Analysis

  • max time kernel
    155s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-11-2024 12:08

General

  • Target

    setup_dzsalauncher-0.0.5.7.exe

  • Size

    3.6MB

  • MD5

    f760fc3e5080cd1f6e230920cdb157f1

  • SHA1

    d42ac82d90eba49484de93ef1604fae4b4a6a443

  • SHA256

    e04d02b36cddf48da918b6b609b2044b5226729cf8dd325a05d6c5b4f4600a70

  • SHA512

    cbd6ca7d5514e150acbc4a97bdb0ca0fa2e6661931b2bb7752d6442f2364de50cd6b9b9ab17dc5b65e4cb05178f62d17771705e9fe966331aa2e5a16c02913cc

  • SSDEEP

    98304:FkLhYed+K5jFYcfBUugg+iK1MfkXLXrhxt29s4C1eH9U:G20Scfmq+iLuXXt5o9U

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe
    "C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp" /SL5="$402DC,2887997,832512,C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:3940
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4676
    • C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe
      "C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4648
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87e92cc40,0x7ff87e92cc4c,0x7ff87e92cc58
        2⤵
          PID:2064
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
          2⤵
            PID:4144
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
            2⤵
              PID:3228
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:8
              2⤵
                PID:392
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
                2⤵
                  PID:784
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
                  2⤵
                    PID:3912
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
                    2⤵
                      PID:3232
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
                      2⤵
                        PID:2472
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
                        2⤵
                          PID:3096
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
                          2⤵
                            PID:4276
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                            2⤵
                            • Drops file in Windows directory
                            PID:1092
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff74eb04698,0x7ff74eb046a4,0x7ff74eb046b0
                              3⤵
                              • Drops file in Windows directory
                              PID:4516
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
                            2⤵
                              PID:1048
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
                              2⤵
                                PID:2748
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:8
                                2⤵
                                  PID:4648
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:2
                                  2⤵
                                    PID:944
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4872,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1
                                    2⤵
                                      PID:2448
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5336,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
                                      2⤵
                                        PID:2260
                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                      1⤵
                                        PID:2260
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                        1⤵
                                          PID:2436

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\ControlzEx.dll

                                          Filesize

                                          187KB

                                          MD5

                                          43f610ce7f89f81c4c26b7538743e2be

                                          SHA1

                                          8609d0b4e1f4aca5e52bc2ed4f0f5d0fe92ad9c5

                                          SHA256

                                          e56d497543e6aa5f0b919f2faf421fd48577decf9f99892a4ab4e83fa3da5c0e

                                          SHA512

                                          3e1b1cc8f993e7b0b8657cda26e4feb35c79b708cb95245f54d83b7e81cc96e77cbd123e0123f700202bfa11d9c656453d941934d166c4aa48850880995e3cd5

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe

                                          Filesize

                                          2.3MB

                                          MD5

                                          160ff04bd5797edfd63670622dd00261

                                          SHA1

                                          03c08d54d6d1cc7ab1083f51958fd8b4d5c5f48a

                                          SHA256

                                          71dda7f20634169d5b27e4c3aec82f509207aa5488480295bef1e6be11feb78b

                                          SHA512

                                          6a8abc4ed94cf381d295f36661ddd8b16218715212fcf009732dd288ec51347de1a1b1dec998972391042d4796703eb3df82a4a61cd50494c00a9464844930f9

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe.config

                                          Filesize

                                          1021B

                                          MD5

                                          6dbad3a683312cf6d1c4155851340bcd

                                          SHA1

                                          8606aaaf307a712d286112a576f665a1dcb33474

                                          SHA256

                                          982ba40c3d8f845a38131bf2074c2322cddd200e65fed976759cedf25184f8de

                                          SHA512

                                          4c4de369d9e633c2c13b3ecb3434843d4d9ffc1a0951630e706f7bad28c817962892c0c3be4e18aa32215a24364d11b7655a2c1a01f129e4d6130ce7b33b702d

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\DiscordRPC.dll

                                          Filesize

                                          80KB

                                          MD5

                                          a0828646cc122bd0c648f2f81242c9a5

                                          SHA1

                                          9e81b1bbc2889cbb55ae0f0f7e8fed3b02dc7099

                                          SHA256

                                          6098e9bd0f48acdb502f978128c17fdda3fcd91b0824fed425c2573961009844

                                          SHA512

                                          f32c5da7a0bc788e30fb358b7b32afff86207344a03c499465bd2583caf6549ea06fad521827b73e9106a9187ff31eaf27da8aec6a8bb9e9d81b66d7382f7923

