Malware Analysis Report

2024-11-16 15:53

Sample ID 240214-ma7l1agg83
Target OneLaunch.exe
SHA256 5810ad9b0690eddcf276a6e90ce2efff927765cbf5304d8abf8e55ac979bcacb
Tags
google discovery persistence phishing spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5810ad9b0690eddcf276a6e90ce2efff927765cbf5304d8abf8e55ac979bcacb

Threat Level: Shows suspicious behavior

The file OneLaunch.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

google discovery persistence phishing spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Looks up external IP address via web service

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand google.

Enumerates physical storage devices

Modifies system certificate store

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Script User-Agent

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-14 10:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-14 10:16

Reported

2024-02-14 10:18

Platform

win7-20231215-en

Max time kernel

87s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\onelaunch.exe" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A dropbox.com N/A N/A
N/A dropbox.com N/A N/A
N/A dropbox.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A freegeoip.app N/A N/A
N/A freegeoip.app N/A N/A

Detected potential entity reuse from brand google.

phishing google

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application\ApplicationCompany = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Shell\open C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\wbappbar C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application\ApplicationName = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application\AppUserModelId = "OneLaunchHTML" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Shell\open\Command C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Shell\open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Shell C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\OneLaunchHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2480 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp
PID 2696 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2696 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 548 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 1568 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe
PID 2880 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe
PID 2880 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe
PID 2880 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe
PID 2880 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp

"C:\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp" /SL5="$4016C,70102614,816128,C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchUpdateTask /f

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" /u

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" /l

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x140,0x144,0x148,0x114,0x14c,0x6b1f69f8,0x6b1f6a08,0x6b1f6a14

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x184,0x188,0x18c,0x158,0x190,0x431440,0x431450,0x43145c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=gpu-process --field-trial-handle=1064,13594383345347270727,17228962730807818879,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1072 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" desktop_onelaunch_icon /a=browser

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x140,0x144,0x148,0x114,0x14c,0x6b1f69f8,0x6b1f6a08,0x6b1f6a14

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x194,0x198,0x19c,0x168,0x1a0,0x431440,0x431450,0x43145c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" https://search.yahoo.com/yhs/search?hspart=reb&hsimp=yhs-ext_onelaunch&p=test%20internet%20speed&type=0_1000_100_1000_100_691231

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x140,0x144,0x148,0x114,0x14c,0x6b1f69f8,0x6b1f6a08,0x6b1f6a14

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x184,0x188,0x18c,0x158,0x190,0x431440,0x431450,0x43145c

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 api.keen.io udp
US 54.186.176.79:443 api.keen.io tcp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 freegeoip.app udp
US 104.21.73.97:443 freegeoip.app tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 api.ipbase.com udp
US 172.67.209.71:443 api.ipbase.com tcp
US 8.8.8.8:53 plus.onelaunch.com udp
US 104.26.12.224:443 plus.onelaunch.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 feed.cf-se.com udp
GB 13.224.81.107:443 feed.cf-se.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 54.186.176.79:443 api.keen.io tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 54.186.176.79:443 api.keen.io tcp
US 8.8.8.8:53 youtube.com udp
US 35.190.25.25:443 api.mixpanel.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 reddit.com udp
GB 163.70.147.35:443 facebook.com tcp
US 151.101.193.140:443 reddit.com tcp
GB 13.224.81.107:443 feed.cf-se.com tcp
US 151.101.193.140:443 reddit.com tcp
US 8.8.8.8:53 download.onelaunch.com udp
US 172.67.68.170:443 download.onelaunch.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 ebay.com udp
GB 23.48.165.132:443 ebay.com tcp
GB 23.48.165.132:443 ebay.com tcp
US 8.8.8.8:53 instagram.com udp
GB 163.70.147.174:443 instagram.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.instagram.com udp
ES 157.240.5.174:443 www.instagram.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 netflix.com udp
IE 54.73.148.110:443 netflix.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.netflix.com udp
IE 54.170.196.176:443 www.netflix.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 linkedin.com udp
US 8.8.8.8:53 assets.nflxext.com udp
US 45.57.91.1:443 assets.nflxext.com tcp
US 8.8.8.8:53 outlook.live.com udp
US 13.107.42.14:443 linkedin.com tcp
GB 40.99.202.82:443 outlook.live.com tcp
US 13.107.42.14:443 linkedin.com tcp
US 13.107.42.14:443 linkedin.com tcp
US 8.8.8.8:53 twitch.tv udp
GB 40.99.202.82:443 outlook.live.com tcp
US 13.107.42.14:443 linkedin.com tcp
US 151.101.130.167:443 twitch.tv tcp
US 151.101.130.167:443 twitch.tv tcp
US 8.8.8.8:53 chase.com udp
US 159.53.224.21:443 chase.com tcp
US 159.53.224.21:443 chase.com tcp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 office.com udp
US 13.107.6.156:443 office.com tcp
US 13.107.6.156:443 office.com tcp
US 13.107.6.156:443 office.com tcp
US 8.8.8.8:53 craigslist.org udp
US 208.82.237.129:443 craigslist.org tcp
US 13.107.6.156:443 office.com tcp
US 208.82.237.129:443 craigslist.org tcp
US 208.82.237.129:443 craigslist.org tcp
US 208.82.237.129:443 craigslist.org tcp
US 8.8.8.8:53 cnn.com udp
US 151.101.195.5:443 cnn.com tcp
US 151.101.195.5:443 cnn.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 api.accuweather.com udp
GB 104.91.71.7:443 api.accuweather.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 8.8.8.8:53 us.search.yahoo.com udp
IE 212.82.100.137:443 us.search.yahoo.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 8.8.8.8:53 espn.com udp
GB 104.91.71.7:443 api.accuweather.com tcp
GB 54.230.10.97:443 espn.com tcp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:443 microsoft.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 172.67.68.170:443 download.onelaunch.com tcp
US 20.112.250.133:443 microsoft.com tcp
US 8.8.8.8:53 imgur.com udp
US 199.232.196.193:443 imgur.com tcp
GB 54.230.10.97:443 espn.com tcp
US 8.8.8.8:53 imdb.com udp
US 172.67.68.170:443 download.onelaunch.com tcp
US 52.94.228.167:443 imdb.com tcp
US 8.8.8.8:53 dropbox.com udp
US 162.125.248.18:443 dropbox.com tcp
US 162.125.248.18:443 dropbox.com tcp
US 8.8.8.8:53 paypal.com udp
US 64.4.250.36:443 paypal.com tcp
US 8.8.8.8:53 s.imgur.com udp
US 64.4.250.36:443 paypal.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 salesforce.com udp
US 104.109.11.129:443 salesforce.com tcp
FR 199.232.168.193:443 s.imgur.com tcp
US 8.8.8.8:53 apple.com udp
US 17.253.144.10:443 apple.com tcp
US 8.8.8.8:53 www.imdb.com udp
US 104.109.11.129:443 salesforce.com tcp
US 8.8.8.8:53 tmall.com udp
US 17.253.144.10:443 apple.com tcp
CN 59.82.122.115:443 tmall.com tcp
GB 13.224.77.205:443 www.imdb.com tcp
US 8.8.8.8:53 nytimes.com udp
US 151.101.1.164:443 nytimes.com tcp
US 151.101.1.164:443 nytimes.com tcp
US 8.8.8.8:53 zillow.com udp
GB 3.162.20.89:443 zillow.com tcp
GB 3.162.20.89:443 zillow.com tcp
US 8.8.8.8:53 pinterest.com udp
US 151.101.0.84:443 pinterest.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
GB 18.165.156.107:443 m.media-amazon.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 yelp.com udp
FR 199.232.168.116:443 yelp.com tcp
FR 199.232.168.116:443 yelp.com tcp
US 8.8.8.8:53 stackoverflow.com udp
US 104.18.32.7:443 stackoverflow.com tcp
US 104.18.32.7:443 stackoverflow.com tcp
US 8.8.8.8:53 wellsfargo.com udp
GB 2.16.76.98:443 wellsfargo.com tcp
GB 2.16.76.98:443 wellsfargo.com tcp
US 8.8.8.8:53 adobe.com udp
GB 88.221.135.203:443 adobe.com tcp
GB 88.221.135.203:443 adobe.com tcp
US 8.8.8.8:53 myshopify.com udp
CA 23.227.38.32:443 myshopify.com tcp
CA 23.227.38.32:443 myshopify.com tcp
US 8.8.8.8:53 tumblr.com udp
US 192.0.77.40:443 tumblr.com tcp
US 192.0.77.40:443 tumblr.com tcp
US 8.8.8.8:53 hulu.com udp
IE 2.19.176.65:443 hulu.com tcp
IE 2.19.176.65:443 hulu.com tcp
US 8.8.8.8:53 msn.com udp
US 204.79.197.219:443 msn.com tcp
US 151.101.0.84:443 pinterest.com tcp
US 8.8.8.8:53 bankofamerica.com udp
US 171.161.148.150:443 bankofamerica.com tcp
US 171.161.148.150:443 bankofamerica.com tcp
US 8.8.8.8:53 sohu.com udp
CN 61.135.164.50:443 sohu.com tcp
US 35.190.25.25:443 api.mixpanel.com tcp
US 204.79.197.219:443 msn.com tcp
US 8.8.8.8:53 etsy.com udp
US 151.101.1.224:443 etsy.com tcp
US 151.101.1.224:443 etsy.com tcp
CN 106.11.226.158:443 tmall.com tcp

