bb4a53733f0033eb457acf98da3adcaed09328dbd37dd8991d788ae67187b33d

Analysis

max time kernel
170s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Onelaunch Software.exe
Size

2.9MB
MD5

cdd6433b49575a3a11018af8a079b695
SHA1

b7c82e18b683939dff6891a9e3afe3f97275ed31
SHA256

bb4a53733f0033eb457acf98da3adcaed09328dbd37dd8991d788ae67187b33d
SHA512

e9ec2ffdee94d0b66a7ccd0e01a187bdcc3fbd56d84835b4fb555797008e5891580da7ea1cbee1be38a6625850e23b433105cf6cc5b88d90b98a506a0da41a96
SSDEEP

49152:hqe3f6RzyPE5oZPCpecWcNwDCEjqVX5rIJwI2J5PiH7nBGtY:4SiRzcSeCec/NwWEjgJLTiH7BUY

Score

8^/10

google discovery persistence phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Onelaunch Software.tmpOneLaunch Setup_.tmpchromium.exechromium.exechromium.exeOnelaunch Software.tmponelaunch.exechromium.exechromium.exechromium.exechromium.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	Onelaunch Software.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	OneLaunch Setup_.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	Onelaunch Software.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	onelaunch.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	chromium.exe

Drops startup file 6 IoCs

Processes:

onelaunch.exeOneLaunch Setup_.tmp

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchUpdater.lnk	onelaunch.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunch.lnk	OneLaunch Setup_.tmp
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchChromium.lnk	OneLaunch Setup_.tmp
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchUpdater.lnk	OneLaunch Setup_.tmp
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunch.lnk	onelaunch.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchChromium.lnk	onelaunch.exe

Executes dropped EXE 37 IoCs

Processes:

Onelaunch Software.tmpOnelaunch Software.tmpOneLaunch Setup_.exeOneLaunch Setup_.tmponelaunch.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exeonelaunchtray.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exe

pid	process
1068	Onelaunch Software.tmp
3184	Onelaunch Software.tmp
3772	OneLaunch Setup_.exe
4668	OneLaunch Setup_.tmp
3140	onelaunch.exe
1276	chromium.exe
5072	chromium.exe
1708	chromium.exe
2140	chromium.exe
884	chromium.exe
324	chromium.exe
4700	chromium.exe
3572	chromium.exe
4324	chromium.exe
4920	chromium.exe
4684	chromium.exe
4752	chromium.exe
3856	onelaunchtray.exe
960	chromium.exe
2956	chromium.exe
4888	chromium.exe
4364	chromium.exe
2112	chromium.exe
2328	chromium.exe
3508	chromium.exe
2192	chromium.exe
6116	chromium.exe
4280	chromium.exe
5276	chromium.exe
5508	chromium.exe
5712	chromium.exe
3084	chromium.exe
4812	chromium.exe
2564	chromium.exe
1216	chromium.exe
5572	chromium.exe
1748	chromium.exe

Loads dropped DLL 64 IoCs

Processes:

Onelaunch Software.tmpOnelaunch Software.tmpOneLaunch Setup_.tmpchromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exeonelaunch.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exechromium.exe

pid	process
1068	Onelaunch Software.tmp
1068	Onelaunch Software.tmp
1068	Onelaunch Software.tmp
3184	Onelaunch Software.tmp
4668	OneLaunch Setup_.tmp
4668	OneLaunch Setup_.tmp
4668	OneLaunch Setup_.tmp
1276	chromium.exe
5072	chromium.exe
1708	chromium.exe
1276	chromium.exe
2140	chromium.exe
2140	chromium.exe
884	chromium.exe
2140	chromium.exe
2140	chromium.exe
2140	chromium.exe
2140	chromium.exe
2140	chromium.exe
884	chromium.exe
4700	chromium.exe
324	chromium.exe
324	chromium.exe
4700	chromium.exe
3572	chromium.exe
3572	chromium.exe
4324	chromium.exe
4324	chromium.exe
4920	chromium.exe
4920	chromium.exe
4684	chromium.exe
4684	chromium.exe
4752	chromium.exe
4752	chromium.exe
960	chromium.exe
960	chromium.exe
2956	chromium.exe
2956	chromium.exe
4888	chromium.exe
4888	chromium.exe
4364	chromium.exe
4364	chromium.exe
2112	chromium.exe
2112	chromium.exe
2328	chromium.exe
2328	chromium.exe
3508	chromium.exe
3508	chromium.exe
2192	chromium.exe
2192	chromium.exe
6116	chromium.exe
6116	chromium.exe
3140	onelaunch.exe
4280	chromium.exe
4280	chromium.exe
5276	chromium.exe
5276	chromium.exe
5508	chromium.exe
5508	chromium.exe
5712	chromium.exe
5712	chromium.exe
3084	chromium.exe
4812	chromium.exe
2564	chromium.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

onelaunch.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe\" -ToastActivated"	onelaunch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32	onelaunch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe\" -ToastActivated"	onelaunch.exe

Adds Run key to start application 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chromium.exeOneLaunch Setup_.tmponelaunch.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Windows\CurrentVersion\Run	chromium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_822E9BCF957816ED0183A9A1E348BDB1 = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\chromium\\chromium.exe\" --no-startup-window /prefetch:5"	chromium.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe"	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\ChromiumStartupProxy.exe"	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe /startedFrom=registry"	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\ChromiumStartupProxy.exe --tab-trigger=SystemStart"	onelaunch.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

onelaunch.exeexplorer.exe

description	ioc	process
File opened (read-only)	\??\S:	onelaunch.exe
File opened (read-only)	\??\T:	onelaunch.exe
File opened (read-only)	\??\U:	onelaunch.exe
File opened (read-only)	\??\E:	onelaunch.exe
File opened (read-only)	\??\J:	onelaunch.exe
File opened (read-only)	\??\N:	onelaunch.exe
File opened (read-only)	\??\Q:	onelaunch.exe
File opened (read-only)	\??\R:	onelaunch.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\X:	onelaunch.exe
File opened (read-only)	\??\Z:	onelaunch.exe
File opened (read-only)	\??\I:	onelaunch.exe
File opened (read-only)	\??\K:	onelaunch.exe
File opened (read-only)	\??\O:	onelaunch.exe
File opened (read-only)	\??\P:	onelaunch.exe
File opened (read-only)	\??\W:	onelaunch.exe
File opened (read-only)	\??\A:	onelaunch.exe
File opened (read-only)	\??\H:	onelaunch.exe
File opened (read-only)	\??\V:	onelaunch.exe
File opened (read-only)	\??\Y:	onelaunch.exe
File opened (read-only)	\??\B:	onelaunch.exe
File opened (read-only)	\??\G:	onelaunch.exe
File opened (read-only)	\??\L:	onelaunch.exe
File opened (read-only)	\??\M:	onelaunch.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Detected potential entity reuse from brand google.
phishing google

Drops file in System32 directory 11 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Drops file in Program Files directory 5 IoCs

Processes:

chromium.exe

description	ioc	process
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\sets.json	chromium.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\manifest.json	chromium.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\LICENSE	chromium.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\_metadata\verified_contents.json	chromium.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\manifest.fingerprint	chromium.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4416 4668 WerFault.exe OneLaunch Setup_.tmp
992 4668 WerFault.exe OneLaunch Setup_.tmp

pid	pid_target	process	target process
4416	4668	WerFault.exe	OneLaunch Setup_.tmp
992	4668	WerFault.exe	OneLaunch Setup_.tmp

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chromium.exechromium.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chromium.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chromium.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chromium.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chromium.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chromium.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

2116 taskkill.exe
4892 taskkill.exe
4744 taskkill.exe

pid	process
2116	taskkill.exe
4892	taskkill.exe
4744	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chromium.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chromium.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331924597937932"	chromium.exe

Modifies registry class 64 IoCs

Processes:

onelaunch.exeexplorer.exeOneLaunch Setup_.tmpScreenClippingHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId	onelaunch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe\" -ToastActivated"	onelaunch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\wbappbar	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Application\ApplicationDescription = "Access the Internet"	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Application\AppUserModelId = "OneLaunchHTML"	OneLaunch Setup_.tmp
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Application	OneLaunch Setup_.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\chromium\\chromium.exe,0"	OneLaunch Setup_.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}	onelaunch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\MuiCache	ScreenClippingHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML	OneLaunch Setup_.tmp
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\CustomActivator = "{b1cfdc44-dff4-204c-e500-42a98fc246ba}"	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f7840f05f6481501b109f0800aa002f954e0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Shell\open	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Shell\open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\chromium\\chromium.exe\" -- \"%1\""	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\RunAs = "Interactive User"	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\onelaunch.exe\" -ToastActivated"	onelaunch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\AppId = "{b1cfdc44-dff4-204c-e500-42a98fc246ba}"	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\IconBackgroundColor = "FFDDDDDD"	onelaunch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\Has7.0.1Fix = "1"	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Shell\open\Command	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\\Icon.png"	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\LogicalViewMode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000060000001800000030f125b7ef471a10a5f102608c9eebac0a000000f0000000334b179bff40d211a27e00c04fc3087102000000f0000000334b179bff40d211a27e00c04fc3087103000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000090000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Shell	OneLaunch Setup_.tmp
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}	onelaunch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{2423EB15-A781-6D0C-1225-CCDDCDBAF6BD}\DisplayName = "OneLaunch"	onelaunch.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\FFlags = "18874369"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\Application\ApplicationName = "OneLaunch"	OneLaunch Setup_.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.17.4\\chromium\\chromium.exe,0"	OneLaunch Setup_.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1cfdc44-dff4-204c-e500-42a98fc246ba}\LocalServer32	onelaunch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\Mode = "4"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{D6D9E004-CD87-442B-9D57-5E0AEB4F6F72}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\OneLaunchHTML\DefaultIcon	OneLaunch Setup_.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe

