2.0MB

MD5
ccea2b1c1820bc3c0431b3f713c14181

SHA1
eda155902d7c5104eddb404f0e03c8368165e745

SHA256
05989a097711e8628f5b3912321e23f66394b7873c319a775bde977908a09436

SHA512
00da888d8e9ddbb5ff9a85e90db3919e443cbf1e5bd8e237eff544216ec445e889395a3a54f70de2a6c314081deeb666414117c01ec1041dc15c90e2719344aa

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2535.0\v8_context_snapshot.bin

Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\UpdatedGameInfo.db

Filesize
704KB

MD5
c802ab8b172b592638403da2c08147d6

SHA1
c7822fd2b1b26b234f705a817df47fce54728ede

SHA256
8d2c921be6608e5bf89cc5a48e6928cb5964369d8ef5640833404050294fc25c

SHA512
dd2fe89ec24073787c0ac6eef3dcd32b25eccdfe928263f3aad9f3046d575a8626c63a0855fb4021ce16a9a0cf5fd0323a02a76f4f4d11bc53a2ce2c592df1b7

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\Updatedindex2.db

Filesize
1.6MB

MD5
17c5862bac88d5f021422ff9a5cdebae

SHA1
370ae08c4b41577d8eaf17726ba84678ccba8498

SHA256
f1c1358adad7cce662ef9d4f45eec1c67019ae0bc93ad5e6add1b5a19d7beb94

SHA512
308d153a584835127a6fac485ecd1133c651a9417aed6ec6a5fc7744f66080aed520b2bf55e1748ae188936cf4ab3dc68d6278fd73fa3d1807a5c798567d8f1c

Download Submit
C:\Users\Admin\AppData\Local\Medal\recorder-3.897.0-backup\events.json

Filesize
30KB

MD5
18e0f66f3d09939d94b9a7c18d23e9f6

SHA1
2e6da2aeab8b647107d36b57ea9a687b46100294

SHA256
9f8ad7a3d9337ee2b0aa6b1c3688935ad0793061b5c520166803611a762e9e32

SHA512
57eee01725bc4bd658bbd59747054bef29f2eb7448962be228f0655becce283d96f641aa99c090db0a661b268cf007b6053d51c8593c587b8b32b3d08fda01d9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
969371ddd9f9b4db6179c4fdc6e56545

SHA1
959e571107d82970405e322164c97cef9540b6eb

SHA256
d684a6dc4ed1c4ac7a5dabfa27fe8b10d2532b65fa1132ef6f8a0da5e46578c0

SHA512
678ea1f8af47eb91d2b7d066bffba1658c3638df27527a2d7d076a93e2307f2df23489038652d4311297ca7d9913a0ac6c063214867ca93fb7ba6d38ce7486ee

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
d1eb407d80c6dd2b86df39c2f5a7c0c8

SHA1
3c09fb7f21e90b61e5495603d48e1423daaa98de

SHA256
01d8f8aca664ecd655bdaf80003de490015ef67daa685a8d5abc1faa7af6a609

SHA512
56debfefbe89c5ad5476a1fe2ab114752a326adde6b8e867bb398a0a1b4d35405f3db2df96f295c9c2adb27d1eb49aac0ae5389f444271d56da85e4d1e4671b5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
356KB

MD5
b15e2e40fac551f7aaac328b423e5a31

SHA1
71e2bcdf47e0097a30c849b1c65611cfab7b9441

SHA256
08581fd1729f3ef887b32a9c943bd8d3bb2c0e71adea75065a990327cb46ce60

SHA512
c5ac4d3ee876a046b6c66e12c1d41e9991300e83ec736c2051297c9f711bf5e95f95fbac8dca51332c2911251a640844059aa33b965b2ec8733c63886e3cc715

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zruteagt.vu3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\install.log

Filesize
1002B

MD5
1ba7cce12b0eedb84a1d010683611387

SHA1
ef92cb176a808c77a0c44294feb89782ca38bf3b

SHA256
59a4fbe1d89f76be069972fa02cbba3c39f721ef733b444c9b0936cf6cb392f3

SHA512
a813f1082310c15edce6d09a6d6c041176aa3075c3df9e0a21864dd0cf9cd85cd3d8c9034b9becaf40fa2e888a220861b30c4293a3fd9486ea1a099a072bb8a1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\.logs\main-error.log