Files

memory/2480-0-0x0000000000400000-0x00000000004D5000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-U9DJD.tmp\OneLaunch.tmp

MD5 b1cca5246d1174c1319f3066dd25f68c
SHA1 128b952cf620ef1161466c961dc954416d0508f4
SHA256 9b65f00e8ccb60786ea6087f1f2b9a3226d784b76d65d3864ee41dd9c3f752f8
SHA512 78dc3c50fec7784ce93ca18df4f7882f0caa9ad55e4bc9f68ab7e7adfdc7ce1f5d35198eee3b26767d7ef924d75aca47d9e0b8e59a83f8a55688dd437187b2e1

memory/2696-7-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab9E92.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar9F12.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

memory/2480-48-0x0000000000400000-0x00000000004D5000-memory.dmp

memory/2696-49-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/2696-302-0x0000000000400000-0x00000000006F7000-memory.dmp

\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 14015634859032182766992c67e11f26
SHA1 b8470ea5e3b6d364e11a8fb731370b3efd3328b6
SHA256 394e0b40508c159e70b63ca378cdd2e32bed2108afccd3a11ac5c3808155219c
SHA512 d130501575ebf155b9a94427b2a240f7b17a4aec438d52f4336cc5985295045f335cb10f0a2a092cdf946b19b38c4c1b50043f76acf08af11085f39002c51cc7

\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 369ff2f107074417d0af749dd465e287
SHA1 62eeb761d8f93c87c977ef661f181c1aa171268e
SHA256 55d9cb33b331613e623d4ac343ed2e2ba8ddfb1c0541b10ab3a53fa206c69cea
SHA512 60be7fd18c037af022705fdf3adb86c40694ee5f05412f89969954fc42badf872efaf02e998ad2729e6cb1db5859384eee36601ab13f9f0352b0624c697e81ca

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe.config

MD5 cd58edd759881e9fcd51a821687957bc
SHA1 534c75096894944b6133577d1a61d4fe8fe6eaa8
SHA256 5abd3184ab742bc15a4287456a5acf91bbb0eb0a712dbdff054ea5e8c2f1cb83
SHA512 1ca9bf1557982b584100132c2b78ca2503d966b865f505e8a618a17e3732f6e72dc8d4d2efed86d50bd123bbc8173a2ce682316c0eff6a2023accdc2ba4e4f27

memory/2696-319-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 b5aaf11ef3422fc6adfe6b84b24c3a57
SHA1 0ff77f58ed435103e465fad9ad23e9848c20fbad
SHA256 4bcefcd353ef0f652171159d9ae5ea3bfe53c47146526160ca98e12b179a580d
SHA512 179e7a09843cb37e6b5bd11d701ac894f883a9c5261ee0f66b06dcec8c9a0539c0e47bfe9583e3362b143d3d03758c160891654ddf819996f456cf4fccf3aa25

memory/1916-321-0x0000000072FD0000-0x00000000736BE000-memory.dmp

memory/1916-322-0x00000000012A0000-0x00000000019C6000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\log4net.dll

MD5 27fe8d18682fd9901e589e65ef429b23
SHA1 6426e96243911beab547f2bc98a252a26692f11f
SHA256 896ab9cac41e3977792ba2034ea8730610c2779fa51bab6bed426094ea8d3ecd
SHA512 9d6bc8c77c72cbad15e808281818c2768f1b44aa6ea1d54a979c91218b8fbf2a02fee49fa97db6cfa6087ddc363d6cdd6407e4494934b4568c514437030a2615

memory/1916-326-0x0000000000850000-0x0000000000896000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\common.dll

