Malware Analysis Report

2025-01-18 23:53

Sample ID 241115-payefateqg
Target setup_dzsalauncher-0.0.5.7.exe
SHA256 e04d02b36cddf48da918b6b609b2044b5226729cf8dd325a05d6c5b4f4600a70
Tags
steam discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

e04d02b36cddf48da918b6b609b2044b5226729cf8dd325a05d6c5b4f4600a70

Threat Level: Likely benign

The file setup_dzsalauncher-0.0.5.7.exe was found to be: Likely benign.

Malicious Activity Summary

steam discovery phishing

Detected potential entity reuse from brand STEAM.

Loads dropped DLL

Drops file in Windows directory

Checks installed software on the system

Executes dropped EXE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 12:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 12:08

Reported

2024-11-15 12:11

Platform

win11-20241007-en

Max time kernel

155s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"

Signatures

Detected potential entity reuse from brand STEAM.

phishing steam

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761461573973955" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152 C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\URL Protocol C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\DZSALauncher\\DZSALauncher.exe " C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\ = "URL:Run game 535883735271473152 protocol" C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\DefaultIcon C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DZSALauncher\\DZSALauncher.exe" C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open\command C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp
PID 1488 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp
PID 1488 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp
PID 1540 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe

"C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"

C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp" /SL5="$402DC,2887997,832512,C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe

"C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87e92cc40,0x7ff87e92cc4c,0x7ff87e92cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff74eb04698,0x7ff74eb046a4,0x7ff74eb046b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4872,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5336,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 dayzsalauncher.com udp
US 104.21.74.188:443 dayzsalauncher.com tcp
US 104.21.74.188:443 dayzsalauncher.com tcp
US 104.21.74.188:443 dayzsalauncher.com tcp
US 103.224.182.253:80 support.launcher.eu tcp
US 104.21.74.188:443 dayzsalauncher.com tcp
US 8.8.8.8:53 253.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 188.74.21.104.in-addr.arpa udp
GB 2.18.66.81:443 tcp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.132:443 r.bing.com tcp
AU 104.46.162.225:443 browser.pipe.aria.microsoft.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 chrome.google.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 23.214.143.155:443 help.steampowered.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp

Files

memory/1488-0-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/1488-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp

MD5 5e49bedce38561bc9930155ce1ed454b
SHA1 a5127132e7768a0b2db444f40ed4a7a2bdc62cc9
SHA256 d158fa31f9c2a66a928acbbf682d692870f8e52e69a9a16958c0dfffed18c909
SHA512 46c4d86f24c7c7f6242f89257e9db07d4b24558fa2d0ee97d5cc6fb51db59123773e53a93275079c03371d2a547dd0c8f442250ee7022694ec97773df9b75d92

memory/3940-8-0x0000000000400000-0x000000000071C000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe

MD5 160ff04bd5797edfd63670622dd00261
SHA1 03c08d54d6d1cc7ab1083f51958fd8b4d5c5f48a
SHA256 71dda7f20634169d5b27e4c3aec82f509207aa5488480295bef1e6be11feb78b
SHA512 6a8abc4ed94cf381d295f36661ddd8b16218715212fcf009732dd288ec51347de1a1b1dec998972391042d4796703eb3df82a4a61cd50494c00a9464844930f9

memory/1488-73-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/3940-75-0x0000000000400000-0x000000000071C000-memory.dmp

memory/3940-76-0x0000000000400000-0x000000000071C000-memory.dmp

memory/3940-74-0x0000000000400000-0x000000000071C000-memory.dmp

memory/1488-77-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe.config

MD5 6dbad3a683312cf6d1c4155851340bcd
SHA1 8606aaaf307a712d286112a576f665a1dcb33474
SHA256 982ba40c3d8f845a38131bf2074c2322cddd200e65fed976759cedf25184f8de
SHA512 4c4de369d9e633c2c13b3ecb3434843d4d9ffc1a0951630e706f7bad28c817962892c0c3be4e18aa32215a24364d11b7655a2c1a01f129e4d6130ce7b33b702d

memory/4648-81-0x00007FF86BB23000-0x00007FF86BB25000-memory.dmp

memory/4648-82-0x0000029190450000-0x000002919069E000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\Ninject.dll