Filesize
6KB

MD5
ac9db855013a8da0038728a7d1160d31

SHA1
062137a3ad99d3a1b60b7a0b3fbda4d9ff1a450a

SHA256
561f2664eef72412369c472993946caadae5c57949273c376474334e6127f918

SHA512
def888f6edfa886d1ef0faa750fb757478082585348fcc990ca1154fa66ab7082faf4f721cce6745214b6e6aedd1b149eb157ae80e9afe0dfd8fa1e04455a1b3

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\Network Persistent State

Filesize
1KB

MD5
3d3dbde6cd647b71f750b764a3e36a2c

SHA1
0a2f84c88847a88257e2d2ee5d52065e52bae923

SHA256
6c36df616aae49fdd4f6ae243b3ece22035a79cfd6ec11175e708c399e95e200

SHA512
28e5abc7bdd5252db760078bbf4996b66ada207634fa923745fd314654f84c35105bd9c3546470908ec65e5239a62624b7734dbf02a453a8156a35664389d39a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
4d3d8f2541c21dbbffe9b5853acaf624

SHA1
6f40d74518b613e37400876210818101188fceae

SHA256
8c18daae47c040206d7226ffd0d3ee626549b869e108e3443798001d946d8d33

SHA512
552b572859046eef9b0168307efda8130f368315ad4733f0b1e81aa6f7ba4365df5f2f7fc2b4fc39a2346061515ed4983ef6b71e61d8f60b4fbf965ee52451ca

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
91176d1fb579c1e67a3f995dc95c73cc

SHA1
43d0175badf416814ece5f9fbfdf833b3c2b41a8

SHA256
bf573fff36fe7ce7b6851af5e7cd07c940985a5614e37ed312891c2f3871dc24

SHA512
7ba2243ab636175a1acb16d47197844d937011d89371f00efbb3a607ef59d916da47585f040280a01b11eab1aba3c90e00850d6e9a71bc906c2aac3b4d59f4ce

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity

Filesize
1KB

MD5
75cd85518399ad3de051e1f52b3f1d55

SHA1
bed8757fb931c6d1a83f7bd7b0d08fdadd5e952e

SHA256
e75801d64dac89318f7dbcd5df4a8e9f13d1a866648abdc9e8e932fa10349b11

SHA512
d29b3eabf61a8b9053ca96d940b316de64b5d7e3ac547bb8fdba9f9bc3bb01194a8fe019a06c711ebfff06a9075adba366b62c3f06f6c77d215c8d705264372f

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Network\TransportSecurity~RFe588e22.TMP

Filesize
539B

MD5
8bbd4f527dd6db80620f239891851a5c

SHA1
1a4d5e1d3f5b7b23ca82fbf449e2e5d7a3ab65d8

SHA256
a17ebed43d253955b541941111833a68369ce31d679a627e79958614bf6a955c

SHA512
fc0cf90774a157f23697445d8e24afb69823ca9b754ae2c7e27d12c4875573304382bef74db71948f766cd7c67d0971e6f4b867d7cc1e52f8f8b42ab48b8d296

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
300B

MD5
013105c777006fb14fb54922dbbe5732

SHA1
844d7aa1d78c58d471c8b8a2b417bffb48585f0f

SHA256
80a18e6303c2bf3246bf279bf66593e250c3687fa52471f08b9856fc8d469ee4

SHA512
ffb55de1589b7165ca234d95cfd611cc06e1c948f5077d118b82b4ec41852fc087427c573e3e8d2aca39b7f906cc592b35a390507d35e20cc1a5cc36933e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Partitions\ads\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Preferences

Filesize
132B

MD5
2681489d479b94877e20eb321641e312

SHA1
866c51b0ef0b093314e554d93371bd66405daae4

SHA256
8f248ae71fe6b6f216e2a0466e89078cbd95dde57b13c347ae6faf2679eb1099

SHA512
1e60a9dabf4032e929ca47721493dc56aa09bc5a7819babfc56e6bfa67ec85dfcb111b29ce1726ce7d016fca82dfa3691acc8449b756ff5952994d2e91e9179d

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\sentry\scope_v3.json

Filesize
19KB

MD5
3e8bd6efecb454339c00f3c3535fbda0

SHA1
45ab0ff50f58b8dba9cb28a7ba60ff676c281094

SHA256
acbdf4309a6f535b93e3399242c19748cf10f9af3a1b50cfbfb5c13f8bf469c8

SHA512
0ac07cd61b981b03a3971c8a424932ea15b034b6037322aa97eccbaabd5e756975896e3e513d0a70d6a76fbc374abf197ee00d1477c35fc785e7d4f618bdbd1f