MD5 75de057a323cbfbbef32fd395f37406c
SHA1 a29340c171511ced458e51ef7a2b7f06648a9770
SHA256 6291cc3dd5d4139bee3ea192365ede894e40a825ad63bcdda4993ea0397d83d9
SHA512 28241e1cb3ca98b02dc3629a7bba5da27a06f3463c9b1721cbdcd41b40fbed35d3a5e0fa9a20d82e57b65498af72e3e432729093a1edc475d6811ef6039a3d51

memory/1916-332-0x0000000000AF0000-0x0000000000B2A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\Newtonsoft.Json.dll

MD5 4df6c8781e70c3a4912b5be796e6d337
SHA1 cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA256 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

memory/1916-336-0x0000000005160000-0x000000000520A000-memory.dmp

\Users\Admin\AppData\Local\OneLaunch\4.92.0\ServiceWire.dll

MD5 29d24184898935f66edf93fa03b16d59
SHA1 3f14c0f57d001bdf64719226a2b6e53462778d89
SHA256 da711ab7ab39da60446b13378667ec86f4375585e9a1fc98acea25efd311fd69
SHA512 4422c43e9e6793dec4acf7511c5a599cb65bd6c29a7e0f855e9b88bcdd81a59d413c20160ef5b538d10f400b3a207e6f19ced827fd7f40b66f41f9cc210377b2

memory/1916-342-0x00000000005F0000-0x000000000060C000-memory.dmp

memory/1916-343-0x0000000005720000-0x0000000005760000-memory.dmp

memory/2696-345-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/1916-348-0x0000000072FD0000-0x00000000736BE000-memory.dmp

\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 9966a4014c0c0fd86a04d32d7f0b399e
SHA1 0240446a28d35e1f0e1614bd7e6860f524c444e7
SHA256 98468f985355b615aae4b685a536f174302e9743910745c30f6abc034de0a566
SHA512 7d137470fd60be6037e31c4014e0f2ede9837096248526ec424008fc037af074da28b828210b0ecfa0d5a07b464d9d6c0954b16a208d16f34167ca83d74643a9

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 88c2f006d7eab8bd973119e96c4f1c14
SHA1 3d650e258cf7d9ece15c00a5468eb386bac42b96
SHA256 4d6521f99492caa1cd9284e2d5c177b7840cf5c4e0080c3eb038b6e7ad32c0f3
SHA512 80f93a281595ffb0ed6531e8bef56a5fac10e095975c4b3d85d3e4bcbcabb876bf8cb704c9fb64eee03a0c361fc09453dd4c5e48347055750d77bc65d47052f7

memory/2880-351-0x00000000728E0000-0x0000000072FCE000-memory.dmp

memory/2880-352-0x00000000012A0000-0x00000000019C6000-memory.dmp

memory/2880-355-0x00000000006E0000-0x0000000000726000-memory.dmp

memory/2880-360-0x0000000000790000-0x00000000007CA000-memory.dmp

memory/2880-363-0x0000000004F70000-0x000000000501A000-memory.dmp

memory/2880-368-0x0000000000910000-0x000000000092C000-memory.dmp

memory/2880-369-0x00000000054A0000-0x00000000054E0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\app.log

MD5 d892ae7409760aa84ac89cb437911304
SHA1 e909cf992df498e85e9cd3b2c74d295fa3243944
SHA256 15001fffff8b00a5e9c2cbc291793723656efa5ce5ac47e3e66ed7af3078582c
SHA512 4c29f73bf6596d434b2c264e522d6ab53ffa6b121597530a61bf6c0337af1d9c15ba1e7b763a08343fbcaea17ad7f2b071b12d01bd25d2ad0eac7dd092086561

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99875369271ec49ea024080cfda7baeb
SHA1 f182124841979363b4533d77c2e8bd1420badb80
SHA256 5c577603d0554402777bc3c2663121606f189c3c2bed737f0fa37b31774ea3d7
SHA512 e9aa0847a9ce16115aa008b2c17e6462dee367b88fe0572f2ebde2210c7bda11ba9f0afe00763c24102477d7aa0908b9028f48b922d4346487093c12b748345b

C:\Users\Admin\AppData\Local\OneLaunch\app.settings

MD5 3ea6998a38e1d1b55e4ec83147eadf40
SHA1 0cd9a139765accc96de09a3f58d1b39cb6026cd0
SHA256 f6407aebf9555caab67e333f43c11e3cf478c214e578ece5ad30177209b0d14e
SHA512 77308bde913d4de265788051b5fb63d46ea1b196881e40cc0353ec33e839544ec018e5bffc93ae7395632cacfdeb09e989cce97a292b6c91060ce2539370bd30

memory/2880-486-0x0000000005130000-0x0000000005138000-memory.dmp

\Users\Admin\AppData\Local\OneLaunch\4.92.0\Flurl.dll

MD5 88d6cef2bd73709f7f35d6cdb63c6b52
SHA1 9ec6e0b10922101af0135d40f2a5fcbb798002a4
SHA256 17714b55721d04c35ebb4898afd9e267e3cb04b25beb8bda9a460c52587955f5
SHA512 c187f53222988c23f45946cfce5e18d32c5ac3af22e65097aafcef0f3ddbc83f3c0acb02a90cf16c5241a0dda5162674ee7bd2627e1da38c13fff22bdf8febf8

memory/2880-490-0x00000000051E0000-0x00000000051F0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 23b09273adcc17d5d37097f4d87c9120
SHA1 f3640c77946e4677d24b0fc1b4622f8204b7b66c
SHA256 0d2347f4fea567bd53396653b26d9ee2af326e46c9742634672e4b75e4436d6e
SHA512 8b9aac0687a06310b5b89f1e3f2d9741c8098f85f8eb37558bdc8e99002d8fb0a967e5bb4173ffa1999bcb5285498ba366efc70f525ed02c425e2e78d2ee5be7

\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_elf.dll

MD5 fab0c8807ee23a14b419838b2cd32ae2
SHA1 03b89cb2df7cca40588c0a365aaefe23019846f3
SHA256 b8773952910df516e425ed9b6dff1cc1f539c9a60aaf31bbb318d904ffc0eec3
SHA512 9ae91756918538600901220421b1a7ccc9d772155a5cd7f7a5fec46ccc24cfbf5f321afd2baca17023180b84c309d6e01654b8f7fba33791957620bad049c670

memory/2696-535-0x0000000000400000-0x00000000006F7000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 f251ac809cef2086ffe71bf9377e9975
SHA1 07166f5d4565da711bcd9bcbb7cab228527b33a1
SHA256 de0a07d07af5f63dc2af9053e8edf6ca126aa64f8081e37c5d8bb53cc47a3783
SHA512 122a4f1aee8c28a80b7f4ec943ead947ff93a85506b4e88bd254eab5619e5d87672b3db3e015c54b387c5fcd899fec297cce399af37b62f1bb57d4b072315775