MD5 1193347a2250607464546e33d4f23c53
SHA1 9b33d632190787a7c586e8d6e8c873ff47205fe9
SHA256 4727a13b9f75bdd74e99b9c8d5afe3cafa067519019f669e1e105f94e67d3731
SHA512 d47591676c35728481014de4e9da1b1b21f440c434d54b28576393c8b45773783b384d99aa43b3c4df26b456a4345faf0c7ae5896c74c22d4dbba427e4670584

memory/4648-84-0x0000029190AF0000-0x0000029190B18000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\SteamQuery.dll

MD5 92091c27b25780f4bf9b9b9ecb400283
SHA1 37c52c1c606d1499fe16f3df7decc53cdc0b1fcb
SHA256 e77a4d0b18a18cca39bd57d69b6117872fb537bf933141b34b2bd912c45ed463
SHA512 d6b4d5d636d5530dd71eb71a7ab62c9ff9828baf517dac8d2603dde182f5f2b9f7b6d662b6591cc95c0184c8ba70f84f1dd7d7eddf1bc3cb5e488b374e9561ba

memory/4648-88-0x0000029190AD0000-0x0000029190AD8000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\MahApps.Metro.dll

MD5 bcf19dc71f94c207e326348ceaba9741
SHA1 fbb987a0f92210c40b0b477246964fc58de9dbff
SHA256 8fdb5591886d1764947b4d3369b59b5f383a5be67190eaf2ad85cb96180ea27d
SHA512 9444208526b840ca67722abb14d22908b6743943073b7e982358978290734db3ab017000f7ff6bc9508a912393423bf02b47a04df69fd612cf4001d75a1a5cdc

memory/4648-90-0x00000291AAE40000-0x00000291AAF52000-memory.dmp

memory/4648-94-0x0000029190B30000-0x0000029190B3C000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\MarkdigToXaml.dll

MD5 38d9394676911da227352fdc9d2fc5f8
SHA1 cb104dbbb4f22a60770e1e9f1ff5a9e52639954e
SHA256 d52ab7313279be7d486148e668021adce562b9d9c070b8d384ac877051b00f6a
SHA512 43c996f5445e92ff4707c0f4f920c4e180641add11bee101b462121c2f2a68819024874c3592f67ecd0f47ffc6285e9ba5838614bc892100c004d3a671287ec9

C:\Users\Admin\AppData\Local\DZSALauncher\NLog.dll

MD5 b747928eafeca85a4ba40a17373a9303
SHA1 258589c69e7b4a91eef58415f035deaa0209ba58
SHA256 c45ea8e9cd86bcd35d1e8004259d3927513e0b4ff42381e47c843c16dea97727
SHA512 2bc8ebc732e8958400a2f082fce351e799aa471fd12d82cb41f3e4d0747803d7d57d5902e00ff99cef764f089c3e0510ff39bac210789d6ebcf4f808765b78bd

memory/4648-96-0x00000291AAF60000-0x00000291AB032000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\Newtonsoft.Json.dll

MD5 458744e0abe3cec7cc8b1612f60e7cbf
SHA1 e5b40b88802d2bf12a0c6634afed9bf128c0db95
SHA256 99c75a209632cb4c51b700cb7631c8523fd8e39436396d8d45a66330825ab7c0
SHA512 9c2c922c4dd0250714dee763a8e8dc9291f50da9793f0fda4046852b8e6c1a1cfad3d01dffaed41a588181420633994b0515734932c9d0c2f320406394befa50

memory/4648-98-0x00000291AB0F0000-0x00000291AB1A0000-memory.dmp

memory/4648-101-0x0000029192480000-0x00000291924A2000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\ControlzEx.dll

MD5 43f610ce7f89f81c4c26b7538743e2be
SHA1 8609d0b4e1f4aca5e52bc2ed4f0f5d0fe92ad9c5
SHA256 e56d497543e6aa5f0b919f2faf421fd48577decf9f99892a4ab4e83fa3da5c0e
SHA512 3e1b1cc8f993e7b0b8657cda26e4feb35c79b708cb95245f54d83b7e81cc96e77cbd123e0123f700202bfa11d9c656453d941934d166c4aa48850880995e3cd5

memory/4648-104-0x00000291AB040000-0x00000291AB072000-memory.dmp

memory/4648-106-0x00000291AACF0000-0x00000291AAD00000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\System.Windows.Interactivity.dll