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\game.json.1225055747

Filesize
3.6MB

MD5
8d1fb5965d11332a5787b859293cf85d

SHA1
4ee0e29e4b40429a56b394c1ca7373662a36c1ef

SHA256
4106f76fbd44126b95affa2d437dc70300a73c8dbd9fd1a9618f5146fdf5e4a9

SHA512
9a0f46dedbca3900d2e9a81eaeda44ee204f4c7e30d7d7357e37b5b8fc32c10ce77a27a1833407064ad479e7614ce61c0b418bb0d6ff658d910e701fa6458d33

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json

Filesize
2KB

MD5
0ccdafa0228040158d6bcc9c55ba1af7

SHA1
823ef651f86c8aedc50b9908a330b7481aa7041e

SHA256
acdfdff08fa09ef81271586688f66f95c69cf260f3e24539231dfa14ae510e4d

SHA512
369d411c5e14093c968a160ff323fbbdd49d95dfd523d2ea4090824ba3a0b5ff22206b47a3f10f4d9536ab410e9be904928ee28fe112365f6f274287bdbbd475

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.2235632439

Filesize
5KB

MD5
d5f6d057d558cf1db1d982a648139108

SHA1
091daf7bc73e59662ee2846104b42291bd21bd19

SHA256
638c97e220ded5cd56c3dcda4daed7d318be0bdf6b4d28417ef541c3389b3db2

SHA512
1d3ac44bac52625316abeeac5cdc183e228bfd359704e06d8f7a8c41ac21619e353d85b155af572f600c5e33ae5895ba165b33de2a40c22226da928c238e1dda

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\icymi.json.750538262

Filesize
6KB

MD5
8ddeb934e56255fd6e9a67b3c7d40e9f

SHA1
44d9a0b268f0a9e800fc2662a8847c8c72d26a94

SHA256
03926c59431f8501bbe69eaf526cd899854025bde13c8204594d6fac7a0c4b41

SHA512
109d69029e4619e4275b877b6f5a670b094b879bb4f8e895d055d5089866b2da3c46c7f7cbe5ae53980534b7a5e55c46df03285a1e03ff726718df4bf027a16e

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json

Filesize
32B

MD5
85e87aacfa3518639d14e7d44d155f27

SHA1
99545627fc0e0887ab04b85ffbafabe1aca15c41

SHA256
008418ae69c264c53cfc6d02d9bf3d70d3596c21888c9cda6322c7ac5587e826

SHA512
f12cfbb2c4b5a654f8706bf1289390f1183dd84f4a6101e26c587861d6d87d83c733819a86932320adacabc3b877fd8a9139d4319f5f925476f3f8015a3cbcc8

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.2051684734

Filesize
112B

MD5
a8f71c13d4a155cba63c20059d3585a5

SHA1
0448cf29491acc5896b0b0a5c27926f10cfe1fd0

SHA256
a4a0abaf115559b674dfda7d5729e114ae717bf57ce5af12226a9291c2f7550c

SHA512
3860fe5ce866ba73103ba4d67ba6e89796339f0872aa71927d16936b009d9b42c2a7ece6e636d38ea6a6400df7019a7f319be8e4f0e3525ff0bbd2f805d73fad

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.2181481985

Filesize
180B

MD5
b4ffd09b1c234e871b1b14ec7e6be13d

SHA1
3b1f302ced23d657a40f8359649551e82091de79

SHA256
e34d533f9b067067ec938b88620497b4626f5c6f2815017ab8a838b5f197d172

SHA512
7a2862a254770d083427a3d486204842d8bc945dc27da814f33e4a24e5912e876123b2a123d83d5f491ded757f4e5dffc7d8490065278fc5215f4c000a49b352

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\recorder.json.3344046774

Filesize
62B

MD5
59bc4a78e39dea1cd7ecabc613083338

SHA1
211316f199d03c6aaa532f561f9dcc561c53e04c

SHA256
a9af47c1448faccc7338411f17ac5f5bdf3f4fb92f1eeaea0290fa7d852ed6f2

SHA512
410cbfc02a859c2afcc7b2b91f56e3ce5851824db8cfd2fef9013ef664a7a2af8f7541b564323f37af6751e1359c9d04f6ac5f98b604a9eabd1793697e1e515a

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
70B

MD5
3a15daf1281b0af19279ac873eafef58

SHA1
abce7f2b8e6180efc6ede8e114f544e1480c9f4f

SHA256
62396ea0a8150cd36a37328203ac964ba4afca22b61610e68ce4550784bb213b

SHA512
26427778d25800aaba4119602651b3f486910043dc32817e3c2adbc033bd754af2938254d9249983f8323a79ade9d7dd003ccaf1962dbb0a54adcd0f0b4dbb41