Script User-Agent 9 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	45	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	28	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	39	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	44	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	344	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	403	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	33	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	41	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

onelaunch.exeexplorer.exe

pid process

3140 onelaunch.exe
5712 explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

onelaunch.exechromium.exechromium.exechromium.exeonelaunchtray.exechromium.exechromium.exechromium.exe

pid	process
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
884	chromium.exe
884	chromium.exe
4700	chromium.exe
4700	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
1276	chromium.exe
1276	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3140	onelaunch.exe
5276	chromium.exe
5276	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
5712	chromium.exe
5712	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
5572	chromium.exe
5572	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exeonelaunch.exechromium.exeonelaunchtray.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4744	taskkill.exe
Token: SeDebugPrivilege	2116	taskkill.exe
Token: SeDebugPrivilege	4892	taskkill.exe
Token: SeDebugPrivilege	3140	onelaunch.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	3140	onelaunch.exe
Token: SeCreatePagefilePrivilege	3140	onelaunch.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeDebugPrivilege	3856	onelaunchtray.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: 33	5908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5908	AUDIODG.EXE
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe
Token: SeCreatePagefilePrivilege	1276	chromium.exe
Token: SeShutdownPrivilege	1276	chromium.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Onelaunch Software.tmpOneLaunch Setup_.tmpchromium.exeonelaunchtray.exeonelaunch.exe

pid	process
1068	Onelaunch Software.tmp
4668	OneLaunch Setup_.tmp
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chromium.exeonelaunchtray.exeonelaunch.exe

pid	process
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3856	onelaunchtray.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
1276	chromium.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe
3140	onelaunch.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

onelaunch.exeScreenClippingHost.exeexplorer.exe

pid process

3140 onelaunch.exe
5544 ScreenClippingHost.exe
5712 explorer.exe
5712 explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Onelaunch Software.exeOnelaunch Software.tmpOnelaunch Software.exeOnelaunch Software.tmpOneLaunch Setup_.exeOneLaunch Setup_.tmpchromium.exechromium.exe

description	pid	process	target process
PID 1704 wrote to memory of 1068	1704	Onelaunch Software.exe	Onelaunch Software.tmp
PID 1704 wrote to memory of 1068	1704	Onelaunch Software.exe	Onelaunch Software.tmp
PID 1704 wrote to memory of 1068	1704	Onelaunch Software.exe	Onelaunch Software.tmp
PID 1068 wrote to memory of 3288	1068	Onelaunch Software.tmp	Onelaunch Software.exe
PID 1068 wrote to memory of 3288	1068	Onelaunch Software.tmp	Onelaunch Software.exe
PID 1068 wrote to memory of 3288	1068	Onelaunch Software.tmp	Onelaunch Software.exe
PID 3288 wrote to memory of 3184	3288	Onelaunch Software.exe	Onelaunch Software.tmp
PID 3288 wrote to memory of 3184	3288	Onelaunch Software.exe	Onelaunch Software.tmp
PID 3288 wrote to memory of 3184	3288	Onelaunch Software.exe	Onelaunch Software.tmp
PID 3184 wrote to memory of 3772	3184	Onelaunch Software.tmp	OneLaunch Setup_.exe
PID 3184 wrote to memory of 3772	3184	Onelaunch Software.tmp	OneLaunch Setup_.exe
PID 3184 wrote to memory of 3772	3184	Onelaunch Software.tmp	OneLaunch Setup_.exe
PID 3772 wrote to memory of 4668	3772	OneLaunch Setup_.exe	OneLaunch Setup_.tmp
PID 3772 wrote to memory of 4668	3772	OneLaunch Setup_.exe	OneLaunch Setup_.tmp
PID 3772 wrote to memory of 4668	3772	OneLaunch Setup_.exe	OneLaunch Setup_.tmp
PID 4668 wrote to memory of 4744	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 4744	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 4744	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 2116	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 2116	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 2116	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 4892	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 4892	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 4892	4668	OneLaunch Setup_.tmp	taskkill.exe
PID 4668 wrote to memory of 3408	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3408	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 1464	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 1464	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3172	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3172	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 4700	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 4700	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3712	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3712	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 1184	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 1184	4668	OneLaunch Setup_.tmp	schtasks.exe
PID 4668 wrote to memory of 3140	4668	OneLaunch Setup_.tmp	onelaunch.exe
PID 4668 wrote to memory of 3140	4668	OneLaunch Setup_.tmp	onelaunch.exe
PID 4668 wrote to memory of 1276	4668	OneLaunch Setup_.tmp	chromium.exe
PID 4668 wrote to memory of 1276	4668	OneLaunch Setup_.tmp	chromium.exe
PID 4668 wrote to memory of 1276	4668	OneLaunch Setup_.tmp	chromium.exe
PID 1276 wrote to memory of 5072	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 5072	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 5072	1276	chromium.exe	chromium.exe
PID 5072 wrote to memory of 1708	5072	chromium.exe	chromium.exe
PID 5072 wrote to memory of 1708	5072	chromium.exe	chromium.exe
PID 5072 wrote to memory of 1708	5072	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe
PID 1276 wrote to memory of 2140	1276	chromium.exe	chromium.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe
"C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Local\Temp\is-D03T0.tmp\Onelaunch Software.tmp
"C:\Users\Admin\AppData\Local\Temp\is-D03T0.tmp\Onelaunch Software.tmp" /SL5="$701D4,2173635,893952,C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1068

C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe
"C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe" /PDATA=eyJpbnN0YWxsX3RpbWUiOjE2ODg3MTg3NTksImRpc3RpbmN0X2lkIjoiQTQ2RkIxQkMtOUZDOC00MTRELTk2OUQtMEE0QUYwQzUxMzk3IiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTcuNC4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic3BsaXRfMjJfMTJfbW9yZV9lZHVjYXRpb25hbF9taW5pcHJvbXB0cyI6ImNvbnRyb2wiLCJzcGxpdF8yM18wNl9wcmVwaW5fbGFiZWxsZWRfYW1hem9uX2FwcCI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 /LAUNCHER /VERYSILENT
3⤵
- Suspicious use of WriteProcessMemory
PID:3288

C:\Users\Admin\AppData\Local\Temp\is-FUBGB.tmp\Onelaunch Software.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FUBGB.tmp\Onelaunch Software.tmp" /SL5="$B01C0,2173635,893952,C:\Users\Admin\AppData\Local\Temp\Onelaunch Software.exe" /PDATA=eyJpbnN0YWxsX3RpbWUiOjE2ODg3MTg3NTksImRpc3RpbmN0X2lkIjoiQTQ2RkIxQkMtOUZDOC00MTRELTk2OUQtMEE0QUYwQzUxMzk3IiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTcuNC4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic3BsaXRfMjJfMTJfbW9yZV9lZHVjYXRpb25hbF9taW5pcHJvbXB0cyI6ImNvbnRyb2wiLCJzcGxpdF8yM18wNl9wcmVwaW5fbGFiZWxsZWRfYW1hem9uX2FwcCI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 /LAUNCHER /VERYSILENT
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3184

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_.exe
"C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_.exe" /PDATA=eyJpbnN0YWxsX3RpbWUiOjE2ODg3MTg3NTksImRpc3RpbmN0X2lkIjoiQTQ2RkIxQkMtOUZDOC00MTRELTk2OUQtMEE0QUYwQzUxMzk3IiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTcuNC4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic3BsaXRfMjJfMTJfbW9yZV9lZHVjYXRpb25hbF9taW5pcHJvbXB0cyI6InZhcmlhdGlvbiIsInNwbGl0XzIzXzA2X3ByZXBpbl9sYWJlbGxlZF9hbWF6b25fYXBwIjoiY29udHJvbCIsImVuY29kZWRfc3BsaXRzIjoiMDAwIn0=
5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3772

C:\Users\Admin\AppData\Local\Temp\is-CLA9M.tmp\OneLaunch Setup_.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CLA9M.tmp\OneLaunch Setup_.tmp" /SL5="$800DE,98167063,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_.exe" /PDATA=eyJpbnN0YWxsX3RpbWUiOjE2ODg3MTg3NTksImRpc3RpbmN0X2lkIjoiQTQ2RkIxQkMtOUZDOC00MTRELTk2OUQtMEE0QUYwQzUxMzk3IiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTcuNC4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic3BsaXRfMjJfMTJfbW9yZV9lZHVjYXRpb25hbF9taW5pcHJvbXB0cyI6InZhcmlhdGlvbiIsInNwbGl0XzIzXzA2X3ByZXBpbl9sYWJlbGxlZF9hbWF6b25fYXBwIjoiY29udHJvbCIsImVuY29kZWRfc3BsaXRzIjoiMDAwIn0=
6⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4668

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4744

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im chromium.exe
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2116

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4892

C:\Windows\system32\schtasks.exe
"schtasks" /Delete /TN "OneLaunchLaunchTask" /F
7⤵
PID:3408

C:\Windows\system32\schtasks.exe
"schtasks" /Delete /TN "ChromiumLaunchTask" /F
7⤵
PID:1464

C:\Windows\system32\schtasks.exe
"schtasks" /Delete /TN "OneLaunchUpdateTask" /F
7⤵
PID:3172

C:\Windows\system32\schtasks.exe
"schtasks" /delete /tn OneLaunchLaunchTask /f
7⤵
PID:4700

C:\Windows\system32\schtasks.exe
"schtasks" /delete /tn ChromiumLaunchTask /f
7⤵
PID:3712

C:\Windows\system32\schtasks.exe
"schtasks" /delete /tn OneLaunchUpdateTask /f
7⤵
PID:1184

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunch.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" /l /startedFrom=installer
7⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Adds Run key to start application
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3140

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunchtray.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunchtray.exe"
8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3856

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" https://onenews.com/base/?s=https%3A%2F%2Fsearch.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dreb%26hsimp%3Dyhs-ext_onelaunch%26p%3D%7BsearchTerms%7D%26type%3D0_1000_100_1000_100_230707 --tab-trigger=app
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:3084

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=112.1.0 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x6f70f098,0x6f70f0a8,0x6f70f0b4
9⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4812

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=112.1.0 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x23adb0,0x23adc0,0x23adcc
10⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2564

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2060,i,9066815409170533810,6186111611265398686,131072 /prefetch:2
9⤵
- Executes dropped EXE
PID:1216

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2060,i,9066815409170533810,6186111611265398686,131072 /prefetch:8
9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5572

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C explorer ms-screenclip:
8⤵
PID:4700

C:\Windows\explorer.exe
explorer ms-screenclip:
9⤵
PID:3096

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:RecycleBinFolder
8⤵
PID:1708

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --start-maximized --tab-trigger=Launch
7⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=112.1.0 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x6f70f098,0x6f70f0a8,0x6f70f0b4
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5072

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=112.1.0 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x23adb0,0x23adc0,0x23adcc
9⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1708

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:2
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2140

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:884

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2788 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:324

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4700

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3572

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --instant-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4084 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4324

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3908 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4920

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4684

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4752

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5420 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2112

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:960

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2956

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4888

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4364

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2328

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6236 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3508

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5356 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2192

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5048 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4280

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4904 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6116

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5276

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6220 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5508