MD5 35e76994551a45044fe19e783fa7cdea
SHA1 5e1a2621c53b1ded99083296f8525a17216bc897
SHA256 99da4ba5efdf321cf1154a53661c1e16bee3ff0018808a3f88695728ef44f815
SHA512 0593315c5aaeea096fa51affe44b4543c561260bb1f99b99e618a4075d213a3bde57a3bb1f414b962042ca83f8392c185690807ff7ed14bdc675676896cf06ce

memory/4648-107-0x0000029190B40000-0x0000029190B48000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\DiscordRPC.dll

MD5 a0828646cc122bd0c648f2f81242c9a5
SHA1 9e81b1bbc2889cbb55ae0f0f7e8fed3b02dc7099
SHA256 6098e9bd0f48acdb502f978128c17fdda3fcd91b0824fed425c2573961009844
SHA512 f32c5da7a0bc788e30fb358b7b32afff86207344a03c499465bd2583caf6549ea06fad521827b73e9106a9187ff31eaf27da8aec6a8bb9e9d81b66d7382f7923

memory/4648-109-0x00000291924B0000-0x00000291924C8000-memory.dmp

memory/4648-110-0x00000291AB670000-0x00000291AB744000-memory.dmp

memory/4648-111-0x0000029192460000-0x0000029192468000-memory.dmp

memory/4648-113-0x0000029192470000-0x000002919247E000-memory.dmp

memory/4648-112-0x00000291AB080000-0x00000291AB0B8000-memory.dmp

C:\Users\Admin\AppData\Local\DZSALauncher\Facepunch.Steamworks.Win64.dll

MD5 f69434db8373ce22d9aaaf79606edb33
SHA1 c073756a4bbf17ca75d1a933054fe6f52dc00461
SHA256 cdfc7df1b238e01f0787c66d33adea1e01ab5517f715d6a28386d65404f7fd44
SHA512 608b7ca1fe2fe85c91e08096e4f93d8e9a78d9a6a74a2d42eb4f9fcd88c4bea27c07f87424d5e3d8b4d11dd1b473e75ec32fcd548aad7947a020b833b2a7f571

C:\Users\Admin\AppData\Local\DZSALauncher\steam_api64.DLL

MD5 332e060aaddf202dbdf3144eaa59f469
SHA1 aaddd19dadf07f20d15a536ffcf10651ffc9bea0
SHA256 7a0ba2cfaec6f45e157c8bd85eca9e2838151c0a39d9bf477b09dc2345813a59
SHA512 c8e584dacc04829011360bb30627b4b5bebfb6ba937e4fe5bf2f6e94573cf0e4cc5945bb1ca0daf2540b173c25da957bc594bb0de8fef9f90f026934769fdc1c