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json

Filesize
262B

MD5
b942dcd6c836f58c01061408d0398e82

SHA1
060f72f04f46885a0326048764e798529cf164be

SHA256
932e280a998b6d8734d80bfd265cf259ef8590ebd7033655b670e64b3981c9f4

SHA512
d45308cd6e3700cba21ca2e60950d0591f27f3ba187b9e5bb8567ac66da0af8aabd3a9c92507833f86bac4e22aff3528fcb0f1fd3c94e96bcb700bf89201c893

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1049258761

Filesize
1KB

MD5
00ed24ebd4baffb74187ef56d7910085

SHA1
82562ef70782be0c51823403bfcf4185e00e08f0

SHA256
7aa9d980fb11ee5570a911aa70e530cdf072220e07b2876f4e07b45f4bc798f9

SHA512
d8805da261ddc6a614616d329f8ee663940f4dd3b942c211ae9242da84dc0d632cdcf77030c7abd852b41b23752737b7a91132bd9eff125c3d22cc937cef2fc2

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1182630155

Filesize
520B

MD5
cb8e72712836548e03e8e78beb550f27

SHA1
d3ad0cdab1a028b0ef51780fb8fd25c72a8255f6

SHA256
ac0fc593d6e462357093b15822205301ac4a2eac9637e66978e317a16e220884

SHA512
e989cb6e4fe36b36efcae03b12fa4aa8965ff60f51e9d2a42c81475205e00cdede3fdcd7f75f39a4960be63cea4fadbac7a10ca121598ba227679e7a5e3c2b45

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.1193348895

Filesize
118B

MD5
108dfbaaece2c4be12844ec7aa27cadf

SHA1
804c5bcaf817a749f525c2217a3036addb5c4657

SHA256
ee96b61ea371aea6cb5faaf5b5324e057620ff96d04afd7135f806c8985e1848

SHA512
5f1bfba7f0e176ad40d7affa83f6f4e117170d03503e883334b3320930e636634bcdddcd8ad79f637a77f716f4ebc122ba924886a25d7ec0ca76f0af2d7b27a6

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.2245207146

Filesize
219B

MD5
3157da6441fc9b201618a7a1b9141a1b

SHA1
db4cfb051c73150db1763022ffac10fad1294644

SHA256
627ba58da747673bdbea57c48c1a24eac13edf15d1f6d4a12f8d1fca6e016903

SHA512
f350aae775238f159bb624c044471fe0aca740b9e95c765f7d626c49cb3f63f4567df3b51cf44ad05bfd1c2d38198d966b331fae1763cad83200b36053cb8328

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.2573094022

Filesize
2KB

MD5
0199a596630d6e846abc0b3e3d5b7757

SHA1
ea0c0e97c348111f0cca874fa6fc700b3150a899

SHA256
c807db9cf1d66516902acd66c28fe4aa9535a37b87e78ce84ed4a040f8420ec3

SHA512
d13ebf3c6f677568669a845caf127220b583922bd55eff0ebde6d80f023c290d56b40ab71f791577ca5663d1e525f8e9770fe9444d5ccee883d9a1c9266cf9f4

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.2678770862

Filesize
121B

MD5
a85b70d3a04f44484e0a02906319a2c0

SHA1
d76f340566d6bfee3fe5ab97bb16911394691676

SHA256
f19ff08f4ad256a37d3b028e7a18e74bdfabb505dfd264bdee68dce89c52f822

SHA512
5b1b1646ab6668d0eebcbc1b50c8a3c932adeb1bdc3cfe40465de879ea6e4d74059756bbbddfec081fc8c2e2dd559b27ed9e2f4a354412b624167580eecb198c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.3299270400

Filesize
8KB

MD5
8bfaf46ddd4cf27e6f3fd2eaf3687a7c

SHA1
7235d0405bab5a38636ed7af7ff9d8f2d2f6cce9

SHA256
550047b2036c9e37a58fcc5b3ada09e385c83d430eb51c28b39d6d0a6eaf4e0e

SHA512
e143929049c4b8abfedd21746903295214a916507ebd1b21555c07187bf68cb56735b2719d5cbda3a761fedf36dd9fe095a7dcd4843c44b71f650e82b7714b34