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5712

C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe
"C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6756 --field-trial-handle=2192,i,4923405709184072019,1426367344108546214,131072 /prefetch:8
8⤵
- Executes dropped EXE
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 2520
7⤵
- Program crash
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 2520
7⤵
- Program crash
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4668 -ip 4668
1⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4668 -ip 4668
1⤵
PID:3640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5908

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5196

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe" -ServerName:ScreenClipping.AppXyz3w1x599ya8gjvt9jprqjvttt0dxhd7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService
1⤵
PID:5472

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5020

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Enumerates connected drives
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5712

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1276_1240398595\manifest.json

Filesize
85B

MD5
300ecbbb1e8c14f138e7672e7d1aabad

SHA1
0531c7dfa47df4aac293a0f7c60a8ff0512201d5

SHA256
a88a265725c25f167ad962d86cdef0702d990ed000011b711a18de33c5d8052f

SHA512
29eba0730ec442102affe11f98afa5662303681d5a3deed10bcf4d790438f7cf5b1cff8f4dae29ee739baa9235d4ba5b49f04b40a5b2f3d9e6b5d2b167b79b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Microsoft.Toolkit.Uwp.Notifications.dll

Filesize
140KB

MD5
f58e9ca60368433534c420b054b01cd3

SHA1
598b9280153e53c6fff56af80d2c59d087809612

SHA256
51eebdb28f042f6169e3c71cec16d3fa95634c4284a20ed1d4e4d182de5f4bec

SHA512
14e180a029a81c777e2b4e938891de578203ef01ac2f187280e87fc161a2b7de9e36cff5fbd810ff5ca5bbc5cc84bdbce68f120014813c8e5ed17ee200e7f573

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Microsoft.Toolkit.Uwp.Notifications.pdb

Filesize
66KB

MD5
84bbbd6cedafdb016cf09096f873ca08

SHA1
e13d83497fbdfbe2a72bea3f74437d5d282cb819

SHA256
a681f37a656d321b78fbe3dbafe296334c3c57a6966d4dadad6e06af7aa1b200

SHA512
6288df55d4be8fbf9329d29d437cb0b862ef28e1173d63fd080b622eb2f2fde8ba3ae0303d8ddaefdf0897f30225fbcdea0bee68435d47bd73d71e8206ba30fe

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\OneLaunch.exe

Filesize
12.3MB

MD5
4d7146be47468012321a6f3cf513309a

SHA1
48b29456faffe1570b9916107ee88a1106fd38f1

SHA256
cb7af54ba18ffeb3e253adae1ee14d240bba0b8dadf1ef4d42367fc1297c1818

SHA512
3bab2f8778d44e2c2affa903c73e9b5f6cd89bfca5274d742b0f5b50278f4b17afd841b9f8f024ebe52ee3d16b38c8b5561802c95e481c2923d081f7bdb6e423

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\OneLaunch.exe

Filesize
12.3MB

MD5
4d7146be47468012321a6f3cf513309a

SHA1
48b29456faffe1570b9916107ee88a1106fd38f1

SHA256
cb7af54ba18ffeb3e253adae1ee14d240bba0b8dadf1ef4d42367fc1297c1818

SHA512
3bab2f8778d44e2c2affa903c73e9b5f6cd89bfca5274d742b0f5b50278f4b17afd841b9f8f024ebe52ee3d16b38c8b5561802c95e481c2923d081f7bdb6e423

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\ServiceWire.dll

Filesize
90KB

MD5
99b3d7efabd8f3afe78405d3e9ff2d00

SHA1
ff7742716bf3759ecab5547520362e1694786696

SHA256
152558a74c510f529ffa5c9397fdfb37858961371bd23e89219236a14f4ea16a

SHA512
01392be8b1c28ac135b15c700913879e1250a78092adf32443ce77f4b95f942a4451e46123241f43bdc06c14488a7c2f636891fecf1c8fa3ab0bccaa7f53a03f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Unity.Abstractions.dll

Filesize
66KB

MD5
1b066b3cb5d8ca243a8bbd13e11fa596

SHA1
63f9d1c08e011d9aca6bdc6839887d03d38944a8

SHA256
788f516054fa47046514fab1ba81b712fb441814e9745fb46c09d29f6de8a464

SHA512
a35a8881b928057c165be32f637ffafce456c5a23eded2d867847898c37a84fc0db4f1892550eb11d86e89d55123520c0b34626321b756e2fede7974592a0b22

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Unity.Abstractions.pdb

Filesize
26KB

MD5
a4da40c592d3c0a0e293224885a3444f

SHA1
ae1549f5316a9155fd7ea87d93711531d4d8c96e

SHA256
987cb722c4b342d7021bf4aa997c886cd0a4d377684e93c1f3a8f29915630413

SHA512
481973fb1ca599220541c18412b6042de274ffc214d5e245d16df37f707cd3ea1e89cd39c98be903143ddf2d4d0dc706aaedb6362d527dfcda76b0d2ea33f85e

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Unity.Container.dll

Filesize
145KB

MD5
d618cbbbab32121bb8f78ed1de80189a

SHA1
f52efd7e2fbb87c57be0f6a981a527a6a6e9b338

SHA256
033ffdf50a855fd3b42e8950a4707edb2ed0820e37d2c9ee9456af41d22aeb7e

SHA512
607074853bdd4e953906896686b873c0214edee889730ea47ea643173ba2cd9c44ee10006943952d2c60ed2f43414776b7ae38050ca62e0628723fbbd9306e31

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Unity.Container.pdb

Filesize
50KB

MD5
aebba016111759f5a3a0cf7bdfdc704a

SHA1
86f08d8fbb86a6b6f9d1b32498d155e7f2186c88

SHA256
e48615039ce42e73bd402271f38fe0ded7c075f36aed10aa0a3e452ed2ad4b36

SHA512
f0a100e370ea0024bfcecf51d92a2cf8b5da01be3a6fe23d49356146c9f5e70a7836e28e41f092868fa8faea45904fc14005349e43b0c585825a21406135280c

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\Win32Library.dll

Filesize
45KB

MD5
9e63f895d18b3d34f4d07592113230a6

SHA1
27c65a96211e6cba2bf40c87b9dafed61f59ee2c

SHA256
fddc0b23921408bcaa9a5d274ed46b38e27ebe6eedcd699b4f6e518f056a9e44

SHA512
c0b94a441aa4403802018f5a47dac808a5f7cbb45748b3d814b901ab5c48b24346f84f90aeb8119519c78bd3188a05af9ec3ec05d8183947f9069ab4f480bdf2

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\D3DCompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome.dll

Filesize
165.2MB

MD5
fbc8496afef60be353144ba10d0d3f2a

SHA1
a7077577b3980fedf1e92522065d5e1435d72386

SHA256
713fdfe6d03aa5fc4620296c4e86b156b6f20f1ea52dfc46770dcb78f718e868

SHA512
5fc2feaa544f8b3efb7baf09b4040dcf578ae0d14c5a1d2040fd7dfabc142bcf563ab58adb0b70c5e8b633c36dd530b4a067ac3869a9d7b547f05ea6d4ac5181

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome.dll

Filesize
165.2MB

MD5
fbc8496afef60be353144ba10d0d3f2a

SHA1
a7077577b3980fedf1e92522065d5e1435d72386

SHA256
713fdfe6d03aa5fc4620296c4e86b156b6f20f1ea52dfc46770dcb78f718e868

SHA512
5fc2feaa544f8b3efb7baf09b4040dcf578ae0d14c5a1d2040fd7dfabc142bcf563ab58adb0b70c5e8b633c36dd530b4a067ac3869a9d7b547f05ea6d4ac5181

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome.dll

Filesize
165.2MB

MD5
fbc8496afef60be353144ba10d0d3f2a

SHA1
a7077577b3980fedf1e92522065d5e1435d72386

SHA256
713fdfe6d03aa5fc4620296c4e86b156b6f20f1ea52dfc46770dcb78f718e868

SHA512
5fc2feaa544f8b3efb7baf09b4040dcf578ae0d14c5a1d2040fd7dfabc142bcf563ab58adb0b70c5e8b633c36dd530b4a067ac3869a9d7b547f05ea6d4ac5181

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_100_percent.pak

Filesize
597KB

MD5
7cb0c66c8641c297e9615d6043478199

SHA1
58d6c93bb249ea3a99717ddace98702bfffcb12d

SHA256
c92660e7910f4166881fe2bc2cc11af28b0fd70ffd4775d3e7c68c34755efe40

SHA512
2fef0b87cf39efe929af618ae1fc92028bd38a739796f435900a2b36643b47e2b32860c009c0a533fb2e3dc69b94beec3cec799b8a29b366702222c300d1dbf6

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_200_percent.pak

Filesize
898KB

MD5
71bae6b099a751b69e698de539fc6ec3

SHA1
99179eef2a97969a7381bdf7f2f05c7d8384aa86

SHA256
f72876e7cbe4ca1e86d76ab224f7f353769b2dffdb65b9fce238104bdf8a36b3

SHA512
8ebd017a41cfb00a0c124cb373d5bdb1934d94bc7d010847d1c3418c055f9861096b34a584e45ca43d47208a76c0753d8bab5d340ef2b5fcceb9186811aa632f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chrome_elf.dll

Filesize
869KB

MD5
966fdcf3432ef2d3ee9efa636f9578b7

SHA1
891c036e8a01e148e6390fe2bd3a2ebff7c424b0

SHA256
775ed0c35868ae8643f1f5b01c335633191be1ee7e2ad0a4a02cef6dcd13d42c

SHA512
08ca208708e46ce74c991b10440909eaad194d280056ad4b7dc8a5aa4d48629363d80d6cd2bccb43782d1f025f300d2dbdec470120560183ebdcd0b528e9f9bf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium.exe

Filesize
1.9MB

MD5
d8c1b2bbcb21d02cc93f627bedd9edce

SHA1
fa9a40ed69e6f000aee23d29738f242c23620a70

SHA256
a0700a0e96f3ca08a8f1ce872feba0e9a4e3da28cc92f67982fb8a1f659937b1

SHA512
ae482074e66a50c3f3d5b573f25058586815fec32286f33fdd0c5d5f3a543d20d0bd08a2a7f07aab15ffd9bc0a3f2b4ce8e53bc0bb06bb9856028cb505a73546

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium_base_version

Filesize
38B

MD5
defd558db28b0d5a2e6107d41bede1bc

SHA1
07d894babff435abe969c5121b859e1f0688e2f6

SHA256
d5f5b3b772214eedb714cce4c4de4fe9b95bef8be4846ce6d7346e75d210c66f

SHA512
a3c5f2b5e0b005e4f16ff4bc0318a2cf77f4a0093a0f6692ac3149ef6842f0bd8a965f4ff4472f227e9e3999cec5d516c4b1a606d6a78eca0c248555cc74f682