memory/4648-116-0x00000291AE350000-0x00000291AE3DC000-memory.dmp

\??\pipe\crashpad_1540_KOQJGXIUGHFTFYBJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_32487848\e2cb7d93-3071-42b6-bbc4-e16802278d3e.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_32487848\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5dd175d97a0b0498d2088617b2fa62c6
SHA1 3f5a3a592ecb5d40f0d281af5087165c09573427
SHA256 e624ff27195d2a4cece094ed5fc8b43b8409201ad838095876cc016697e69c8e
SHA512 47f9223ffae273e042dc9017b73b4dd8eb1c825d7413508c4d8f6c9fdbab74784013ba78e8f5c80fa4e881d9abaa9301d2d784092feb245e667c6010c9ec5c80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 154029d482599b04c40587a7f1aa60d1
SHA1 8b329a41cbe32c34ad4bb2cb48d36ccb4d05a73b
SHA256 8c13300ed2c0ed264e1e94c21a16dbcf2cb5932a2a86d334da91af971259119e
SHA512 60863964012fe63077aff4411ecd1090dc39de210e3e355a855b45424e22577ce246ea51df0f0e9f92a3c8f8d771995d28a11607021662344d9191cb50fc2f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ba2b1fe03c505c10d0227987aa8b1d9
SHA1 5117863aa21dc72b0119a84e2e79ded2d2cf3c71
SHA256 4227af94bff209b427d26a2656599b2c5c060bb769283b2ca12998aa8aef6aee
SHA512 e25a01c321c6a9b158a327c0489d5cf395ece1e68005cdd455237c7a3f600e53598cdac5e2f68c561c98e6a1b1bd67284c46fee1f5cdffbf1291c65ad8f1e747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6cb6b510e908cc24573ef3db7f5ac58
SHA1 20e26a698422fda1b17a85e2f1a057933079ff7e
SHA256 be2a677fb56014b246ee78ab2546504217bbe523f0dc3d6e58bee484f08ec7c2
SHA512 978ef46bfe77785df9669eeb29c63073599edff9ff4ad970974f828db7a9f788174a4f403991ccbf8e4e1f2ff246beb48d80c46c27aa36a571a1d974108231cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 af0380907874b945737ad90291a6488c
SHA1 17413a53ad6d33aa67953b672a749f518408b649
SHA256 63b466002b392cfefbc9f6160009c518f3ce223a2f562d117a321bcb744e46a9
SHA512 8369d5461c60a33ebf584b2b3d8a8db7985a73368a9a95df793ffc4eab6a914ebb7bb159bda045caa3f7a5ee990be6abb9f4172f5ab296a9179c0e942c422fd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31f84d9a957cdf42c7d101f20c7087ff
SHA1 17b5547c9352d6d0ecd139c90ffa4bd04fe474f9
SHA256 ed2c37490ddd9b4309662b63995258d4ee701c83f1a0e4a55f8734224f00d83c
SHA512 df76529e1967f1d9b068bc18b82c9c50bb1f8e77adc714e262239fd6edca5c93a7abfc75f8fa1d0bb819eec55b9e4357288710d42ab8cfc5243b05f30b6ffc0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3abe79b9fd73ffa0d295abf590998365
SHA1 b6b8a81485d55b3ae65b9cce57493de02221a2cc
SHA256 f1c9a96c21c2e40d707e956e98803cbf4ce3b5a1e1ad300a44c9919c800f110c
SHA512 5b2cdb201f3f480b8892439f8305509c156ec932a1b03d0f1f6c70dde89e4e3888bb71506b45ac437998dc849992e212e6a9a7ef568ed1248a755a662ad83456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4356463a59ff8c29b21fb364aaf4972b
SHA1 b8d3e8772dbe3a975dc9920730d84766210ba8da
SHA256 506175f91990a25c73848b16649a4b7b03ce405ca7479e8dedf474da8cada49c
SHA512 4de6fa646fa4904e8bcdba9f70086912a5ac3ef4addebfd029ea94193f1af7d67cbfdd2503896c62dfd5388180fa31875a401c09a764a7adbcd749bbef7c076b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6bbc72f9fd5b02973ce0c371cf7188bc
SHA1 1ad0d5a9dd7650361335ba6adcdbc0db55d411bf
SHA256 18df55eef14e551852e02391d73fc68e4320ff2f6c25bfa8ff500e32a6a83945
SHA512 3b350197724572d2f306a279f2c8605d27a120c96c119268b7cd5812f3cce8f0796a21f53d509427e385c226da62afa1d7e4f63e4fefb2127c51c7782c39431a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 361da8aee79c1350bad22c141295953a
SHA1 e167b96f08de6934ba31725be3f139f81d6ef7e2
SHA256 28860e2ab1c96965750ce775fa79a4402bcfb23a045280d87053505b6ff827ac
SHA512 5ebabfeb134858a28f9e8050f0300ccd6f6e553ab647c721a9e40445b6c7d226d9e5234b21da42b4d19832399a4ba0c537d46ea1af55b96730163018d711bdc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81aeecb252f86d2eba0d3c38f3090be5
SHA1 4c078339d28628bfd4ae215e037c1a36d4ef8469
SHA256 fdc5d05b2eb9bf262c0ea625f6b65745d923f63f90efd6fbbfa8814603689b38
SHA512 a1bd172882d29d1434fca6c9193d72597db1511e3f827dda04c4280195a06c9f99ebe17b888c34eebef6de03062d108a7ad3c15d0fff460082073d211eda824d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6e879b5af3d319c8f5de3c1ff373516
SHA1 4565f21910bf786879af4c76bdec0511527ff75e
SHA256 498e951b3dc4963e6b73f8845f18cab5f820e6419c11976248f6e1730e462700
SHA512 f1698cc2f918aead78038760f109b10107ff119e4682f6c8c0baf78f38b31c4d5e3c994f4b2a7e5e91875a5ade0fb2771f5f4cef2da172777c10b23f4c696328