\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_elf.dll

MD5 c052716bc30f5ab2c235a252c3d3f6d1
SHA1 7d06f772278e85782da5f46b7297c51f219f30e1
SHA256 99b03da3664e5a9a29ebd851fcb08df4abbac358581325790e18fd90e981b7e8
SHA512 b9d9a31f2c2120b6e98274aea4528f6d2bd1532b08cb43a40c3582d19fad5625c222f663584be67019338cb7106a4e9f630e32192d5a4aecf221827918ee37d1

memory/2880-568-0x00000000059F0000-0x0000000005A00000-memory.dmp

\Users\Admin\AppData\Local\OneLaunch\4.92.0\System.Windows.Interactivity.dll

MD5 3ab57a33a6e3a1476695d5a6e856c06a
SHA1 dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA256 4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA512 58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 7504db70cd0695767d31822cc00eff61
SHA1 40867b6425b79ce309d2a9b73610d346c78a6015
SHA256 662dc554281704044c9505a177c80425299feffa2afd8b8bbaf03bd343b220d6
SHA512 e779a1fa84d4d3427500621dcf93137dc598c1ba2e3103ac969467059784748060f69fa59a62d0fdeed49cc99facb00af76d39c47ac7120e8d495353c73ecf9a

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad\settings.dat

MD5 e28e4c0c85c5a3acd152e0d68dec2320
SHA1 b5d46d07b986223c8b084e4482a55f10fb2f3dd0
SHA256 65f00d99256c9b216397e39882a24400221e324b4561ff3c6b9b3f6b4d8649aa
SHA512 06371ce98c37c04fbff3737ad2262ab973e08afd1d312f55935b572f8d628d5a9fb4ccd9c63cba4d225fb81e099f8fe7938920d55cf5be375163f2e954594f0d

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome.dll

MD5 c0efabae32c3d3e296fc9d69edcd8ee8
SHA1 2868a4902073d6b2919224308b771283d002c434
SHA256 16b2f406439f395bacc36233df38e726bb351a6cc6ded881d9aa84d373b6478d
SHA512 b007889ed959f025b2a4ee9233c7240e5386ccd923a7c902f4a94fe50b141edc654e739ad808d808f33f58bd2a3ee8f588dae731122772b77a19baff0db089f6

\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome.dll

MD5 677340f8caf6f44c1624d59e2a5fda33
SHA1 0670194e1d82b9a0e4f2f1dd90277ec167e9b888
SHA256 f0c318229169f11eb0baab9e28f425c4d88ea52a8a72048d5acddb8be4b4b891
SHA512 9cac486542ff7810ac0765024fc89677f053db3a413387e170f7bea3566e56d03ffe4d5199965bc6536930b117cddae565c8a171dbf2cb9e336b322be6b7be99

memory/2696-590-0x0000000000400000-0x00000000006F7000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\master_preferences

MD5 1145e5f59ecbb095fb6b2c589c45e824
SHA1 f867d306e1d59a477b6221b2cb4a37a18a71cdd9
SHA256 6717cf4c3142666873a050c9e6578977e874aeb5553d6aa4a653a9a9a2cd7ad0
SHA512 4968fe6874f5d410a3e8faf3ea4a8c0bdb0e07472698dc1a98a94414abcb960e01440e1e04b8636a69fd3907e71ad3967309c3f6428fed1a3e845c1c08f974f3

memory/2480-595-0x0000000000400000-0x00000000004D5000-memory.dmp

memory/2880-596-0x0000000005A60000-0x0000000005A6A000-memory.dmp

memory/2880-594-0x0000000005A60000-0x0000000005A6A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\v8_context_snapshot.bin

MD5 72d83b9c1dbc165e61ca7464e7d160c9
SHA1 d226eb1460bc847c95a5b0e66b6ba736efa9e66f
SHA256 6076b7cd42ff579a12a9de2983967ff6116ffd4d677e6dd4da5f6cc791f50979
SHA512 68f0155f49d53d9a5487ae375183fcfb76d8260e3eeac57006e1d84d510d668af1c6621a42f6c810c83c5853c605d7112ab2faf60d71804d7f93640e62ff976c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\icudtl.dat

MD5 f8a879bbf9c53cc89d5dcb1cad56e68b
SHA1 3d4aff7761321fa8eb4278e219d715c18c7b1f68
SHA256 5977252bc1a61d7ac8d28520b01061a7c89c93f3be43b7eed6a49eec3b80a080
SHA512 67a217411533e4b5a6eabb7d788a5eda3abe0bccc0a1c953d7941425f5c58ef0a76f1bbd95d8e75a53957fc34912e8c92c058cd141ac0edcfa86f9a260c591eb

memory/2880-598-0x0000000005BB0000-0x0000000005BCC000-memory.dmp

memory/2880-613-0x0000000005FC0000-0x0000000005FEE000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66c77b9645bfe2a2e74c0e578b726cb4
SHA1 fef8c1184760a493f04aa02a3f0c2420b43432a4
SHA256 a2949cc6a8aedb474ee364bc9317b73d8b29deb0d7a0e5ac537a9125a28212ae
SHA512 97013ba685af22c464e5257c74ea0fb0e415cd561c9e051b557f44555a39b85e1daac506bd267fd79d14c8336d4e2e19e59478dba996687339b6f8d857850485

memory/2580-686-0x0000000000690000-0x0000000000691000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2846b25fa264bf4be3016dee909ab60
SHA1 e39f091014b56bbef5acf21d2b39d7e8acfb922c
SHA256 18d610cbb179240f47d926d596b10ccf03466310a4192303842d40d9f368d849
SHA512 c5f82956c3937aa522b7a608db8339963b7ece6d3442a5561101db9b348fea6b3677acbc668cc6020e55934eb880ecaf5563a5e3b52dede8470079c28e6f4f3d

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2440-766-0x00000000728E0000-0x0000000072FCE000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2440-780-0x0000000001310000-0x0000000001330000-memory.dmp

memory/2440-790-0x00000000008A0000-0x00000000008E0000-memory.dmp

memory/2440-791-0x00000000005D0000-0x00000000005E2000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\1b12c95c-d217-4ed4-9cad-b3ae8325a4ad.tmp