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\Facepunch.Steamworks.Win64.dll

                                          Filesize

                                          545KB

                                          MD5

                                          f69434db8373ce22d9aaaf79606edb33

                                          SHA1

                                          c073756a4bbf17ca75d1a933054fe6f52dc00461

                                          SHA256

                                          cdfc7df1b238e01f0787c66d33adea1e01ab5517f715d6a28386d65404f7fd44

                                          SHA512

                                          608b7ca1fe2fe85c91e08096e4f93d8e9a78d9a6a74a2d42eb4f9fcd88c4bea27c07f87424d5e3d8b4d11dd1b473e75ec32fcd548aad7947a020b833b2a7f571

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\MahApps.Metro.dll

                                          Filesize

                                          1.1MB

                                          MD5

                                          bcf19dc71f94c207e326348ceaba9741

                                          SHA1

                                          fbb987a0f92210c40b0b477246964fc58de9dbff

                                          SHA256

                                          8fdb5591886d1764947b4d3369b59b5f383a5be67190eaf2ad85cb96180ea27d

                                          SHA512

                                          9444208526b840ca67722abb14d22908b6743943073b7e982358978290734db3ab017000f7ff6bc9508a912393423bf02b47a04df69fd612cf4001d75a1a5cdc

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\MarkdigToXaml.dll

                                          Filesize

                                          38KB

                                          MD5

                                          38d9394676911da227352fdc9d2fc5f8

                                          SHA1

                                          cb104dbbb4f22a60770e1e9f1ff5a9e52639954e

                                          SHA256

                                          d52ab7313279be7d486148e668021adce562b9d9c070b8d384ac877051b00f6a

                                          SHA512

                                          43c996f5445e92ff4707c0f4f920c4e180641add11bee101b462121c2f2a68819024874c3592f67ecd0f47ffc6285e9ba5838614bc892100c004d3a671287ec9

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\NLog.dll

                                          Filesize

                                          830KB

                                          MD5

                                          b747928eafeca85a4ba40a17373a9303

                                          SHA1

                                          258589c69e7b4a91eef58415f035deaa0209ba58

                                          SHA256

                                          c45ea8e9cd86bcd35d1e8004259d3927513e0b4ff42381e47c843c16dea97727

                                          SHA512

                                          2bc8ebc732e8958400a2f082fce351e799aa471fd12d82cb41f3e4d0747803d7d57d5902e00ff99cef764f089c3e0510ff39bac210789d6ebcf4f808765b78bd

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\Newtonsoft.Json.dll

                                          Filesize

                                          687KB

                                          MD5

                                          458744e0abe3cec7cc8b1612f60e7cbf

                                          SHA1

                                          e5b40b88802d2bf12a0c6634afed9bf128c0db95

                                          SHA256

                                          99c75a209632cb4c51b700cb7631c8523fd8e39436396d8d45a66330825ab7c0

                                          SHA512

                                          9c2c922c4dd0250714dee763a8e8dc9291f50da9793f0fda4046852b8e6c1a1cfad3d01dffaed41a588181420633994b0515734932c9d0c2f320406394befa50

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\Ninject.dll

                                          Filesize

                                          147KB

                                          MD5

                                          1193347a2250607464546e33d4f23c53

                                          SHA1

                                          9b33d632190787a7c586e8d6e8c873ff47205fe9

                                          SHA256

                                          4727a13b9f75bdd74e99b9c8d5afe3cafa067519019f669e1e105f94e67d3731

                                          SHA512

                                          d47591676c35728481014de4e9da1b1b21f440c434d54b28576393c8b45773783b384d99aa43b3c4df26b456a4345faf0c7ae5896c74c22d4dbba427e4670584

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\SteamQuery.dll

                                          Filesize

                                          22KB

                                          MD5

                                          92091c27b25780f4bf9b9b9ecb400283

                                          SHA1

                                          37c52c1c606d1499fe16f3df7decc53cdc0b1fcb

                                          SHA256

                                          e77a4d0b18a18cca39bd57d69b6117872fb537bf933141b34b2bd912c45ed463

                                          SHA512

                                          d6b4d5d636d5530dd71eb71a7ab62c9ff9828baf517dac8d2603dde182f5f2b9f7b6d662b6591cc95c0184c8ba70f84f1dd7d7eddf1bc3cb5e488b374e9561ba