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\chromium_ol_version

Filesize
7B

MD5
af1cf289b6a392e786839c05cf6a2b6b

SHA1
e973252588e8f8cbe7f25ee8036f32280b46756a

SHA256
402e21ebb89d4c033a2c2780133763867578e7ff81fd0e426c1631ad96c86cc1

SHA512
4a0dc89979ba1c070304475f137b6157bd8bdfdd1b1cd50eb0d4d54f32a98d737ce0d6672c9cbe139711b1cd3fdc0d31431b8f05c15fd6e027b3f3d7ca7e3e0a

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\extensions\gcklppdiegejnfnpepkaagjmdneobkgi.crx

Filesize
1.1MB

MD5
383350ae7d36120b7efb84baeabd016d

SHA1
5b4365b465138da1702bb548bc3e20ddf907feb5

SHA256
762dd5d2bc2a62b8fef6e1b630a5734777df596a1a3175ed4d952c6470c5f2d4

SHA512
59cab09ed1bcdc5362c5fcd751bc3c0f3afb25c046c9cadb7458c723b3ea40b2d12fc1c0db8b46b24a7f773c8eee2f2f981d357c7549f3294d3e188cd5d23398

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\libEGL.dll

Filesize
356KB

MD5
6e22ed79d047d404d8ad36a8a9346e1c

SHA1
c4b4d72b7017d6d53e8064edcde2ccd089b3c5fc

SHA256
38a69c4d69b9a688f83242cedd0f7c4f5ca43ce1ec6e658d2ee12f0707e860ab

SHA512
345eb9ae949eb3c39e2d41343c967abc950785af4d19811396611fbf094ebf8e0ee6e766769bd798ae856f1785b6d43b5b3454f871ffbad67e8746541a0f4aff

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\libGLESv2.dll

Filesize
5.5MB

MD5
4e5f1dc5b1865db4e8c2af5b7f0c4493

SHA1
d6fc74d816b3f500cb091c5d7c3b20ce52466adb

SHA256
7aba5b3a079c2d44aaecd67d48c9e756913a9ab3e4ab10833650fece769b26ca

SHA512
3082d9063220c69ded8102c32270aa63578cba03a1497f6bdbfcf7eed5687d166c3cf2ac95a24438f66f4d20f376d5491fc5ef5f40814188f6d6bbeabb35440d

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\libegl.dll

Filesize
356KB

MD5
6e22ed79d047d404d8ad36a8a9346e1c

SHA1
c4b4d72b7017d6d53e8064edcde2ccd089b3c5fc

SHA256
38a69c4d69b9a688f83242cedd0f7c4f5ca43ce1ec6e658d2ee12f0707e860ab

SHA512
345eb9ae949eb3c39e2d41343c967abc950785af4d19811396611fbf094ebf8e0ee6e766769bd798ae856f1785b6d43b5b3454f871ffbad67e8746541a0f4aff

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\libglesv2.dll

Filesize
5.5MB

MD5
4e5f1dc5b1865db4e8c2af5b7f0c4493

SHA1
d6fc74d816b3f500cb091c5d7c3b20ce52466adb

SHA256
7aba5b3a079c2d44aaecd67d48c9e756913a9ab3e4ab10833650fece769b26ca

SHA512
3082d9063220c69ded8102c32270aa63578cba03a1497f6bdbfcf7eed5687d166c3cf2ac95a24438f66f4d20f376d5491fc5ef5f40814188f6d6bbeabb35440d

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\locales\en-US.pak

Filesize
326KB

MD5
1046e9daaaa4989b72e5a7c6ba42f7f1

SHA1
18fb9b4c897eb0102c88de18500e902e7d022306

SHA256
959150f8bde93b60915702ebb93f1dbdd019a9e2a203172b787d74a92b993ffe

SHA512
e7ea151a34b04bb70363fd6b720e8bb1593d526a216fb1f58637e75e75e5ba2f852bd7640e1711f08b9d71043711b2931f1ec3951832482bf6be31dd5434baed

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\master_preferences

Filesize
696B

MD5
d88fd8440976bbbc610760ea4c793a60

SHA1
18d1c03a3ed3834d037a559043ce8ac293e12eb0

SHA256
4551e154a4cac3d46f0aed772d2cd2e7bfbf88fa854ce0d7a3f409db10612071

SHA512
e981e790a26c53052b56c068507a68c25e31bc526560c72222e30138a8715dbc41d5b67157d0ac0fe7d86dc39fcaa80e20692c4bae6140f84d2a2a2f50b7727f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\resources.pak

Filesize
7.3MB

MD5
6c621d00ab3dfa7ed042d963813d89e4

SHA1
78819f26940ed0c2d1cdbee7ed9ff7b42eed232e

SHA256
508221fb3f14cdc2487d91fd0935656c3cf57c0f801534dd95aad6bc3cc2e60a

SHA512
54b498c047ffe5820563e56440235666cea557e70c6cab3eca640768c8fc8ce98425963d23c48a9c10fefb4b3e7784443c54141bb26976c8024ebae740b1db4c

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\vulkan-1.dll

Filesize
763KB

MD5
01054e05700de22f4697f5d510daa0f4

SHA1
57f3940a6534f897495f98843d0873018aed936e

SHA256
065d0501f55d4c9388b8a59328e7f4a89ed36cc017a0387c99a17f37dc982d50

SHA512
f22d8cbcc9fe04888a6d4c7655bce0b3c7700bbf90482a3c18372e46948958bbf6315f459de19a99f93808e7d261cc90e485f8f5c16885f3ba9087f150466f5f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\chromium\vulkan-1.dll

Filesize
763KB

MD5
01054e05700de22f4697f5d510daa0f4

SHA1
57f3940a6534f897495f98843d0873018aed936e

SHA256
065d0501f55d4c9388b8a59328e7f4a89ed36cc017a0387c99a17f37dc982d50

SHA512
f22d8cbcc9fe04888a6d4c7655bce0b3c7700bbf90482a3c18372e46948958bbf6315f459de19a99f93808e7d261cc90e485f8f5c16885f3ba9087f150466f5f

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\common.dll

Filesize
413KB

MD5
a11f6b9f27f7f68c2cca4946bf509ae6

SHA1
959eed633d2f0e9d6c5620dae9e26f9c424e0e69

SHA256
10c5257246e4d71ae905233447dff062019c293558e85e8d97ed03187449cd8e

SHA512
6aadb44abe209759ffe342bcd0d70f89c285eaf98335d770038999439b4532c8ed5b880da48c90583b7f2d758c0d85f7995be6b66014e2f2d65527e89f18a311

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\log4net.dll

Filesize
264KB

MD5
5c1c94140a2f815f64117dbb63a4477a

SHA1
9a79e9c6325e20e5c10e654908d6fd923a25229b

SHA256
55b2fe686bc8f739ce845d1689fd08cbca20381c8e0d2417185d1a0018d8a938

SHA512
502e77236418afac1d9a15d9840b3b6872440f8a1601706e7a4b0e98a62d0de70c3acd192d53d5c29994d1e088fab07c7e299ab7f6b3232a858cc8782d283084

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunch.exe

Filesize
12.3MB

MD5
4d7146be47468012321a6f3cf513309a

SHA1
48b29456faffe1570b9916107ee88a1106fd38f1

SHA256
cb7af54ba18ffeb3e253adae1ee14d240bba0b8dadf1ef4d42367fc1297c1818

SHA512
3bab2f8778d44e2c2affa903c73e9b5f6cd89bfca5274d742b0f5b50278f4b17afd841b9f8f024ebe52ee3d16b38c8b5561802c95e481c2923d081f7bdb6e423

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\5.17.4\onelaunch.exe.config

Filesize
5KB

MD5
2722a3de42a1d0ef4089459da2cb3596

SHA1
a3b2a985eff4f694bfb4936fcf8ee8904e3b6917

SHA256
f9d49daf8e030400897c673abe22e7b4d4e38c7411b2aa2dd990de27643c6f21

SHA512
b50f4ac22281092a505d49deea50d50a6ba476f2c78db5d632e4afd8fab7246bac812a166adf5f6fa287c94e325cdf49ffcbd6d8b19bfedf97a716a4f0cfd816

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4d2220950d9eaea29a1994e023c452ab

SHA1
4d3c9f0b599cbea563886799046e2129f88eaabc

SHA256
c7abc3de35706ef5a2248fd52e517d06bc22f49a52252b9badfeb7aac7104712

SHA512
0defb590245daf61bee998c8626758ab4950aadff04429d01b9e0575a91f766834da089a6aa7fde52335f3353da072d3298c0c52204df18487b9acd9718fc1ba

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
1024KB

MD5
b9c625418fdf5ef3059bd7d5e88bc644

SHA1
08de10ee2a6c2fb771a5b3b1495c5adce098154d

SHA256
e5d81aa39e5f6d6f65b19e58892e1690720282a9c3c4df6f6b28399ddd444155

SHA512
4f08b9bd8b4704e57ba5c1a40062f20a51027ea8b3ac486d4230b79d6f7f748aaa7896a0b6ce038d4991eededaf3e9ea42a950347aac7b46866931381969dfb9

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
481KB

MD5
d6ba360510903874af697f2314ddd579

SHA1
85a3d321785e1fb5c54ebea1d19589a293b3313d

SHA256
2f366cf73d36f765d8f5fd4905861c683747d37637d2dbcbcd9295565ef697f3

SHA512
788e0be46bd21c99e63a1e39e8a6a26322b16bb6903a2d74093f0de36bf0a4dce5a46c5068f6260893e80fd149d54f581de8fb5d21951bef9457586dc47cca3c

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b271b5445834b91db9d1296acf7a861

SHA1
9223e8a03e8f8ff82bd18e179a37b478cfbb7755

SHA256
d7b412b0808f77c376e414d10e6c6a91084c3b4de9db1f133de079f5c323660c

SHA512
9aab63309d0c15d62f7958d02d13d48bc198962fad8b36474f45ad202fc217b659de0547f59ec55a03cdaf5965edbea659e4d30e8535190499dc2f012b07b4da

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59f776.TMP

Filesize
48B

MD5
b83256d261701ba872fad6f49b36a220

SHA1
51b00b9f9877eba124c5b8f7c2fb3ccba6fa8fd8

SHA256
f3d6646c1f4f2541993bbc39feb34ead649bd204b384c70a6051c928668c064d

SHA512
f7779214b54d3058b5a9a85f68c06b0ae836326fc9c9debe21889eb1363c5e1f1ce9bf73245a7685758eaa89acfebcfce020214b91788bb3f65bedf4ac7d8dcd