MD5 9d50a0691baa0852df043229e6f8b129
SHA1 abfd119576f1817c7816b240e6f5c8066c8df09a
SHA256 8938f78c01d20c99fc0894c3cb6a2402efcca23096398ba171e5c9ed2cdfd58a
SHA512 28b6dbc01f4e5d2f4140acdec4ca35d9a3ee7a64fe7cd2a67094087d587c810a1dd797c99fca4b1872174359a601a5495f28a4817488c8d9927f7ba52b074ce5

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\c944673b-a758-42dc-be10-6e8c2532db41.tmp

MD5 f61394ec7fa707e36214d21d1bb4edfc
SHA1 5f1fb30eff554f2bb80337fee3e75aed7f56a9be
SHA256 76b60cb58fd8f5610a5426b09414d46fbe62337e65379b839ca7ed98f600a6db
SHA512 c8ab927b25113367d400f4dc14061f76d1f8de0bcf0fcee1a6078d56f177fbb772c25f7ef14fd6d14a9c2049adbc8a47c7e38c6f2c0c152bfeb542ed51f6dc1b

memory/2440-816-0x00000000005F0000-0x00000000005FA000-memory.dmp

memory/2440-815-0x00000000005F0000-0x00000000005FA000-memory.dmp

memory/2612-873-0x00000000728E0000-0x0000000072FCE000-memory.dmp

memory/2880-877-0x00000000728E0000-0x0000000072FCE000-memory.dmp

memory/2612-878-0x0000000000FF0000-0x0000000001030000-memory.dmp

memory/2612-879-0x00000000728E0000-0x0000000072FCE000-memory.dmp

memory/2880-882-0x00000000054A0000-0x00000000054E0000-memory.dmp

memory/2880-881-0x00000000054A0000-0x00000000054E0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eec7d5d6499dff0f432719b1a0a9a382
SHA1 89b6006b292ce75dc9a1e376341b96e345fe92e0
SHA256 972e13fcecb400213d298dbff298f5bbb6886e0440b9ae52af92feb7705dc35e
SHA512 4101e991f0665c5f120180ed36e47b97dfd8f925482c98484bce5e33f279a660c05cc3260dd296b4f8cf36b0e578cb1c3414a9e2b4bf6c760e9172fea110d6c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 046bb4c1e5f2efa8aff6764c0970053c
SHA1 93880574a898bdbc94e128cc6f8558de423b0545
SHA256 16629ee59128901bd4fdee729c306d98c3aae41933a234a92379a9acc4dc5ce9
SHA512 99bc900b204f908ce37720439124965ccc9dc95ceb8e92e14b9a60db4db71dba97f2fd00c59aa241687de57fc69d9406537f502123792081538962ec412c43e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de9fe8d4d50de8247797af3a914446d2
SHA1 e2842505083c4a6693f4ab703f82e626dcd49aa3
SHA256 86e36ab33618fb3fac27895217938392cfdfc3bca389e5e479a0a7cd18b65b4c
SHA512 9e2c5a804e7d4e72027b97cba023dd5a8a7aa8a47919f4c2162fc8beaefeade1dfe65ea614bccbe377699e683a7d943ebe8f48cdc7020021892e8560c258efee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03bddeca10f5cb0167dad9b05a4a33fc
SHA1 312fa6e9f32538b05c7c0a7cc30a2b3ec74e429a
SHA256 9af75e77cfda0a202cb8df105a17fdc4d7d2f94f0816ef54c2bad114154ddbd6
SHA512 b4632f92d02eee57c3bf65c6adb21d752de017c99f4c3101ae210fa3ab96e35ebe70f3ae17385807a7abc51c3e57d30a3cf98322ffcf39031623bc4d14544339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f26bc2f32d2dfc25e94ea1140596aee
SHA1 1554223a5fd89f387e617648f9605d4880e3a8ed
SHA256 7f78ccf5e0491b0fd63f00d23854659cc74a39ccef882ea818ba2068a22f7d5d
SHA512 98b66c12fd540d9c386db82beec94c1a62f52e678fde380fdb7a277796e2c04adaa74347f31ed15de11c0578d7269409bd67779077e171ee1b0b9f3cac989700

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a8e2b416b53f5210ea89ba6f1c40be4
SHA1 b8a40d3a3de3f2405b42d07edfaef8251d578595
SHA256 be27d0318b324093a24c9beb52b1a89dd00e355057965bf8adf248b8494e4e28
SHA512 9e765aa5723c5b97f48b350a7f501dd3dac45ec79290216fda491521b27f6b7ad8b983008e128c65c4fdf6a620b40ba16ca1c1cca0cb2d56e20b4b2453a91976

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62fd3208907bdd8065b6dc93e5a6f34a
SHA1 33cf157f111c17a63402d0b39f9d3467403c7ed8
SHA256 6ef4905a122c0b8b499554c92f99dd18eb82d6cca6318f9e2d1e6bcffed81181
SHA512 e6eae5064d694914f7368fc952f48773d9eb4668dc0b72d00a0474974728f85b7afda2d29b5bf0ae0f454f9e01b924088721659b7f16d03e4e73a2f8fb3a4cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad12cca86f3e6b41b56b54e84f100aed
SHA1 f830f559ab72bc5f3754e5b6fe580c3f50ec4aa6
SHA256 427d979c4311b2ebefcc118ac06614d77760f059eed518ba2bd3a06b50f57deb
SHA512 5d7c6a5ddce34927ec4fc02de162a3f2c0dd2dd5e0f34d336a7bb9208fe8cabf9ccf12b2871abc13878838b5bcf3d6e6abaa8b8b1134cc16913d7de2cdf4e702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1245868c4d31f63a3231a01563858dbf
SHA1 5066e613f31bf54baccf5b355f9aa1d8951fc0a6
SHA256 6f20537ef733ffb6a865c846c5c009ad65f9a2754d4d8654549083dbfa5da773
SHA512 714f548e2b9e2525dd11a61e6d14d1d2acf86d5e52184fb9bed065bf1cfc40184cfc70805bb707b0ce4da85b33815590e71a08074016eb497f365f7c6822aeb6