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\System.Windows.Interactivity.dll

                                          Filesize

                                          50KB

                                          MD5

                                          35e76994551a45044fe19e783fa7cdea

                                          SHA1

                                          5e1a2621c53b1ded99083296f8525a17216bc897

                                          SHA256

                                          99da4ba5efdf321cf1154a53661c1e16bee3ff0018808a3f88695728ef44f815

                                          SHA512

                                          0593315c5aaeea096fa51affe44b4543c561260bb1f99b99e618a4075d213a3bde57a3bb1f414b962042ca83f8392c185690807ff7ed14bdc675676896cf06ce

                                        • C:\Users\Admin\AppData\Local\DZSALauncher\steam_api64.DLL

                                          Filesize

                                          261KB

                                          MD5

                                          332e060aaddf202dbdf3144eaa59f469

                                          SHA1

                                          aaddd19dadf07f20d15a536ffcf10651ffc9bea0

                                          SHA256

                                          7a0ba2cfaec6f45e157c8bd85eca9e2838151c0a39d9bf477b09dc2345813a59

                                          SHA512

                                          c8e584dacc04829011360bb30627b4b5bebfb6ba937e4fe5bf2f6e94573cf0e4cc5945bb1ca0daf2540b173c25da957bc594bb0de8fef9f90f026934769fdc1c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                          Filesize

                                          649B

                                          MD5

                                          5dd175d97a0b0498d2088617b2fa62c6

                                          SHA1

                                          3f5a3a592ecb5d40f0d281af5087165c09573427

                                          SHA256

                                          e624ff27195d2a4cece094ed5fc8b43b8409201ad838095876cc016697e69c8e

                                          SHA512

                                          47f9223ffae273e042dc9017b73b4dd8eb1c825d7413508c4d8f6c9fdbab74784013ba78e8f5c80fa4e881d9abaa9301d2d784092feb245e667c6010c9ec5c80

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                          Filesize

                                          215KB

                                          MD5

                                          e579aca9a74ae76669750d8879e16bf3

                                          SHA1

                                          0b8f462b46ec2b2dbaa728bea79d611411bae752

                                          SHA256

                                          6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

                                          SHA512

                                          df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          216B

                                          MD5

                                          4356463a59ff8c29b21fb364aaf4972b

                                          SHA1

                                          b8d3e8772dbe3a975dc9920730d84766210ba8da

                                          SHA256

                                          506175f91990a25c73848b16649a4b7b03ce405ca7479e8dedf474da8cada49c

                                          SHA512

                                          4de6fa646fa4904e8bcdba9f70086912a5ac3ef4addebfd029ea94193f1af7d67cbfdd2503896c62dfd5388180fa31875a401c09a764a7adbcd749bbef7c076b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          216B

                                          MD5

                                          f6e879b5af3d319c8f5de3c1ff373516

                                          SHA1

                                          4565f21910bf786879af4c76bdec0511527ff75e

                                          SHA256

                                          498e951b3dc4963e6b73f8845f18cab5f820e6419c11976248f6e1730e462700

                                          SHA512

                                          f1698cc2f918aead78038760f109b10107ff119e4682f6c8c0baf78f38b31c4d5e3c994f4b2a7e5e91875a5ade0fb2771f5f4cef2da172777c10b23f4c696328

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          216B

                                          MD5

                                          59a6058f4af683dfff3735d296ae4436

                                          SHA1

                                          2640d7017fc5ab2cdc7cbe919dcc6d138230f526

                                          SHA256

                                          b70fbddd52359ab02e114e9941863b8238e873c17ca27b896e8f000a90ef9244

                                          SHA512

                                          5e28eae0b646563a34d5b9d4971730bd44d063cb26df0074362920fa9f1a413f4cb11b91a0c4470e5fccff1c23166d151928d9146bbaddc2995de1a29f00c676

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                          Filesize

                                          851B

                                          MD5

                                          07ffbe5f24ca348723ff8c6c488abfb8

                                          SHA1

                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                          SHA256

                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                          SHA512

                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                          Filesize

                                          854B

                                          MD5

                                          4ec1df2da46182103d2ffc3b92d20ca5

                                          SHA1

                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                          SHA256