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1276_672737430\CRX_INSTALL\background.js

Filesize
3KB

MD5
5e054a8fe477486662d086cab2809926

SHA1
5c02539a4beb402999b16da6b6e3a95ce8ce5d3c

SHA256
cc46b2e1d063b038718d693d09f10d7f054aab1f7948636e71b2fb8cf1940355

SHA512
b7387d516dccf6712dd8eb202e6c91c1df6538d800a5cbc057ffab8190a65e22cbd63f30d14c2da3f4e60b48c0e433df7ceb29e7f48c9c3437d7f5666aec9c84

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1276_672737430\CRX_INSTALL\bookmark.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1276_672737430\CRX_INSTALL\manifest.json

Filesize
732B

MD5
dbf6f89cdf3ee6dc4e0b6fdab030b71b

SHA1
82765ec030a152ffbc7851bfe1437f7f8ccda67d

SHA256
d4af5fec9580dae80a846362354028b6021cddc0a80d5e335a4eadc5ae2fa2dc

SHA512
b419f95ae0abf536bb5fb28fb9753f75271b00e25d07a4db7e6fcd12e163eed4ecfa0f8d08e00c57abff7f2c02577e994a682e420e020acea952ec3ae70835d0

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\devLog.fc48ebad.js

Filesize
74B

MD5
9db618256c16923d4be2d163196b028d

SHA1
adfa216df1a5e9eb88fdd755b335c393bf0fd7a0

SHA256
1e88e611c49a97f75e2a4c17a06448b4e7cced3f94139181c9641226a6c10b28

SHA512
ce184074527b8ce85181c045eb0af2787f5a5f66448d8ddf4a6db1a92a1cf1d8ad7b85883398d0eeeb8e79a2e3f51ef9b33286379de0308686a08dc6121489b7

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\directToMerchantOnboardingService.4d58e5e4.js

Filesize
2KB

MD5
0e394aa21637d49b1ef3fa330b3c6824

SHA1
e1036eacebee448e5a54193626a4a6b74e23bf40

SHA256
71041e19472c9d5cd9e914d2d613eaf281bb1ac660b3f5ecd20ca8f97f005ba3

SHA512
e207b43120e24de398e7878abe3d2d8a947fcf9590cc8b223f1c16abb85339bdb9af7a08fb39761b3f796a65be913623aef1afe2ed6196d49e8adc528230c084

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\index.0a1d9bc1.js

Filesize
45KB

MD5
a9881409aa51da613775f3413ff5165c

SHA1
6f6f016a330bc9c152839f839aa2b785ab44e01d

SHA256
4f291e9a648c109b78669cd878f8e6b5e32333b10a3d73a7c19df2ff8e03fccb

SHA512
58b035189bb35f6819343cab6e28d23155e90fb47eed930d158fb43398c47348f9062bb92e0a6681e3983849ea2c485385f21f63dfc7e5e97f46657fc3cc6798

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\loyaltyOfferService.4f4dbe5f.js

Filesize
15KB

MD5
e4a9f2b0e51084e81ca6c0b658277ee5

SHA1
45a86f5b7741339efde55e55c9765c6e9b65525f

SHA256
18c195435be4e22778f0f1c52f5a63f926d12a9d6b8c8323e10ebb299f275f07

SHA512
f734589bd7b6a0d0249fcc33b8f905ab1ee48ca1ceca6aa1ae79292f0b538e815455b7a4617186194ae079aa2531f98db470f3f0e23cdeddb419bc86c6531ba9

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\popupInitializer.ee567670.js

Filesize
824KB

MD5
68f1d1b16ed68737147103e509a2e4f5

SHA1
1a5880149ee4c86f2cd43b1d07d170b1c9476eda

SHA256
eb2ead8ce52358f547bdbd4f737f27cdea65078b9d8746a0f73eb3596a765af2

SHA512
775084ff48e7d6ed71ac0e793a2b932f99685fc615664b2b0ecf56f621d1fc70362d09da15f445dc033cea973d7b0447a79a73f969c43bc95ffd568e45f1fe03

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\src\background\index.c3470784.js

Filesize
56KB

MD5
1bcb87bfe1672dd9d5b6d2ec4bdd1440

SHA1
7af255523505b9e6c0cf373484127c4401861b1b

SHA256
e51b2907b1e86b1c58ade11475a6eb1ee1454f0c524cd8e6102ab5fc76d0b5c4

SHA512
0ef4fdcb8e038d75fe271bd60f57cc92dc1e00a4acec13bca416001ffd305561cf3ebc6ef0bfb3a9a2cc4946706e893b072bf9c0a66e1e3fce18813f26a72587

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\16.png

Filesize
469B

MD5
f7964407d8460444ac479a39866b8291

SHA1
1f07f558e639f507ef5c0a3d15c5567f43ce09e7

SHA256
1206d28eb2995f94cfdc64db6837704999b16a68536b097bdc2a7b2c6ec27f26

SHA512
b063f81ee01787bf27b7ce3078d0d620e2ba52dbfdfbd43ed9929722ce7e27abca3df63370b9778d5d1ee5400b7d83b1cbcacc8369dcc329bfcd17cef82bee82

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\16.png

Filesize
281B

MD5
e9bd81b06e20c5d05aeac790c732f77d

SHA1
cdb7484d2f7c4a4ce354c3a42e5356a5124157d6

SHA256
b9c0d50fa39d97ae1d26d89f20c6da8309e0ad060c89c5a9c600c12213a54449

SHA512
1dad56a3c56170e5d2c7b3d688be6b6f8e498951578c54a68a00f3aedeaf5dc047573443391397221c9f0cd662909eb189543303bf6ba998f76750a61ff14753

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\19.png

Filesize
336B

MD5
ac164fe8d95aab9ef6c9aaf862e8f2d6

SHA1
dd8fa00ec5ff4caccd74329b5d61b313974d8167

SHA256
28a2d5edc6fd51c7274b75b465649f15316bfd3f5e47fe955de262a93ca1dd86

SHA512
2de6700a9e68dd7bc386d1c15ebcc3624b6e32d3dc16d624b87b6e0664ada8c330f6eab5cfd3307bbd0f8d32255ee5734d14e48164cc9b8014a422bbc8ef1255

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\32.png

Filesize
449B

MD5
2f3fcb68a97b28572ea5a6f6036e9d2d

SHA1
1f40c0e5ca228895f5251b318840089390a92109

SHA256
95477dfa9523aeeb6c54b99e05b2e77aebd169707ff4870d7a88312c3c9db472

SHA512
28ee5356d0b08749d4ed5df9d2baac0bff7570f6a4f3ccf117481879a549cd63cd33d9371ca769e79c00fe2f050bd027fb1df71502916f55dbb90315603e4b13

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\38.png

Filesize
521B

MD5
6963ca5b2b2d542066627aba5a524ba1

SHA1
ba505166df7dbd99eca91b369fee3ebcafe27e61

SHA256
c214904497572f7d19b1a9745d8e90a398098a86a8116c4db7f6bb430cd0da21

SHA512
3207e96f545477fa9106c212d96646921bd3505851e1323f4c283ea0ed964e961beb2dc04f920b76270326964cee8391ccac2d8b23f5c94762b719c0958a7131

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\manifest.json

Filesize
5KB

MD5
bd71d16d73d457de9c55312b53458b5b

SHA1
c99af7188e136fdc6fc59144e77ff21df0cc8d0c

SHA256
7189850ed2f8e830153634e7fc936d5ab3f0eed9a5d1408c57ee750d07f4829d

SHA512
a4bba3c470c7306035fc2c14352fb37a6a9dd80bb0b11c9a936bf9c4bfe6317270512f7626d3ee480e4f9f4ad272b6c4a58845fb792b0cd714eaecb8ab3b3ccb

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\serviceWorker.js

Filesize
50B

MD5
02bc07d152eacaffe4a31e667d9fbd0e

SHA1
f22c58599db466522eb70606fd9187bd59cd6b01

SHA256
85c8d0928c6ba30ea4ee87f5f39e001876acab70acd155e16d088f3a56878e97

SHA512
0eea4cde4b673a42926e6601741205637869593d3ed9dc65b3f6a40f2ac61c3b9391cd7b0f75036a1e091eee4a3ed0c73e2cd2f9cffd2ba973c76a92c880842a

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\src\contentScript\slickdealsWorldStart\index.js

Filesize
35B

MD5
4ccc13ba0eaa600938bcaf8d673134e2

SHA1
2d34a38435f2f014f99b345cbe7e7fa568a28d17

SHA256
fd2de0e6a6d5c30d33b0778ab1aab323b56f40cf788f298d03477e693694a189

SHA512
26a2adf768c410dd88f75597be01a77e95583fab142f433d7d66030bc8b46efbbf07075dbd10eeb599fa1c03a4ee7b8aafd9c41166192134a439b6a68f82ac9b

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
26f66e9c29d5090ee2e57da8b9ec6c83

SHA1
c5af5762e000092c7403b025d9425dfba8f59042

SHA256
d5ea6acf0c9a564fecf884d2ec210c1be1d6cc49efba2f6ab64ec123fad47d9f

SHA512
69f45c0ce7e560725831107f1616ae45a708b2fd6eef8fbc7d6c1e53f61bcc6703f41073d3d708332f91fba0b2e59f206bcc6cd8721d934a216d8ff235833d97

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State~RFe5a5cb8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7c815cecc1883aba83051c7286ae1d6c

SHA1
5ccc1762ea8782a528e5b66ce20889224aa9c2ee

SHA256
92a48946d9e227b3fc2f719deb66a17edeb4f0de283ae454976e7201b0c98310

SHA512
93a7a1be88738a94af2de8d57b937c077254c1a3a1f7dabc274c253019b10b0066e3a684419b0faf2b34ea6799ac43b5e9d72fe7c277bd09e671b0c2a7aaaad9

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity~RFe59ab79.TMP

Filesize
1KB

MD5
6033128b71c8232b33af01508fb36050

SHA1
832802189e5a53f78345c8e14ba4e2a123e64ede

SHA256
3340b565177e8d4b4149dea08cb68f01d96c2cc4bc7bc1005b040a84460d4764

SHA512
63950e52f90f5af2bc5a2b67d92a300225104d22bf859829db5852d105d34a1a5b2d944570c504c28779827ece69659df35dedda5b1e640f36b00c477e8dde98