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\settings.json.4055527851

Filesize
2KB

MD5
8a821c6b39b1057aaa389e6efee651b8

SHA1
e98f8ad6e7b3099aebbf4008cb2b4869a15c52b2

SHA256
765f9c49a74769e5efa764faa1c15c35f6daa19bbafd9ad4b2e2e0100b62b560

SHA512
eb2a1acf49b6f95ce82c8df1a04741b5eeb2c40e08b4c88bedba3f1eb2b8f52f8c1e202270be2008766570b03b7df2f01bdefee34241f5aaf20b80c84848dba7

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
fcdce7c60993e69b06c8ff3aed5da87d

SHA1
e7bad6e510c4870d713d829a7757fd6b9e337937

SHA256
bc8ceac4f1a7b382cb9a974cc00730f0cd031ea61b9efa6c022782d79ca1afe5

SHA512
e25f1b4c532a33d1a3ecb785f68b7b8c1b3696ec3940a9a08bf4e4ddc73804cd6acbafba0e4fc6da25cfdf51acb95e79bec67b8220a60642f581979f446ea6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
19KB

MD5
255e35ac0bab94f7ac7603d90e0abc0e

SHA1
701bc015a2ce89e54362e6b2400522cbde5f3f80

SHA256
d76b8bb07b77a9690d2240136cc4c913752d6b7be6d56ef5d9efa61a2ef63a8a

SHA512
03aca33068b9a3b4892fb8172b00b587efdc8f72bdaea13030c98cad188d16acc409f3497349343379404ba21f6186a038595e704e335c83cb03aba4a17f59f1

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json

Filesize
55B

MD5
a799cbc862d0683ff824f7068ee6fa5a

SHA1
94ff7290584ff1918ab951347cd20226c63d7679

SHA256
2ff68a31e68edde302463dcfd435096f484d52895f53fc12ef2d31b8ddb9282f

SHA512
7973f240c985f5cc8f507d258d854748f04a326b30bea7f07991e5bcb51f5a524c97086f4988724ce5e7913bd86ecae6d15ebc6ca8dd42bae96eaec7e10f8a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.2355710433

Filesize
115B

MD5
66ba88a2f01b7cfc69128472c8fb61f2

SHA1
bca237adb0dd3ff764cd011234321ed0294df752

SHA256
a4e370ae0ac45e514937739b5e99625e7053b0f24d744c992e35257fa837f888

SHA512
98023fb2a771e271a464e59c3b76d2862b2a91466238907d906e89ac0a7ef21cf7977d7c576f527abbe6d1d69c548c646ee3ed0cd03e976cdfeb11be4620b1f3

Download Submit
C:\Users\Admin\AppData\Roaming\Medal\store\store.json.4226779606

Filesize
115B

MD5
84aee38aac18d5f05802fc11ceff751d

SHA1
afeced52c0ed1ab94f8d0d34a85b8c1f42ed6192

SHA256
3adfd9839c8d7b0ef9951b90f114a314f0a2dd580532faed347295cd9984cbbf

SHA512
955f9f60d967981812b59ba4952e5426dbb7e84524757a84ecd67a2da86b92c18aea4a39b5450f99cf1d5086856e116232ff23f3dd6acd312537a24124de7791

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
6b23bc864604867f6f7f2729c28a702e

SHA1
eeb0b37344b27db4720b3b743c096dd539818e15

SHA256
d1a5926345ad0522cd57d119859a957342a5a3f8f4a64b6a227e8c954d262106

SHA512
8be54d043031b877d5f98532d05c38d3d7c519ef96c239bb879f8254ff2829794702d6df97c08c96dc3fa0e63b1ee12c2c5729426ffe3bef61eae0c0e60474ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
7320de8951d6e97ff7346b768812f81f

SHA1
89fdec385dbc65d7ddd3e80cd1ed8f2d4a4ef96a

SHA256
c93377e7bcc1944f296ca9d06fa1f64e59d1acf641e29324f334804689f97f57

SHA512
79b8e9e64c48be8d229c0533575a6a959e62e6f0b387a4f2360faa19c0b2f278f340f0e580f2961f085f44254717d021a5b5ee27163ca96f1f7ccf85e4a53f64

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
8a4511421d33d616a23f27b5713ac3f7

SHA1
fa4932c7d4fab0ae0f724280278147fc0f006e02

SHA256
1a7d3de3ee1af0e9b317340c50b8c1440a1b87146347808b81a0604b4afda836

SHA512
c7e08041e50252a158dfde141fd19a78fcb89073059999acde8dc75c2c5eef6551c645bcf5b544cee9f942f815b120865e5fa88695ea2449fb128649167a175c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
f1914092766e51066b303b75107d0795