                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                          SHA512

                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          db45cdd1e0ee250029025cf94302889d

                                          SHA1

                                          4c48b8fdb86ca027ce305e2d7998f3e3ff9d3f66

                                          SHA256

                                          274dcc93a7736cee82a0c205282f02464e32ade1dbb3449c421bad20619bcdc8

                                          SHA512

                                          0b28d80886bf44bc556a064fff86cd3d746c39a30d2e94852dd5f0b6fa7a3ab37a55d452ce9d3f62536d3acc89fc2cbb3b9b4ae73a9b6fe1f5434958a4071986

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          354B

                                          MD5

                                          ce3ea4ea5bf523d59c0f69489fe80068

                                          SHA1

                                          423cbe9a7337cadef903a9c12b661403a62b0106

                                          SHA256

                                          da376389b4d204a47dbd7fde95889dbcbe70d9b188d8587493dafb99fdbc66d4

                                          SHA512

                                          176183fa9222bd5f3d40136160a5bb48e0fb8f8a230e013eedbd068100f7e9ccabf2b0d5b6ab4135216a0e10d97be9ddaa80a366245cc0b1ea56999710c5d36d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          857B

                                          MD5

                                          54b889e1300b69f6c179d6e425ba5ea5

                                          SHA1

                                          085076b68ddcbb2e1565a8beaa11e9bb8e089fb1

                                          SHA256

                                          15adc81585878058ce37d1f2cc109efa71c68982e84b8d11d050f41194944895

                                          SHA512

                                          8881ea0d05af0711c3cabe855c9f5773d53a6c57074ff0bfa78e46e8cc133027dcdfef0bb7747d466f3e5322ec48f3aac1a03600c444b36fb863589ebf8c5b1b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          354B

                                          MD5

                                          f6cb6b510e908cc24573ef3db7f5ac58

                                          SHA1

                                          20e26a698422fda1b17a85e2f1a057933079ff7e

                                          SHA256

                                          be2a677fb56014b246ee78ab2546504217bbe523f0dc3d6e58bee484f08ec7c2

                                          SHA512

                                          978ef46bfe77785df9669eeb29c63073599edff9ff4ad970974f828db7a9f788174a4f403991ccbf8e4e1f2ff246beb48d80c46c27aa36a571a1d974108231cd

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          81aeecb252f86d2eba0d3c38f3090be5

                                          SHA1

                                          4c078339d28628bfd4ae215e037c1a36d4ef8469

                                          SHA256

                                          fdc5d05b2eb9bf262c0ea625f6b65745d923f63f90efd6fbbfa8814603689b38

                                          SHA512

                                          a1bd172882d29d1434fca6c9193d72597db1511e3f827dda04c4280195a06c9f99ebe17b888c34eebef6de03062d108a7ad3c15d0fff460082073d211eda824d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          3ffdce816f49686a1afe021e6b971a82

                                          SHA1

                                          1d22dc219f0c18fc0ddfab5c460cf710ff71b96b

                                          SHA256

                                          4f4167e20a4702ff88ab4ac6fb497e24717dbf775477bf08a2d904a56be59882

                                          SHA512

                                          927f7637e3fb918362506843f9a37b8515f707b478ba23c20d96c3547032a46085d1ab7b1e83d7e53e590d6461e549321038ae018bf048477d7368a5c6a3b49c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          790e0b186e7c05fa1834173f872de92c

                                          SHA1

                                          f5e7919afc44d73f6f6ab012aaa3cb3359f559c6

                                          SHA256

                                          9c0746b8edb3dcdb216e1c4a1dd539cc76fc7b9c57c58ecdb4949c891319a320

                                          SHA512

                                          6be3d481cd61a7626c6e85d201d20c84bcf53a9a395c6cd07dfb246c4ff218b80ef4c8a2c1ce41b1f497b147dc13c875c8abedd6d5c79fc12be8696995a10212

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          9346ba5cb675e90470de876affcff361

                                          SHA1

                                          65d3e0839c82b23b2506ee614565ce63ddc44fcf

                                          SHA256

                                          2256c00cfa1ad66972ff1621f9ab33be70389dcbf97fc75d6b69a13ac73af583

                                          SHA512

                                          ac0b3a52e0b6bd448c5a5b241bb268a613f1e6e5cb570712452b7c45be8adcfa801d854258693e4c666e07776a799c28017bf4dfff1ecd8566ca864675c6f0bf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          7d04e137ae618937b7d02d1e479c65f3