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

Filesize
6KB

MD5
2b4124ec28db71cd50e556e08b605f73

SHA1
303abac33ddcfabda09e4fb3a34a11b4ba5cf0a7

SHA256
9be6022ace9320bd8f779fd8c1a121bd2963132074b1400b4b21434de3eaec49

SHA512
5c7af646817ea1b80c3286628c6a6e8a39e43deb5d63489263a29e211135056befd8746f963b07981beaddaeda1bd7063e4d8b333f8559a059b388630944a7ce

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

Filesize
6KB

MD5
a45ac037da243b102448122d95e44c1d

SHA1
88be97d27c1d0645b144b5d5bd18923f56911cff

SHA256
ba03973bb5159755567642ffa38061e480be1262aaaee4b96d4dcf8610e19edd

SHA512
c1de62ce58b3d357fef3f2628b613a561c0d8d8fd2fb8e26e2aebd079298880b6fe4dad0a556f0243c051f65f4b913711f3f176d965e67c42395baca373ee6d6

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

Filesize
7KB

MD5
ae79c4601079689d6ea54f4ef037998e

SHA1
4ad137a96fef79969fcfd0d2106c9d50c5ef128f

SHA256
4203ef04ae829ece76d6aee17eebf624d2070334e6446bd95f3a37f79fbe0f08

SHA512
d4a571fd99d8f2cf0c36fd88244112ab249dea40305a1c886baed88e82edd5b0ef4b352e5346b960a3478993a2db698999bdba64e75bb8129c7fe9f9de205024

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

Filesize
7KB

MD5
9aea3c21e9f56ca152af1e18d110cd9e

SHA1
6d8dcd73726b200798a68463d0fef374a299ad07

SHA256
b35d2592ef1b0122f858107fa99bcc5e465680f31f6aa98098df377a5d558e61

SHA512
8417ca13bf9210f414811347d11bde95dd77eba643a108d6197cdeafa825ddc767a1adc27071c7c003b34837f22d1ff3eb40af8de20b7a76bc734a7c1b5cb8a4

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences~RFe594a8c.TMP

Filesize
2KB

MD5
f18ed728b8ef2fb0d5d32b3f3fb06b49

SHA1
0f294953a81f93d8add49eeb32f87feb50ea1844

SHA256
9c1bdab9492e8a27bc1d3a7be9d3520ebb1bcacfcc03596ad93a02107c4d9b2a

SHA512
9fa12b66418f2f1ab139fd5bfe58b54f18df6b38d726b3b7a1ff9165b6170f67a030032e5c196af42e1b71a86c5b462f7b9b3506f687db508f72867fb95ccdfd

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

Filesize
13KB

MD5
20374cf22edee3fa09aae02061148262

SHA1
9f94b723f414cc1b2f14dd472707aab277a11baa

SHA256
ab25c799e20852d3ebd5932b696ff3ecfe9273cbcefd3bca0f8837350bab6dc6

SHA512
7e7f6e5c6886d43553d9186fda2ce8f060683cd268e3e6b3eff7760be91e1e91414bb85c12875ca31b6135ebde3b4187896638fe79067df9f06d7486cb0280c3

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

Filesize
13KB

MD5
f53248198a3ec266496ace52c1184725

SHA1
bae546b18a8de4f7892c6e1d5c0ab86cfb80843e

SHA256
2e0d6cdfb9ebcc60e3c920e828e8a47c4ed6c887334c7eceafb978c7bd622654

SHA512
19deb09c63ed7fbfd11e76cc7d2a202175eaa65099b6b3d3c21bcaa0b01f0350df6ef36c071d393dbf6f057fe086496fa8c56efbcec61a02c4ba0260ebef1b0c

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences~RFe598e2d.TMP

Filesize
5KB

MD5
7b43f43f00ba83dfb48ddb8d1744798f

SHA1
f9445996a6963ac1ea58069823db92fbfd7e183b

SHA256
0db3c071b7c1aec62623397206582d3b0c11c234a82aed4e44e3150e5b5c6dda

SHA512
550384bef451acef04ec9ae08e00e1f1968bdfcaf10ce36e2276cde45493bff7b8400a03fc7dc05774c4f6427b1fae555e958e35fece27dd644eaf8bc1fe1390

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
a0e1d15430c87e05ba81a91f0032254f

SHA1
afa67e381b424f0f7f8b9f9572ad3c8fb59e5f1a

SHA256
60f0b4e335b4ebadfdc3e409c7b4a17d3f4d79b8ab64a72d79d0dad080e51891

SHA512
9202b1b96778e4b7dd052a26dd6331656bbb864e5dda26cbd263f3bdf05384caab6341285b32fa30d28955d1ec2fb779c4e19523194d1ed1c51ed3487632654e

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59cc4f.TMP

Filesize
72B

MD5
d991bdc6d99361e596f9f3b6940661ca

SHA1
0f4334e74b1c1b9df44f9e1b675763252b2ee135

SHA256
435c11e70285e645678ec862d15c736048a2991dbc53ad8c0515e6f55da7ab3f

SHA512
757f41250e9e800531ba04076ca10a479193067469d6e630efbbe0a41b46281404b4709c64b631c09496421bc65c2a39b6852f3ac6d2602c8086c1a81ebe9aab

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\ee14d005-02e0-4073-8019-39950cb723c8.tmp

Filesize
182KB

MD5
a3521925004fbbbec5a0818595eadeb4

SHA1
f59ad7f16254402c91d2c83b3307f9d4ee0b1f86

SHA256
2361a312323d45991cef2ab16c8674c775e196e241c4b42ad0506c481b1b2022

SHA512
78aee5267af2084fe839d774b8b0fa0a55008652f039ced988d7c29f35a4ae924efe5384478a25d41d7255d5f76eac3608229ccbec4516c2a73cfc60a478b24e

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

Filesize
2KB

MD5
2361b8ed2e85063696d45f143ab5032a

SHA1
5260a3dd0c4262bbdd22f8525181b58085dee6f2

SHA256
402585e120c091496e31252ca2af68b0d078ea72d9d9d0f69cac8e4809de23a6

SHA512
eecc966204fdab5f52af39cd1836648474bf4a28c8f28977bd4367ed90d30e6946ae93cab0c9f119c571b36e0a2d5c16ee914bc7e71a1cfb5c34d04904ceb3df

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

Filesize
2KB

MD5
9fe105154a6ce049c2e7f957333a6c5b

SHA1
e0b2022fb92a132984134e25375ec3444081a139

SHA256
ab694a6a11f9e273ef2b3e04830f48ba498788eb2a53400dd4e8bf42ca0c61b3

SHA512
6299555061c0df62b9f463e0e6b906d018d16ee0c38ea3c50251e206836ce4b4fd4f76e6c4fcca39c8f07820e5ee9004efe7294011e947f275bd7de42894c456

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

Filesize
2KB

MD5
c09f95f4b2cdf5695ff2d42ccfd10276

SHA1
1e927f19608a7425e55043b2302c44afd864bf1f

SHA256
2e73c331c5a59f493b84866af09199ba7c490c1d0853fc24ee641f79a5648711

SHA512
579485fae297ac8bd48c81b91c1aba3415217f8ea54d85c2abd36e3c6cdfe08976c4b3cad97eb3e8dd3adbb2784f079c2e44d42364a2ef7eae0189cfe9da4fba

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

Filesize
2KB

MD5
3ff8baef2b9c0a398af6771270fe1f22

SHA1
2471cb66c39dfcb648bac026dcd78e655d7a68ee

SHA256
abb0dbefbc25a0aa977e54ba70ac0f4e86e2eee2049e23d91bff792dea833830

SHA512
f7007b85f01c54e52c687c36004a80cdd4d3d44e2db164f73b76aebea1ef7e735df7c018ab7f226d44c223b4f4bf89d2827c971d06249f3f405b9dd96390de4a

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

Filesize
2KB

MD5
84e117e5face6c368a275e31d93972d6

SHA1
7dc5e2c64ee12933cdc8f75d20ff7a8b4d2d29f9

SHA256
884bbb8c28f485747baacdac6eab5ca770f1cf7d0935e6df1c7355118195a1f0

SHA512
5f934a36036703a52aa198e4705da9b4618ae599584db1e4243263823f2a9ce4d206355132524873d42eea78dbadb61189a2467cc1e9ee6a34617ee4b6dd4bcf

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State~RFe594a4e.TMP

Filesize
912B

MD5
f4f82d0a004ec34e028f1035f73a93be

SHA1
38e3979bb609dc4789fd9b195e5a9170139517de

SHA256
dcd05fbcaf0cafd900b70c0c9b03ccf8696b567bffc1570f628e9b02d155d89c

SHA512
821865609bdc3ba78b84d9d152e843e073602afce40cef1ff4d94e3240466d3e08ac7ccf6868be1c69feca3b4de4b765cb3fcf2f5b6527043ae60fe4b597f42d

Download Submit
C:\Users\Admin\AppData\Local\OneLaunch\profile.ico

Filesize
103KB

MD5
356eec593042b036aaa795c9e9ca1908

SHA1
00315b6dd2f71a04aa5cc07f40749fb2dd9843cf

SHA256
9754c0e0dbae336dd5041c2a48aab3b9a3d57bb9cce0a169725e250d4ce31a99

SHA512
ecc98c17b5486c9c7f5ebfbee160bd45440c1edef48d4e3cc6cdb7cbfa79185b09a62659e4416332a61b24f0b3fb49a396e2ca5789fa6ce3f18a5e0ea7c6031e

Download Submit
C:\Users\Admin\AppData\Local\Temp\6381DC0.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\6381E32.tmp

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

Filesize
94.5MB

MD5
6d285b84c69ec7e7560079f5a0a8a30f

SHA1
53627a97ef072564829d41a1ab6519663d22ed66

SHA256
be62411d7b453f45940b9490ee0b80bfd93160cf45734f699b6218460bb9101f

SHA512
59873eecad9c9149dfe9b93357e415600d481969ca40bd8b37438072332c7c89dc5759ebef19b50d08101b50cd3758d66b8210bc67b9152341d5b3d3deb9967c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

Filesize
94.5MB

MD5
6d285b84c69ec7e7560079f5a0a8a30f

SHA1
53627a97ef072564829d41a1ab6519663d22ed66

SHA256
be62411d7b453f45940b9490ee0b80bfd93160cf45734f699b6218460bb9101f

SHA512
59873eecad9c9149dfe9b93357e415600d481969ca40bd8b37438072332c7c89dc5759ebef19b50d08101b50cd3758d66b8210bc67b9152341d5b3d3deb9967c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_.exe