SHA1
0af3f6a1772eb5b8d088e70b25d36960ed573eef

SHA256
d97d6e82257277dc1165406dd7bd9729b241fb9ecd92f8eb6643e3e0ec0800a7

SHA512
54b83b4b5b14325dbce438034977dcb70ce3f131485ac8da9c79eff7a6f2867461e38c2af586ffaebfaca27e99acf8ac9d0845d181d7933a2b6c0d47574423a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
898990f17cccf3cc1e4f18812d9c3c21

SHA1
eeb2d5da28eaf7ef73c6f8969c9a2e4c4e07100e

SHA256
2a60005cfd7b40b48bc692dec4ab7c1764a547e48e58fa42d66ac5768f62aab6

SHA512
e7bb524a256980a7e09cabf1b72b7ed93b7a2bcc8f880c3fbfea92192e21f44a4d88607f6fdb3667f00beedb644dd0437611f317cd7bb8309524480f1f5bd4a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
48a39116c1abe245abe636f55a023051

SHA1
18384e1f44090021bc605bfba724693c044f7b10

SHA256
741b9c848e3538ef48f0301d24c8d5a10244f84cb2abb0969aba84b3e1ae6e74

SHA512
77947dc0444efcbdb197e186ad58da14e60324472cfd8792f92403c740686443fe9c0af45994949e66c5c71801c9063714e194e4d44527dc224d7ad51d3a5ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
23b1868c92bde1720d0bfad4f70cb7b7

SHA1
3cde69847132875516946a645009ad343e000787

SHA256
72d5460c7c164e71526b12471d1dd69e1b8126149bee28e264f9357df40c7827

SHA512
1333b675995f0ad1fb0bca6b52fe7f3dd36a8a916845ba4b68d9b7614793de2a78713f12fe00e219830b2283d14666811f119d7ed77d569b304b2ba7ada78738

Download Submit
C:\Users\Admin\Documents\Medal\MedalLog20241013.txt

Filesize
1KB

MD5
1fa046dfc4d8eaaf02f6e0832944a68b

SHA1
4067e33f968635d0260c24045190e8cdddd35653

SHA256
45d6f01308037b9be398e70401d5c7e689674899bda2ce8cec8a6437c0049fb0

SHA512
b161590b45768deae0e0787046c37f612081e2f6757f99c33b926c77e562fb837ef724611927893a35a5e7b88be196a75258e58eb16ead0b61a9308197aa8acd

Download Submit
C:\Users\Admin\Documents\Medal\MedalLog20241013.txt

Filesize
5KB

MD5
f8d3c86f284a531f8baf671d8e80d510

SHA1
8ed328b639151b47cccb25878a410227ed2209a0

SHA256
5a27ca4a16c83fefaa991dd770d1cdcc9317cea64da1c511f17109b259eaf6e1

SHA512
dc35abb4dac011dc2db80a641e757053567e7dc0f045230002e7d0918d01edde6ca921ea9bee34e214e0406f5ccce913aae5261b7676878cf4ae1011c81cd8cb