                                          SHA1

                                          c2f9d5296988f37f03b81d37887551555247e3a6

                                          SHA256

                                          bbf62f7a78c9781487ba71b0b7be60745de7cc211b037782b3c559ffe9251950

                                          SHA512

                                          cba61473483dae8782c36201c88248c881744045fe5388a5ceb4cc335495bfcb0270675c56cc42c5e967bf9d27c5bdb66567a3e14387713f8d35bda8255c0f17

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          361da8aee79c1350bad22c141295953a

                                          SHA1

                                          e167b96f08de6934ba31725be3f139f81d6ef7e2

                                          SHA256

                                          28860e2ab1c96965750ce775fa79a4402bcfb23a045280d87053505b6ff827ac

                                          SHA512

                                          5ebabfeb134858a28f9e8050f0300ccd6f6e553ab647c721a9e40445b6c7d226d9e5234b21da42b4d19832399a4ba0c537d46ea1af55b96730163018d711bdc6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          2ba2b1fe03c505c10d0227987aa8b1d9

                                          SHA1

                                          5117863aa21dc72b0119a84e2e79ded2d2cf3c71

                                          SHA256

                                          4227af94bff209b427d26a2656599b2c5c060bb769283b2ca12998aa8aef6aee

                                          SHA512

                                          e25a01c321c6a9b158a327c0489d5cf395ece1e68005cdd455237c7a3f600e53598cdac5e2f68c561c98e6a1b1bd67284c46fee1f5cdffbf1291c65ad8f1e747

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          31f84d9a957cdf42c7d101f20c7087ff

                                          SHA1

                                          17b5547c9352d6d0ecd139c90ffa4bd04fe474f9

                                          SHA256

                                          ed2c37490ddd9b4309662b63995258d4ee701c83f1a0e4a55f8734224f00d83c

                                          SHA512

                                          df76529e1967f1d9b068bc18b82c9c50bb1f8e77adc714e262239fd6edca5c93a7abfc75f8fa1d0bb819eec55b9e4357288710d42ab8cfc5243b05f30b6ffc0a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          15KB

                                          MD5

                                          af0380907874b945737ad90291a6488c

                                          SHA1

                                          17413a53ad6d33aa67953b672a749f518408b649

                                          SHA256

                                          63b466002b392cfefbc9f6160009c518f3ce223a2f562d117a321bcb744e46a9

                                          SHA512

                                          8369d5461c60a33ebf584b2b3d8a8db7985a73368a9a95df793ffc4eab6a914ebb7bb159bda045caa3f7a5ee990be6abb9f4172f5ab296a9179c0e942c422fd7

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                          Filesize

                                          72B

                                          MD5

                                          3abe79b9fd73ffa0d295abf590998365

                                          SHA1

                                          b6b8a81485d55b3ae65b9cce57493de02221a2cc

                                          SHA256

                                          f1c9a96c21c2e40d707e956e98803cbf4ce3b5a1e1ad300a44c9919c800f110c

                                          SHA512

                                          5b2cdb201f3f480b8892439f8305509c156ec932a1b03d0f1f6c70dde89e4e3888bb71506b45ac437998dc849992e212e6a9a7ef568ed1248a755a662ad83456

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          232KB

                                          MD5

                                          6bbc72f9fd5b02973ce0c371cf7188bc

                                          SHA1

                                          1ad0d5a9dd7650361335ba6adcdbc0db55d411bf

                                          SHA256

                                          18df55eef14e551852e02391d73fc68e4320ff2f6c25bfa8ff500e32a6a83945

                                          SHA512

                                          3b350197724572d2f306a279f2c8605d27a120c96c119268b7cd5812f3cce8f0796a21f53d509427e385c226da62afa1d7e4f63e4fefb2127c51c7782c39431a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          232KB

                                          MD5

                                          154029d482599b04c40587a7f1aa60d1

                                          SHA1

                                          8b329a41cbe32c34ad4bb2cb48d36ccb4d05a73b

                                          SHA256

                                          8c13300ed2c0ed264e1e94c21a16dbcf2cb5932a2a86d334da91af971259119e

                                          SHA512

                                          60863964012fe63077aff4411ecd1090dc39de210e3e355a855b45424e22577ce246ea51df0f0e9f92a3c8f8d771995d28a11607021662344d9191cb50fc2f5a