memory/2880-1481-0x0000000005A60000-0x0000000005A6A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e74f539a3a1e0945b868d443b4c56ff
SHA1 53b8cf6902b48ab930fd3f695bad1f20a239a114
SHA256 e2aa99bfc2f933bd719b141920aa63c1766e8115ee45b4c1e2f56dd855d430f9
SHA512 f8415fe14acc1809a9a8f5cd77272447a689d93455fdbca9601463e9b006c1394f700bc3227b032b3f18eb3f2dd6f172cab6f296408e981d145959510aad607a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64ea9779adba099657242cec27172c1e
SHA1 6faf1f82e41c86e9136ad01fcbadba4adf637248
SHA256 18fe9e7a5e350788f396c8a2746bba87f8283f27bb5e587faecfb22518179a6b
SHA512 401c4ad7807e4dad08175f7cc2baf82495ca82fe6b0722e7ac5672d49c11ec124aa0a655ad111c639a77136c999c0e3582e56e0ff6785ac1cd14e372f84301bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 663bca97e638098907832f74d7228845
SHA1 81abe5b9d92b6bed82efbf3268a64c3339fa290c
SHA256 5e895988078726acf51c07652038e560bee4f37fec2f531a24c9b659ccb40c79
SHA512 57117a6b1e65df394c02b98f5dfe72e99b41f4f8ecf3470549477b3882977afda5807be9afbfe286a6695e47f1489e9b4e67de6edb62b850a22476806c6ff8e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d4996b1661b1c527e82d9c68cb1638e
SHA1 726458fea37f85dc21ba5a9c9ddc963a3745dcbb
SHA256 19c0b411174cb6194eb62279b7af49b5a165aa1de905077d6155d66133823f5b
SHA512 7cde95aab363822c3c6272259788e6abc0151f62b519ab143b85c24781800c10d720b1dff499f068c188f40f0ab2532da0592020443f53344134a89621dd8744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7371b1731253e0fad617002419625380
SHA1 438a94053d019814f175c85d5e9bb7351fca201a
SHA256 70364ac3c0f30c2f7be786327564654886415f244ddcd9995fb61bcf378f69cd
SHA512 eec9a0cd467afc8103a4ade605a98a345ad90a2dc78acb4f12fcdf7d2d0902c3b9ec521724f2475b5e3a92e8fe5d3ea3163e3126060677febdf63ffec2fcb7f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 153163117e5d47ad28c619f1e481c6c9
SHA1 410ded83c10a18001f40ce2cc056ebaeb998227c
SHA256 85894f81d160fb7c8faed017486c02f0a1c43f845bd5f81da48a2adc96cce1d2
SHA512 cba5c722a4828e5dd25a0abb3437438e8a7a297f77a50c09d4c89f641929464a1f3a07e07ed8c912ad5775d86853517fc58992fc603bb7e8463dfe303db7d26e

memory/2440-1730-0x00000000728E0000-0x0000000072FCE000-memory.dmp

memory/2440-1731-0x00000000008A0000-0x00000000008E0000-memory.dmp

memory/2440-1732-0x00000000005F0000-0x00000000005FA000-memory.dmp

memory/2440-1733-0x00000000005F0000-0x00000000005FA000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 46c9f33cd2d7c5c9afaae81abb6f084f
SHA1 cba52647d6645375d7c4a6be43a5ad8a983883af
SHA256 dc94f9de96fdc15b3319d948d06ca1e5e8229a158df52c3e9e3c7f61dfadbe2f
SHA512 1514ae6cb3f468a6da05ad347f3c425bb529812d906915f27ca642a2b2a147c063f31c17fd64accee4c297fd19721e7dda4acdab18588853c47e67ddb8e9ec67

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-14 10:16

Reported

2024-02-14 10:18

Platform

win10v2004-20231215-en

Max time kernel

48s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\onelaunch.exe" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.keen.io N/A N/A
N/A dropbox.com N/A N/A
N/A dropbox.com N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A freegeoip.app N/A N/A
N/A freegeoip.app N/A N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\wbappbar C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application\ApplicationName = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Shell C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Shell\open\Command C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Shell\open C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application\ApplicationCompany = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Application\AppUserModelId = "OneLaunchHTML" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\OneLaunchHTML\Shell\open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\4.92.0\\chromium\\chromium.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp
PID 2492 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp
PID 2492 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp
PID 2520 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2520 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2520 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2520 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Windows\system32\schtasks.exe
PID 2520 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2520 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2520 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2520 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2520 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe
PID 2520 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp

"C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp" /SL5="$90118,70102614,816128,C:\Users\Admin\AppData\Local\Temp\OneLaunch.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchUpdateTask /f

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" /u

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" /l

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x6b6269f8,0x6b626a08,0x6b626a14

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe" desktop_onelaunch_icon /a=browser

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=gpu-process --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1752 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2148 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2376 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\gen" --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\gen" --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe"

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x6b6269f8,0x6b626a08,0x6b626a14