Download Submit
memory/344-7792-0x0000000000490000-0x0000000000686000-memory.dmp

Filesize
2.0MB

Download
memory/716-8971-0x00007FF6DC190000-0x00007FF6E12D5000-memory.dmp

Filesize
81.3MB

Download
memory/1252-1825-0x000000001FAB0000-0x000000001FAE8000-memory.dmp

Filesize
224KB

Download
memory/1252-1829-0x000000001FA80000-0x000000001FA8E000-memory.dmp

Filesize
56KB

Download
memory/1252-9-0x00000000001A0000-0x0000000000376000-memory.dmp

Filesize
1.8MB

Download
memory/1496-8987-0x000001E9FF470000-0x000001E9FF4B6000-memory.dmp

Filesize
280KB

Download
memory/1520-9081-0x00007FF6DC190000-0x00007FF6E12D5000-memory.dmp

Filesize
81.3MB

Download
memory/1520-8723-0x00007FF6DC190000-0x00007FF6E12D5000-memory.dmp

Filesize
81.3MB

Download
memory/1520-8722-0x00007FF6DC190000-0x00007FF6E12D5000-memory.dmp

Filesize
81.3MB

Download
memory/2160-7947-0x0000000000AF0000-0x0000000000B10000-memory.dmp

Filesize
128KB

Download
memory/2356-7877-0x00007FFBC86D0000-0x00007FFBC86D1000-memory.dmp

Filesize
4KB

Download
memory/2356-7957-0x0000028526A50000-0x0000028526AF3000-memory.dmp

Filesize
652KB

Download
memory/2592-9203-0x00000287F6230000-0x00000287F6256000-memory.dmp

Filesize
152KB

Download
memory/2592-9357-0x00000287F6FF0000-0x00000287F6FF8000-memory.dmp

Filesize
32KB

Download
memory/2592-9131-0x00000287DCFD0000-0x00000287DCFDA000-memory.dmp

Filesize
40KB

Download
memory/2592-9132-0x00000287F5A90000-0x00000287F5A9A000-memory.dmp

Filesize
40KB

Download
memory/2592-10041-0x00000287F7550000-0x00000287F7F64000-memory.dmp

Filesize
10.1MB

Download
memory/2592-9139-0x00000287F5FE0000-0x00000287F5FF0000-memory.dmp

Filesize
64KB

Download
memory/2592-9138-0x00000287F5FD0000-0x00000287F5FD8000-memory.dmp

Filesize
32KB

Download
memory/2592-9137-0x00000287F5FC0000-0x00000287F5FD0000-memory.dmp

Filesize
64KB

Download
memory/2592-9136-0x00000287F5FB0000-0x00000287F5FB8000-memory.dmp

Filesize
32KB

Download
memory/2592-9135-0x00000287F5F10000-0x00000287F5F1A000-memory.dmp

Filesize
40KB

Download
memory/2592-9134-0x00000287F5F90000-0x00000287F5FAC000-memory.dmp

Filesize
112KB

Download
memory/2592-9142-0x00000287F6010000-0x00000287F6018000-memory.dmp

Filesize
32KB

Download
memory/2592-9144-0x00000287F6050000-0x00000287F6058000-memory.dmp

Filesize
32KB

Download
memory/2592-9141-0x00000287F6020000-0x00000287F6028000-memory.dmp

Filesize
32KB

Download
memory/2592-9140-0x00000287F6000000-0x00000287F6008000-memory.dmp

Filesize
32KB

Download
memory/2592-9143-0x00000287F6030000-0x00000287F6038000-memory.dmp

Filesize
32KB

Download
memory/2592-9128-0x00000287F5A30000-0x00000287F5A64000-memory.dmp

Filesize
208KB

Download
memory/2592-9129-0x00000287F5F20000-0x00000287F5F8C000-memory.dmp

Filesize
432KB

Download
memory/2592-9202-0x00000287F6260000-0x00000287F62BA000-memory.dmp

Filesize
360KB

Download
memory/2592-9127-0x00000287F64D0000-0x00000287F6AE8000-memory.dmp

Filesize
6.1MB

Download
memory/2592-9117-0x00000287F59F0000-0x00000287F5A22000-memory.dmp

Filesize
200KB

Download
memory/2592-9241-0x00000287FB970000-0x00000287FB9B8000-memory.dmp

Filesize
288KB

Download
memory/2592-9240-0x00000287FB830000-0x00000287FB85C000-memory.dmp

Filesize
176KB

Download
memory/2592-9242-0x00000287FC860000-0x00000287FC88A000-memory.dmp

Filesize
168KB

Download
memory/2592-9244-0x00000287F6EF0000-0x00000287F6F72000-memory.dmp

Filesize
520KB

Download
memory/2592-9243-0x00000287FCCA0000-0x00000287FCCB6000-memory.dmp

Filesize
88KB

Download
memory/2592-9250-0x00000287FAC40000-0x00000287FAC6A000-memory.dmp

Filesize
168KB

Download
memory/2592-9256-0x00000287F6330000-0x00000287F633A000-memory.dmp

Filesize
40KB

Download
memory/2592-9105-0x00000287F5CB0000-0x00000287F5D60000-memory.dmp

Filesize
704KB

Download
memory/2592-9092-0x00000287DB6B0000-0x00000287DB6CC000-memory.dmp

Filesize
112KB

Download
memory/2592-9291-0x00000287FB000000-0x00000287FB034000-memory.dmp

Filesize
208KB

Download
memory/2592-9255-0x00000287F6450000-0x00000287F6458000-memory.dmp

Filesize
32KB

Download
memory/2592-9292-0x00000287FB0C0000-0x00000287FB140000-memory.dmp