Filesize
94.5MB

MD5
6d285b84c69ec7e7560079f5a0a8a30f

SHA1
53627a97ef072564829d41a1ab6519663d22ed66

SHA256
be62411d7b453f45940b9490ee0b80bfd93160cf45734f699b6218460bb9101f

SHA512
59873eecad9c9149dfe9b93357e415600d481969ca40bd8b37438072332c7c89dc5759ebef19b50d08101b50cd3758d66b8210bc67b9152341d5b3d3deb9967c

Download Submit
C:\Users\Admin\AppData\Local\Temp\b1f14063-7c61-4ad6-bc72-4fb8d63cfa53.tmp

Filesize
2KB

MD5
034ce0c40d7bcefb3e6b5bdf3480bce7

SHA1
3b19e399d7b2cbd4f3b8a7dd17d8b4a3af839e53

SHA256
93def3fa90190d2434bd74843575f4cccb634ba8481dfba5520815e01cf2325f

SHA512
9304cc186fee44ea84759530be33da9f45d702878823fc5c64e15bb39fa28c3be0a942593e9e43bdf2af9376bb2fa7717b942aa494dbc345a6e00c3362b21061

Download Submit
C:\Users\Admin\AppData\Local\Temp\e6efe998-0db1-49bf-becd-9806f404ce90.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-40TM8.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CLA9M.tmp\OneLaunch Setup_.tmp

Filesize
3.0MB

MD5
46af77b61e829d5037ba657cea94d50a

SHA1
2872c94df0e7abddb94a5c7c1822492b09eeeb65

SHA256
a4d525be5f7e6e7f60e31a2227dadf16d43f5510bb17625bda76868279751099

SHA512
4232d98a32008aae1cea8b235bbb9fd9908d78f98617228e45c90ef719d210de9c0880aec41e220d9c504b1ae63dbe97967e54bbbcfa36e2ed73ede323ba9069

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CLA9M.tmp\OneLaunch Setup_.tmp

Filesize
3.0MB

MD5
46af77b61e829d5037ba657cea94d50a

SHA1
2872c94df0e7abddb94a5c7c1822492b09eeeb65

SHA256
a4d525be5f7e6e7f60e31a2227dadf16d43f5510bb17625bda76868279751099

SHA512
4232d98a32008aae1cea8b235bbb9fd9908d78f98617228e45c90ef719d210de9c0880aec41e220d9c504b1ae63dbe97967e54bbbcfa36e2ed73ede323ba9069

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D03T0.tmp\Onelaunch Software.tmp

Filesize
3.0MB

MD5
9b5632f007c8167a3b00da0650890656

SHA1
fa58306fc2dc2a6be63501625e96570979560582

SHA256
4f97a90004773cb627a9cbb39cff5c2c43262d04b7f9f88572b81ad041ed48a4

SHA512
0ec72d4dd1d188bf7a717d1fb8fd087c16cd0c93fc2d78bc16bce625dc615710f2c6074b54d8f1f0f0b4b9a1042c3ab47482ed16a5c4bd038f62bfe5a2c6fa21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D03T0.tmp\Onelaunch Software.tmp

Filesize
3.0MB

MD5
9b5632f007c8167a3b00da0650890656

SHA1
fa58306fc2dc2a6be63501625e96570979560582

SHA256
4f97a90004773cb627a9cbb39cff5c2c43262d04b7f9f88572b81ad041ed48a4

SHA512
0ec72d4dd1d188bf7a717d1fb8fd087c16cd0c93fc2d78bc16bce625dc615710f2c6074b54d8f1f0f0b4b9a1042c3ab47482ed16a5c4bd038f62bfe5a2c6fa21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FUBGB.tmp\Onelaunch Software.tmp

Filesize
3.0MB

MD5
9b5632f007c8167a3b00da0650890656

SHA1
fa58306fc2dc2a6be63501625e96570979560582

SHA256
4f97a90004773cb627a9cbb39cff5c2c43262d04b7f9f88572b81ad041ed48a4

SHA512
0ec72d4dd1d188bf7a717d1fb8fd087c16cd0c93fc2d78bc16bce625dc615710f2c6074b54d8f1f0f0b4b9a1042c3ab47482ed16a5c4bd038f62bfe5a2c6fa21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FUBGB.tmp\Onelaunch Software.tmp

Filesize
3.0MB

MD5
9b5632f007c8167a3b00da0650890656

SHA1
fa58306fc2dc2a6be63501625e96570979560582

SHA256
4f97a90004773cb627a9cbb39cff5c2c43262d04b7f9f88572b81ad041ed48a4

SHA512
0ec72d4dd1d188bf7a717d1fb8fd087c16cd0c93fc2d78bc16bce625dc615710f2c6074b54d8f1f0f0b4b9a1042c3ab47482ed16a5c4bd038f62bfe5a2c6fa21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\button-10-light.png

Filesize
1KB

MD5
a879852024bf6de33c3bb293704e6fe5

SHA1
8487af86f572f80d18720157906c6b74de2a52a8

SHA256
a45a7bf12d8e17d5b05c81cc3bd5ee5e9299b9b522e4b883ed00808635d99bba

SHA512
34666447f27f4355f991b66e4781738400619a4553415060c2c0dde59198b797999be4f24734ee04fa3c1c6dd3b4eb26ba48c361cd891855b30eed7586d521a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\checkmark-10-light.png

Filesize
363B

MD5
a4d4dc66a41d9c3b54a2ed3ee8d4b3df

SHA1
e91a5e7a6690c14c6f799e2433beb2f6388c4df6

SHA256
46e9c171e2115cd43e5d05f6a5f6015b27bda065fbab939916fee2fd5c06d5a4

SHA512
99d5425aa653b93d0b6065020f88c095c39d982fb20a0ed0078418e8e862a104b4f0392791c79d2df86410a0ba5ba60e644852943a9fc602f7eaf82fecaaefd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\exit-10-light.png

Filesize
6KB

MD5
2cce6763f61dddb4599cb058d6761c56

SHA1
40bb1a5e735e52791c7c3f0a22ca4a63ec9a3737

SHA256
0fc8e40a3b0e7a516e108dc0f3267dcccb4de04d28a21eb68a45a8ac1bb9df8f

SHA512
bda0d42e1a844b2a9608816b07160ee42e1f4c8705d820cadf5cd5e714b7c9fb0c6e066db04b74d573a1f8f435324d807634648c348d5e456a61cc9dab684fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\min-10-light.png

Filesize
5KB

MD5
2257b1d0d33a41f509e7c3e117819f8b

SHA1
87583bfbc655aec4e8cc4465b341c3f7889a6317

SHA256
d43e4b285b5b54313b53e87d2a56ca9ba0c85f8f55c9c5fdcdb4fac815ff4d02

SHA512
702d1a126a0a7a64af5cee9450daeed74364aa9e9f123e1bc398ecd4215c082e7f55e43dd292a4119749e84999b015109bff8b11732df11143d202b385411cc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\min-rest.bmp

Filesize
24KB

MD5
2484489c7443ec4745488a77ed084d80

SHA1
fcf49d1be8bbbae3d0dea49bb5e677fb19d98d9d

SHA256
70b6921812f29b698f454927802db818c1625402baefd53ced1bfb9135c17d5a

SHA512
a4776969b6bf215a85e7cfbc8f13dbb1beb4ef42eb5abfa572bb7f54c0032941c8bb178e7b77eda0c442741c29fccb02d8de157068dd31203bfed4e49ce051a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\onelaunch.bmp

Filesize
725KB

MD5
00de2dff1787f6d7904189476b307bfb

SHA1
098a2c23f651d08730927adc8c63518744b199f9

SHA256
cc24488a078d3e92dd7dfb96c22cebd4004ee7fcb297a438e2d3848b633a9f71

SHA512
33a06affebca41e4580279d3ab0f5a2e798584f1ac7f15a19b2364825caba06d8cf57d4ea1ae15bb41d7b14b6ed48f0d3f472c4a4231b7ff792bfca97e93250f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KJ2QP.tmp\split_tests.json

Filesize
205B

MD5
ea33b8c0de391aff43600a0ce7c4b87d

SHA1
8cc2700de8faac23b94e6e5dee37a91ce3ea0693

SHA256
a48eb3ac6fbff98a67b8c14b1fce8ad2a5a7d715a31e76decb97a843647fd61b

SHA512
6f005baeb6e82aedb5f6898f86266551ec938996afe5faf84b717947581816d7ccc25fbcc45b415b2b9af11b4bae2920a1c1b37134ccf74ebb8ac296ffd14aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ2AQ.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ2AQ.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ2AQ.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ2AQ.tmp\Win32Library.dll

Filesize
45KB

MD5
4f424691cf849999b6ac476ca09afdee

SHA1
98e2827aea19ccfc3980c5329f53e408f30acf8f

SHA256
ca6793c4f4b12fac9506f441b8d6641a3e465dda0a1a14d49acdaa56a0389b07

SHA512
2aec1c49b608a47b3804345094a108db3ce0e0ef7127eb70fa2e07a4c500fa697b33fcee4d7e6ebf3d8cc04dae13f7f07439d4dc1dcd6239baddef5d818edfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ2AQ.tmp\onelaunch.png

Filesize
70KB

MD5
d3110fb775ee7fd24426503d67840c25

SHA1
54f649c8bf3af2ad3a4d92cd8b1397bad1a49a75

SHA256
f8392390dc81756e79ec5f359dbdcac3b4bd219b5188a429b814fc51aabb6e36

SHA512
f6b79f728be17c9060edb2df2dac2b0f59a4dffd8c416e7e957bc3fa4696f4237e5969647309f5425a6297f189e351e20c99c642f90d1476050285929657c32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1276_2036959027\CRX_INSTALL\assets\src\contentScript\slickdealsStart\index.a0908cfc.js

Filesize
809B

MD5
19cc33d58ec9e3d42825a814b8d9063b

SHA1
bce43d7ab37440ebb87f9822f2f7ca77aaa79b6b

SHA256
dc57439f8f8747f3b55ce505ed1937e915b9011c697b0bc29b0b2848fb4b0df5

SHA512
b278f43bbb7d0eea8dc982d157bea877d43b0d57231ff2cd146696e072392ae6c4a6bb9c6bfb46545af74c8cc73c1fa572a0abb704e6aac9c06722f40c6b9a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1276_2036959027\CRX_INSTALL\src\contentScript\globalInjector\index.js

Filesize
112B

MD5
fe07a602fcdc55732a567bceda208e17

SHA1
cded2eae412bfc40d31e8285e3fae7bbd995bb69

SHA256
d459db412275bd93229a3c44dd4acef7c5880b35fa50732f76114a2378fcb5e2

SHA512
a8b49dbb4dbc184332fa4dc1b03f7664a09939cfd472bbf772bf411c5ed1e01a251e628246484a2ab35144b3f97f25c8818304346a7b392108c33b4b3347fdef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1276_2036959027\CRX_INSTALL\src\contentScript\globalStart\index.js