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ffdce816f49686a1afe021e6b971a82
SHA1 1d22dc219f0c18fc0ddfab5c460cf710ff71b96b
SHA256 4f4167e20a4702ff88ab4ac6fb497e24717dbf775477bf08a2d904a56be59882
SHA512 927f7637e3fb918362506843f9a37b8515f707b478ba23c20d96c3547032a46085d1ab7b1e83d7e53e590d6461e549321038ae018bf048477d7368a5c6a3b49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 db45cdd1e0ee250029025cf94302889d
SHA1 4c48b8fdb86ca027ce305e2d7998f3e3ff9d3f66
SHA256 274dcc93a7736cee82a0c205282f02464e32ade1dbb3449c421bad20619bcdc8
SHA512 0b28d80886bf44bc556a064fff86cd3d746c39a30d2e94852dd5f0b6fa7a3ab37a55d452ce9d3f62536d3acc89fc2cbb3b9b4ae73a9b6fe1f5434958a4071986

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 790e0b186e7c05fa1834173f872de92c
SHA1 f5e7919afc44d73f6f6ab012aaa3cb3359f559c6
SHA256 9c0746b8edb3dcdb216e1c4a1dd539cc76fc7b9c57c58ecdb4949c891319a320
SHA512 6be3d481cd61a7626c6e85d201d20c84bcf53a9a395c6cd07dfb246c4ff218b80ef4c8a2c1ce41b1f497b147dc13c875c8abedd6d5c79fc12be8696995a10212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59a6058f4af683dfff3735d296ae4436
SHA1 2640d7017fc5ab2cdc7cbe919dcc6d138230f526
SHA256 b70fbddd52359ab02e114e9941863b8238e873c17ca27b896e8f000a90ef9244
SHA512 5e28eae0b646563a34d5b9d4971730bd44d063cb26df0074362920fa9f1a413f4cb11b91a0c4470e5fccff1c23166d151928d9146bbaddc2995de1a29f00c676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9346ba5cb675e90470de876affcff361
SHA1 65d3e0839c82b23b2506ee614565ce63ddc44fcf
SHA256 2256c00cfa1ad66972ff1621f9ab33be70389dcbf97fc75d6b69a13ac73af583
SHA512 ac0b3a52e0b6bd448c5a5b241bb268a613f1e6e5cb570712452b7c45be8adcfa801d854258693e4c666e07776a799c28017bf4dfff1ecd8566ca864675c6f0bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce3ea4ea5bf523d59c0f69489fe80068
SHA1 423cbe9a7337cadef903a9c12b661403a62b0106
SHA256 da376389b4d204a47dbd7fde95889dbcbe70d9b188d8587493dafb99fdbc66d4
SHA512 176183fa9222bd5f3d40136160a5bb48e0fb8f8a230e013eedbd068100f7e9ccabf2b0d5b6ab4135216a0e10d97be9ddaa80a366245cc0b1ea56999710c5d36d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d04e137ae618937b7d02d1e479c65f3
SHA1 c2f9d5296988f37f03b81d37887551555247e3a6
SHA256 bbf62f7a78c9781487ba71b0b7be60745de7cc211b037782b3c559ffe9251950
SHA512 cba61473483dae8782c36201c88248c881744045fe5388a5ceb4cc335495bfcb0270675c56cc42c5e967bf9d27c5bdb66567a3e14387713f8d35bda8255c0f17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54b889e1300b69f6c179d6e425ba5ea5
SHA1 085076b68ddcbb2e1565a8beaa11e9bb8e089fb1
SHA256 15adc81585878058ce37d1f2cc109efa71c68982e84b8d11d050f41194944895
SHA512 8881ea0d05af0711c3cabe855c9f5773d53a6c57074ff0bfa78e46e8cc133027dcdfef0bb7747d466f3e5322ec48f3aac1a03600c444b36fb863589ebf8c5b1b