Filesize
512KB

Download
memory/2592-9283-0x00000287F6F80000-0x00000287F6FCC000-memory.dmp

Filesize
304KB

Download
memory/2592-9093-0x00000287DB730000-0x00000287DB74A000-memory.dmp

Filesize
104KB

Download
memory/2592-9345-0x00000287F6480000-0x00000287F648E000-memory.dmp

Filesize
56KB

Download
memory/2592-9091-0x00000287DB6E0000-0x00000287DB728000-memory.dmp

Filesize
288KB

Download
memory/2592-9090-0x00000287DB080000-0x00000287DB244000-memory.dmp

Filesize
1.8MB

Download
memory/2592-9372-0x00000287FB520000-0x00000287FB53E000-memory.dmp

Filesize
120KB

Download
memory/2592-9780-0x00000287FB090000-0x00000287FB098000-memory.dmp

Filesize
32KB

Download
memory/2592-9130-0x00000287DCFC0000-0x00000287DCFCA000-memory.dmp

Filesize
40KB

Download
memory/2592-9354-0x00000287F6FE0000-0x00000287F6FEA000-memory.dmp

Filesize
40KB

Download
memory/2592-9371-0x00000287FB040000-0x00000287FB054000-memory.dmp

Filesize
80KB

Download
memory/2592-9630-0x00000287FB3B0000-0x00000287FB3C8000-memory.dmp

Filesize
96KB

Download
memory/2592-9653-0x00000287FB430000-0x00000287FB444000-memory.dmp

Filesize
80KB

Download
memory/2592-9656-0x00000287FB450000-0x00000287FB462000-memory.dmp

Filesize
72KB

Download
memory/2592-9631-0x00000287FB0B0000-0x00000287FB0B8000-memory.dmp

Filesize
32KB

Download
memory/2592-9654-0x00000287FB490000-0x00000287FB4C2000-memory.dmp

Filesize
200KB

Download
memory/2592-9652-0x00000287FB860000-0x00000287FB8D2000-memory.dmp

Filesize
456KB

Download
memory/2592-9645-0x00000287FB3D0000-0x00000287FB3EC000-memory.dmp

Filesize
112KB

Download
memory/2592-9632-0x00000287FB400000-0x00000287FB422000-memory.dmp

Filesize
136KB

Download
memory/2692-8941-0x0000019646860000-0x000001964688A000-memory.dmp

Filesize
168KB

Download
memory/2692-8942-0x0000019646860000-0x0000019646884000-memory.dmp

Filesize
144KB

Download
memory/3480-8156-0x000001DFC7E90000-0x000001DFC7F33000-memory.dmp

Filesize
652KB

Download
memory/3480-10120-0x000001DFC7E90000-0x000001DFC7F33000-memory.dmp

Filesize
652KB

Download
memory/3480-9007-0x000001DFC7E90000-0x000001DFC7F33000-memory.dmp

Filesize
652KB

Download
memory/3480-10068-0x000001DFC7E90000-0x000001DFC7F33000-memory.dmp

Filesize
652KB

Download
memory/3736-10104-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10098-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10105-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10106-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10107-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10108-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10109-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10110-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10099-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/3736-10100-0x000001FC353D0000-0x000001FC353D1000-memory.dmp

Filesize
4KB

Download
memory/4324-10067-0x00000192FF630000-0x00000192FF6D3000-memory.dmp

Filesize
652KB

Download
memory/4324-10078-0x00000192FF630000-0x00000192FF6D3000-memory.dmp

Filesize
652KB

Download
memory/4324-9133-0x00000192FF630000-0x00000192FF6D3000-memory.dmp

Filesize
652KB

Download
memory/4424-7854-0x00000243F8530000-0x00000243F8552000-memory.dmp

Filesize
136KB

Download
memory/4532-9084-0x00000190046C0000-0x00000190046EA000-memory.dmp

Filesize
168KB

Download
memory/4964-8715-0x00000269C5800000-0x00000269C5D28000-memory.dmp

Filesize
5.2MB

Download
memory/4964-8713-0x00000269ABEE0000-0x00000269ABEFE000-memory.dmp

Filesize
120KB

Download
memory/4964-8712-0x00000269C4530000-0x00000269C45A6000-memory.dmp

Filesize
472KB

Download
memory/4964-8699-0x0000000000CA0000-0x0000000000CAE000-memory.dmp

Filesize
56KB

Download
memory/4964-8702-0x00000269ABE10000-0x00000269ABE22000-memory.dmp

Filesize
72KB

Download
memory/4964-8703-0x00000269C4680000-0x00000269C4842000-memory.dmp

Filesize
1.8MB

Download
memory/4964-8701-0x00000269ABDE0000-0x00000269ABE12000-memory.dmp

Filesize
200KB

Download
memory/4964-8700-0x0000000073240000-0x000000007324E000-memory.dmp

Filesize
56KB

Download