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=1.83.6-devel --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x6e1440,0x6e1450,0x6e145c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\gen" --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\gen" --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5836 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5864 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6260 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6444 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6604 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\gen" --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,8587034482416470707,7603742121750812390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 224.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 freegeoip.app udp
US 8.8.8.8:53 api.keen.io udp
US 104.21.73.97:443 freegeoip.app tcp
US 52.33.19.142:443 api.keen.io tcp
US 8.8.8.8:53 api.ipbase.com udp
US 8.8.8.8:53 97.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 142.19.33.52.in-addr.arpa udp
US 172.67.209.71:443 api.ipbase.com tcp
US 8.8.8.8:53 plus.onelaunch.com udp
US 104.26.13.224:443 plus.onelaunch.com tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 feed.cf-se.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 52.33.19.142:443 api.keen.io tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 52.33.19.142:443 api.keen.io tcp
GB 13.224.81.107:443 feed.cf-se.com tcp
US 8.8.8.8:53 71.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 107.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 download.onelaunch.com udp
US 172.67.68.170:443 download.onelaunch.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 reddit.com udp
US 151.101.129.140:443 reddit.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.reddit.com udp
US 151.101.1.140:443 www.reddit.com tcp
US 151.101.1.140:443 www.reddit.com tcp
US 8.8.8.8:53 170.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 140.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 www.redditstatic.com udp
NL 185.15.59.224:80 en.wikipedia.org tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 ebay.com udp
US 104.244.42.193:443 twitter.com tcp
GB 23.48.165.141:443 ebay.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 instagram.com udp
GB 163.70.147.174:443 instagram.com tcp
US 8.8.8.8:53 www.ebay.com udp
US 8.8.8.8:53 www.instagram.com udp
ES 157.240.5.174:443 www.instagram.com tcp
US 8.8.8.8:53 174.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 174.5.240.157.in-addr.arpa udp
GB 173.222.9.77:443 www.ebay.com tcp
US 8.8.8.8:53 77.9.222.173.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 pages.ebay.com udp
US 8.8.8.8:53 api.accuweather.com udp
GB 173.222.9.178:443 pages.ebay.com tcp
US 8.8.8.8:53 netflix.com udp
US 52.33.19.142:443 api.keen.io tcp
IE 54.73.148.110:443 netflix.com tcp
GB 104.91.71.7:443 api.accuweather.com tcp
US 8.8.8.8:53 178.9.222.173.in-addr.arpa udp
US 8.8.8.8:53 sync.onelaunch.com udp
US 8.8.8.8:53 chrmxtnsnvsblnlnch.onelaunch.com udp
US 8.8.8.8:53 www.netflix.com udp
US 104.26.12.224:443 chrmxtnsnvsblnlnch.onelaunch.com tcp
US 104.26.12.224:443 chrmxtnsnvsblnlnch.onelaunch.com tcp
IE 54.74.73.31:443 www.netflix.com tcp
IE 54.74.73.31:443 www.netflix.com tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 7.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 110.148.73.54.in-addr.arpa udp
US 8.8.8.8:53 224.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 31.73.74.54.in-addr.arpa udp
US 8.8.8.8:53 extensions-cdn.onelaunch.com udp
US 172.67.68.170:443 extensions-cdn.onelaunch.com tcp
US 8.8.8.8:53 onenews.com udp
US 104.22.0.81:443 onenews.com tcp
US 104.22.0.81:443 onenews.com tcp
US 8.8.8.8:53 81.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 172.67.68.170:443 extensions-cdn.onelaunch.com tcp
GB 104.91.71.7:443 api.accuweather.com tcp
US 8.8.8.8:53 linkedin.com udp
US 13.107.42.14:443 linkedin.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 outlook.live.com udp
GB 40.99.218.98:443 outlook.live.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 40.99.218.98:443 outlook.live.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 twitch.tv udp
US 151.101.66.167:443 twitch.tv tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.218.99.40.in-addr.arpa udp
US 8.8.8.8:53 www.twitch.tv udp
FR 199.232.170.167:443 www.twitch.tv tcp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 chase.com udp
US 159.53.224.21:443 chase.com tcp
US 8.8.8.8:53 static.twitchcdn.net udp
GB 18.172.95.181:443 static.twitchcdn.net tcp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 dtj58.veve.com udp
US 35.209.117.75:443 dtj58.veve.com tcp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 96.16.109.182:443 widgets.outbrain.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 167.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.170.232.199.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 181.95.172.18.in-addr.arpa udp
US 8.8.8.8:53 21.224.53.159.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.chase.com udp
US 35.209.117.75:443 dtj58.veve.com tcp
US 8.8.8.8:53 office.com udp
GB 23.48.165.141:443 www.chase.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 13.107.6.156:443 office.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 75.117.209.35.in-addr.arpa udp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 tcheck.outbrainimg.com udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
GB 92.123.26.49:443 res.cdn.office.net tcp
US 8.8.8.8:53 craigslist.org udp
US 208.82.237.129:443 craigslist.org tcp
GB 23.44.233.179:443 tcheck.outbrainimg.com tcp
US 8.8.8.8:53 static.hotjar.com udp
GB 18.165.160.73:443 static.hotjar.com tcp
US 8.8.8.8:53 static-02.veve.com udp
US 8.8.8.8:53 imptrk.siteplug.com udp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
US 8.8.8.8:53 www.craigslist.org udp
US 208.82.237.225:443 www.craigslist.org tcp
US 8.8.8.8:53 geo.craigslist.org udp
US 208.82.237.225:443 geo.craigslist.org tcp
US 8.8.8.8:53 london.craigslist.org udp
US 8.8.8.8:53 log.outbrainimg.com udp
US 8.8.8.8:53 49.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 179.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 129.237.82.208.in-addr.arpa udp
US 8.8.8.8:53 73.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 70.42.32.127:443 log.outbrainimg.com tcp
US 8.8.8.8:53 173.99.96.34.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 225.237.82.208.in-addr.arpa udp
GB 23.48.165.141:80 www.chase.com tcp
US 8.8.8.8:53 cnn.com udp
US 151.101.195.5:443 cnn.com tcp
US 8.8.8.8:53 www.cnn.com udp
US 151.101.3.5:443 www.cnn.com tcp
US 208.82.237.242:443 london.craigslist.org tcp
US 8.8.8.8:53 edition.cnn.com udp
US 151.101.195.5:443 edition.cnn.com tcp
US 8.8.8.8:53 5.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 127.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 5.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 242.237.82.208.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 208.82.237.242:80 london.craigslist.org tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 espn.com udp
GB 54.230.10.79:443 espn.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 www.espn.com udp
US 52.84.150.51:443 www.espn.com tcp
GB 54.230.10.10:443 script.hotjar.com tcp
US 52.33.19.142:443 api.keen.io tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 51.150.84.52.in-addr.arpa udp
US 8.8.8.8:53 79.10.230.54.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 static01.nyt.com udp
US 8.8.8.8:53 media-cldnry.s-nbcnews.com udp
US 8.8.8.8:53 ca-times.brightspotcdn.com udp
US 151.101.1.164:443 static01.nyt.com tcp
US 151.101.1.164:443 static01.nyt.com tcp
US 151.101.1.164:443 static01.nyt.com tcp
GB 23.213.249.37:443 media-cldnry.s-nbcnews.com tcp
US 8.8.8.8:53 ichef.bbci.co.uk udp
GB 23.213.16.139:443 ichef.bbci.co.uk tcp
GB 13.224.81.87:443 ca-times.brightspotcdn.com tcp
US 8.8.8.8:53 a.espncdn.com udp
GB 88.221.135.114:443 a.espncdn.com tcp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:443 microsoft.com tcp
US 151.101.195.5:80 edition.cnn.com tcp
US 8.8.8.8:53 static.cdninstagram.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 164.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 37.249.213.23.in-addr.arpa udp
US 8.8.8.8:53 87.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 139.16.213.23.in-addr.arpa udp
US 8.8.8.8:53 imgur.com udp
GB 163.70.147.63:443 static.cdninstagram.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 imdb.com udp
US 8.8.8.8:53 114.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 52.94.228.167:443 imdb.com tcp
US 199.232.192.193:443 imgur.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 s.imgur.com udp
US 8.8.8.8:53 dropbox.com udp
US 162.125.248.18:443 dropbox.com tcp
GB 146.75.72.193:443 s.imgur.com tcp
US 8.8.8.8:53 paypal.com udp
US 8.8.8.8:53 www.imdb.com udp
US 64.4.250.36:443 paypal.com tcp
GB 13.224.77.205:443 www.imdb.com tcp
US 8.8.8.8:53 www.dropbox.com udp
NL 162.125.65.18:443 www.dropbox.com tcp
US 8.8.8.8:53 63.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 167.228.94.52.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.248.125.162.in-addr.arpa udp
US 8.8.8.8:53 193.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 36.250.4.64.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 salesforce.com udp
US 23.1.106.133:443 salesforce.com tcp
US 8.8.8.8:53 205.77.224.13.in-addr.arpa udp
US 8.8.8.8:53 18.65.125.162.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 cfl.dropboxstatic.com udp
US 104.16.99.29:443 cfl.dropboxstatic.com tcp
US 8.8.8.8:53 apple.com udp
US 17.253.144.10:443 apple.com tcp
US 8.8.8.8:53 www.salesforce.com udp
GB 23.48.165.163:443 www.salesforce.com tcp
GB 173.222.12.246:443 www.apple.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
GB 23.48.165.163:80 www.salesforce.com tcp
US 8.8.8.8:53 tmall.com udp
US 151.101.1.16:443 m.media-amazon.com tcp
US 8.8.8.8:53 nytimes.com udp
US 17.253.144.10:443 apple.com tcp
US 8.8.8.8:53 zillow.com udp
US 151.101.1.164:443 nytimes.com tcp
CN 59.82.122.115:443 tmall.com tcp
GB 3.162.20.129:443 zillow.com tcp
US 8.8.8.8:53 133.106.1.23.in-addr.arpa udp
US 8.8.8.8:53 10.144.253.17.in-addr.arpa udp
US 8.8.8.8:53 163.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 29.99.16.104.in-addr.arpa udp
US 8.8.8.8:53 10.144.253.17.in-addr.arpa tcp
US 8.8.8.8:53 www.nytimes.com udp
US 151.101.1.164:443 www.nytimes.com tcp
US 8.8.8.8:53 www.zillow.com udp
GB 18.165.160.93:443 www.zillow.com tcp
US 17.253.144.10:443 apple.com tcp
US 8.8.8.8:53 pinterest.com udp
US 151.101.0.84:443 pinterest.com tcp
US 151.101.1.164:80 www.nytimes.com tcp
US 8.8.8.8:53 yelp.com udp
FR 199.232.168.116:443 yelp.com tcp
US 151.101.1.164:443 www.nytimes.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 www.pinterest.com udp
US 8.8.8.8:53 246.12.222.173.in-addr.arpa udp
US 8.8.8.8:53 129.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 93.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 84.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 116.168.232.199.in-addr.arpa udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 stackoverflow.com udp
GB 18.165.160.93:443 www.zillow.com tcp
US 151.101.0.84:443 www.pinterest.com tcp
US 104.18.32.7:443 stackoverflow.com tcp
US 8.8.8.8:53 www.yelp.com udp
US 151.101.0.116:443 www.yelp.com tcp
US 8.8.8.8:53 cdn.sstatic.net udp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 8.8.8.8:53 wellsfargo.com udp
GB 2.18.66.105:443 wellsfargo.com tcp
US 8.8.8.8:53 www.yelp.co.uk udp
GB 54.230.10.49:443 www.yelp.co.uk tcp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 www.wellsfargo.com udp
GB 23.48.165.148:443 www.wellsfargo.com tcp
GB 173.222.8.231:443 s.pinimg.com tcp
US 8.8.8.8:53 adobe.com udp
GB 88.221.135.203:443 adobe.com tcp
US 8.8.8.8:53 www.adobe.com udp
GB 104.77.160.218:443 www.adobe.com tcp