Filesize
109B

MD5
97c06edc57360ed9d8ced96ffb10c265

SHA1
00778a6df29f8c34f4b66472d9c9c905577c2613

SHA256
8eff34dd1eaeac24aeb9e385dd77a69eae9fb975400389ecce6b73a5385c2dd4

SHA512
b25dde0368501e7935e0d177009dbd5e91288bf648407a958d715f62e7df19fc67a60ca9597a3c938a0f3d12c10559b53f25c58e50d49db50145b9475d4e75df

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1276_2036959027\CRX_INSTALL\src\contentScript\slickdealsDealDetails\index.js

Filesize
119B

MD5
6f13fe2d9ad6c6dca797c4aaa7ea520c

SHA1
33abd608ce8c6687c0930776c4bdd252b6e03ce7

SHA256
120fcbc0bb7e09aee7f2dda95f2cde930c3379878c27fb96e0a21b92b1114b11

SHA512
9823a2321acd4cc37a6cae09e2b5817690efa1f923ef01220291194f5fa40fa615ebc384a9eecc9126fea2567750179e349ee21d14aaf423705ee5fd872cad92

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1276_2036959027\CRX_INSTALL\src\contentScript\slickdealsIdle\index.js

Filesize
112B

MD5
4df3facc60197e3c00afaa676a844367

SHA1
ccf1df4c665eba566276fc833da0d48490dfef8f

SHA256
ab2270fbfea2cc9a9e871abafa5d152003d460591cd96bed34c4b90666e1ed29

SHA512
87c5d67fc5bcb016b7f85523e3073cc963293632a152f93a8d61b9ca6ff6f851e22de9568de77eb2c8a90aae6d395530a2acddc99c353beb2d624512f0f0befb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneLaunch\OneLaunch.lnk

Filesize
1KB

MD5
7de7d2a0d4e287bccb2df43fea3f0815

SHA1
811b22c836b0c73c735882c16a1a2475e49d505c

SHA256
11c7ea5065bb6bcfedf8b0df398139707880cfde6bb1d22cbbabb8b7c4fbf0ce

SHA512
50310253b5f8330c038f626b6f91b33f8a91a41d02d1d00f457d0a1b6f4b8912c6b36dcce5292522033a9e164081a1834aeaeee1c056360aad5548dd99b348a2

Download Submit
memory/1068-186-0x0000000003790000-0x00000000038D0000-memory.dmp

Filesize
1.2MB

Download
memory/1068-179-0x0000000003790000-0x00000000038D0000-memory.dmp

Filesize
1.2MB

Download
memory/1068-177-0x0000000003790000-0x00000000038D0000-memory.dmp

Filesize
1.2MB

Download
memory/1068-161-0x00000000036D0000-0x00000000036E0000-memory.dmp

Filesize
64KB

Download
memory/1068-148-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/1068-159-0x0000000074240000-0x0000000074254000-memory.dmp

Filesize
80KB

Download
memory/1068-160-0x0000000008C50000-0x0000000008CE2000-memory.dmp

Filesize
584KB

Download
memory/1068-178-0x0000000003790000-0x00000000038D0000-memory.dmp

Filesize
1.2MB

Download
memory/1068-185-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/1068-197-0x00000000036D0000-0x00000000036E0000-memory.dmp

Filesize
64KB

Download
memory/1068-180-0x0000000003790000-0x00000000038D0000-memory.dmp

Filesize
1.2MB

Download
memory/1068-182-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1068-212-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1704-133-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1704-181-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1704-295-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3140-1211-0x00000128CE070000-0x00000128CE120000-memory.dmp

Filesize
704KB

Download
memory/3140-1432-0x00000128CF170000-0x00000128CF1C8000-memory.dmp

Filesize
352KB

Download
memory/3140-1532-0x00000128CF120000-0x00000128CF128000-memory.dmp

Filesize
32KB

Download
memory/3140-1533-0x00000128CF140000-0x00000128CF148000-memory.dmp

Filesize
32KB

Download
memory/3140-1246-0x00000128CEAD0000-0x00000128CEAEE000-memory.dmp

Filesize
120KB

Download
memory/3140-1184-0x00000128B0910000-0x00000128B155C000-memory.dmp

Filesize
12.3MB

Download
memory/3140-1186-0x00000128B31E0000-0x00000128B3226000-memory.dmp

Filesize
280KB

Download
memory/3140-1592-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1188-0x00000128B3230000-0x00000128B324C000-memory.dmp

Filesize
112KB

Download
memory/3140-1450-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1189-0x00000128B3250000-0x00000128B326A000-memory.dmp

Filesize
104KB

Download
memory/3140-1624-0x00000128D1A20000-0x00000128D1A5E000-memory.dmp

Filesize
248KB

Download
memory/3140-1191-0x00000128CBAF0000-0x00000128CBB5C000-memory.dmp

Filesize
432KB

Download
memory/3140-1683-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1686-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1685-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1688-0x00000128D1990000-0x00000128D1998000-memory.dmp

Filesize
32KB

Download
memory/3140-1695-0x00000128D19B0000-0x00000128D19BE000-memory.dmp

Filesize
56KB

Download
memory/3140-1694-0x00000128D2260000-0x00000128D2298000-memory.dmp

Filesize
224KB

Download
memory/3140-1693-0x00000128D19A0000-0x00000128D19A8000-memory.dmp

Filesize
32KB

Download
memory/3140-1244-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1449-0x00000128CFBA0000-0x00000128D00C8000-memory.dmp

Filesize
5.2MB

Download
memory/3140-1194-0x00000128CBA70000-0x00000128CBA9A000-memory.dmp

Filesize
168KB

Download
memory/3140-1197-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1196-0x00000128B3270000-0x00000128B3286000-memory.dmp

Filesize
88KB

Download
memory/3140-1199-0x00000128CBAA0000-0x00000128CBAB2000-memory.dmp

Filesize
72KB

Download
memory/3140-1200-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1209-0x00000128CDF70000-0x00000128CDF98000-memory.dmp

Filesize
160KB

Download
memory/3140-1241-0x00000128CEAF0000-0x00000128CEB66000-memory.dmp

Filesize
472KB

Download
memory/3140-1405-0x00000128CE020000-0x00000128CE030000-memory.dmp

Filesize
64KB

Download
memory/3140-1422-0x00000128CF0F0000-0x00000128CF10C000-memory.dmp

Filesize
112KB

Download
memory/3140-2100-0x00000128CFB20000-0x00000128CFB3E000-memory.dmp

Filesize
120KB

Download
memory/3140-1431-0x00000128CBAE0000-0x00000128CBAF0000-memory.dmp

Filesize
64KB

Download
memory/3140-1220-0x00000128CDF20000-0x00000128CDF28000-memory.dmp

Filesize
32KB

Download
memory/3140-1224-0x00000128CDFA0000-0x00000128CDFC2000-memory.dmp

Filesize
136KB

Download
memory/3140-1960-0x00000128CF9A0000-0x00000128CFA04000-memory.dmp

Filesize
400KB

Download
memory/3140-1228-0x00000128CDFD0000-0x00000128CDFDA000-memory.dmp

Filesize
40KB

Download
memory/3140-1229-0x00000128CDFE0000-0x00000128CDFE8000-memory.dmp

Filesize
32KB

Download
memory/3140-1439-0x00000128CF150000-0x00000128CF162000-memory.dmp

Filesize
72KB

Download
memory/3140-1231-0x00000128CE560000-0x00000128CE586000-memory.dmp

Filesize
152KB

Download
memory/3184-214-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3184-207-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/3184-2164-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3288-2182-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3288-191-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3288-213-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3772-1887-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3772-287-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3772-216-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3856-1593-0x000002087D0E0000-0x000002087D0FE000-memory.dmp

Filesize
120KB

Download
memory/3856-1755-0x000002087F240000-0x000002087F266000-memory.dmp

Filesize
152KB

Download
memory/3856-1610-0x000002087D0A0000-0x000002087D0B0000-memory.dmp

Filesize
64KB

Download
memory/3856-1654-0x000002087D110000-0x000002087D118000-memory.dmp

Filesize
32KB

Download
memory/3856-1596-0x0000020818FA0000-0x0000020818FB0000-memory.dmp

Filesize
64KB

Download
memory/3856-1732-0x000002087F360000-0x000002087F3E2000-memory.dmp

Filesize
520KB

Download
memory/3856-2094-0x000002087EB30000-0x000002087EB3A000-memory.dmp

Filesize
40KB

Download
memory/3856-2096-0x000002087EB40000-0x000002087EB4A000-memory.dmp

Filesize
40KB

Download
memory/3856-2078-0x000002087EB50000-0x000002087EB66000-memory.dmp

Filesize
88KB

Download
memory/3856-1521-0x000002087CCB0000-0x000002087CD54000-memory.dmp

Filesize
656KB

Download
memory/3856-1771-0x000002087D120000-0x000002087D128000-memory.dmp

Filesize
32KB

Download
memory/3856-2032-0x000002087D1C0000-0x000002087D1CA000-memory.dmp

Filesize
40KB

Download
memory/4668-246-0x000000006FBD0000-0x000000006FBE4000-memory.dmp

Filesize
80KB

Download
memory/4668-310-0x0000000003690000-0x00000000037D0000-memory.dmp

Filesize
1.2MB

Download
memory/4668-1192-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4668-309-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4668-299-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4668-298-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4668-288-0x0000000003670000-0x0000000003680000-memory.dmp

Filesize
64KB

Download
memory/4668-301-0x0000000003670000-0x0000000003680000-memory.dmp

Filesize
64KB

Download
memory/4668-1279-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4668-311-0x0000000003690000-0x00000000037D0000-memory.dmp

Filesize
1.2MB

Download
memory/4668-237-0x0000000003690000-0x00000000037D0000-memory.dmp

Filesize
1.2MB

Download
memory/4668-634-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4668-231-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4668-236-0x0000000003690000-0x00000000037D0000-memory.dmp

Filesize
1.2MB

Download
memory/5020-2595-0x000001BF05BA0000-0x000001BF05BB0000-memory.dmp

Filesize
64KB

Download
memory/5020-2591-0x000001BF05B60000-0x000001BF05B70000-memory.dmp

Filesize
64KB

Download

pid	process
3140	onelaunch.exe
5544	ScreenClippingHost.exe
5712	explorer.exe
5712	explorer.exe