                                        • C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp

                                          Filesize

                                          3.1MB

                                          MD5

                                          5e49bedce38561bc9930155ce1ed454b

                                          SHA1

                                          a5127132e7768a0b2db444f40ed4a7a2bdc62cc9

                                          SHA256

                                          d158fa31f9c2a66a928acbbf682d692870f8e52e69a9a16958c0dfffed18c909

                                          SHA512

                                          46c4d86f24c7c7f6242f89257e9db07d4b24558fa2d0ee97d5cc6fb51db59123773e53a93275079c03371d2a547dd0c8f442250ee7022694ec97773df9b75d92

                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_32487848\CRX_INSTALL\_locales\en_CA\messages.json

                                          Filesize

                                          711B

                                          MD5

                                          558659936250e03cc14b60ebf648aa09

                                          SHA1

                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                          SHA256

                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                          SHA512

                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_32487848\e2cb7d93-3071-42b6-bbc4-e16802278d3e.tmp

                                          Filesize

                                          132KB

                                          MD5

                                          da75bb05d10acc967eecaac040d3d733

                                          SHA1

                                          95c08e067df713af8992db113f7e9aec84f17181

                                          SHA256

                                          33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                          SHA512

                                          56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                        • memory/1488-0-0x0000000000400000-0x00000000004D8000-memory.dmp

                                          Filesize

                                          864KB

                                        • memory/1488-2-0x0000000000401000-0x00000000004B7000-memory.dmp

                                          Filesize

                                          728KB

                                        • memory/1488-73-0x0000000000400000-0x00000000004D8000-memory.dmp

                                          Filesize

                                          864KB

                                        • memory/1488-77-0x0000000000400000-0x00000000004D8000-memory.dmp

                                          Filesize

                                          864KB

                                        • memory/3940-8-0x0000000000400000-0x000000000071C000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/3940-75-0x0000000000400000-0x000000000071C000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/3940-76-0x0000000000400000-0x000000000071C000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/3940-74-0x0000000000400000-0x000000000071C000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/4648-94-0x0000029190B30000-0x0000029190B3C000-memory.dmp

                                          Filesize

                                          48KB

                                        • memory/4648-81-0x00007FF86BB23000-0x00007FF86BB25000-memory.dmp

                                          Filesize

                                          8KB

                                        • memory/4648-107-0x0000029190B40000-0x0000029190B48000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/4648-112-0x00000291AB080000-0x00000291AB0B8000-memory.dmp

                                          Filesize

                                          224KB

                                        • memory/4648-113-0x0000029192470000-0x000002919247E000-memory.dmp

                                          Filesize

                                          56KB

                                        • memory/4648-88-0x0000029190AD0000-0x0000029190AD8000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/4648-111-0x0000029192460000-0x0000029192468000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/4648-84-0x0000029190AF0000-0x0000029190B18000-memory.dmp

                                          Filesize

                                          160KB

                                        • memory/4648-82-0x0000029190450000-0x000002919069E000-memory.dmp

                                          Filesize

                                          2.3MB

                                        • memory/4648-90-0x00000291AAE40000-0x00000291AAF52000-memory.dmp

                                          Filesize

                                          1.1MB

                                        • memory/4648-106-0x00000291AACF0000-0x00000291AAD00000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/4648-104-0x00000291AB040000-0x00000291AB072000-memory.dmp

                                          Filesize

                                          200KB

                                        • memory/4648-96-0x00000291AAF60000-0x00000291AB032000-memory.dmp

                                          Filesize

                                          840KB

                                        • memory/4648-98-0x00000291AB0F0000-0x00000291AB1A0000-memory.dmp

                                          Filesize

                                          704KB

                                        • memory/4648-101-0x0000029192480000-0x00000291924A2000-memory.dmp

                                          Filesize

                                          136KB

                                        • memory/4648-116-0x00000291AE350000-0x00000291AE3DC000-memory.dmp

                                          Filesize

                                          560KB

                                        • memory/4648-110-0x00000291AB670000-0x00000291AB744000-memory.dmp

                                          Filesize

                                          848KB

                                        • memory/4648-109-0x00000291924B0000-0x00000291924C8000-memory.dmp

                                          Filesize

                                          96KB