Files

memory/2492-0-0x0000000000400000-0x00000000004D5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp

MD5 88ffdd539295ce538607c207878b836d
SHA1 b1a78fbe8361d570ff518c54c5359d300fddd26b
SHA256 14bfaa7e41455a8399facef7985a3fcc9bcf1a4b3a45d3868046fb2021102209
SHA512 ae77a2a6a78fde1ee44c3c02395a3bcd45454f23902e8478bcab4874b98e35de8b1f4e6c63af394fb0de9115e7b885861378f8d53d5f12979e90896479078250

C:\Users\Admin\AppData\Local\Temp\is-AL1PK.tmp\OneLaunch.tmp

MD5 0b9576225c51e0824fbe7cccbbdab246
SHA1 a2d25b49dcdfd7e0fa49abef17fafed6283f459c
SHA256 4a8e2122a75c6781c8185f41ca7bcc7c67d11fbb105185cbd7967a46dbb0af47
SHA512 ad5a6b14081398a95f0bb475c1f5184612883c92e376a5ea91b0befea3bb702a03a5563178706517aa86d02ebb858e74677452f419f54552ce9d9f984fee2c53

memory/2520-6-0x00000000027F0000-0x00000000027F1000-memory.dmp

memory/2492-13-0x0000000000400000-0x00000000004D5000-memory.dmp

memory/2520-14-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/2520-130-0x0000000000400000-0x00000000006F7000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 f667a626a098417e5eca04175c434f66
SHA1 5c4679dcd75410488498bd506106dfbe715fbd56
SHA256 edde879098fdd4b23f067448c2ce0a26d0ada6a4ea85ca09b36ca325ba7bcc0a
SHA512 c8ca468348958415623d349f73b886dc9154858c228766cb4aafb9d9c57f36d0bfa7c4a81752e01338a937cc91dff0c2adf085fbea3234e20ff1e512ab83b7d1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 4af047c6d2188eac547afa70b4c6d17a
SHA1 34ac618ce77d4bd2de6cb3e7bdeb0591f9d709a4
SHA256 7f07e79ddfe6905d2c64fe0c7f51832f5627432f1f0b0a36b5f585771af04fc6
SHA512 351f3c36017f3f26a0c763747a9d48a0248fde80fbbce5e5f104b2877d9701b7b1205ae095e51cf1d9025c3ee8674737658e3c1bf85dbb987a7a24b4fbdc1705

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 709476442e9568166e49cef53235a2e4
SHA1 53265f201a3697b17e801e1c820651095a267db8
SHA256 72a6c23cb04a1bdcbce91cdc54c8b8742878af7921e25aa957d2091b634696da
SHA512 aa635aad37fb015525b00f6694257680cc2712af4f2ae63861a8d70016c9a46bc3e270efda399a348e591cdb0631c5495b6111b6ef7226cf8fd85addda9c7760

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe.config

MD5 761446eb4b3d29fb10ae49ae714c2177
SHA1 00c69e4031bcabc49a0a5efc897e512af0a19057
SHA256 f3beaf444f20c186f0c45ed596f39c53f0e68e82c4ced107926da792024eb7b7
SHA512 9ea948008899d71cb205bfcdd9dc6135b269e7b8681b012c581301af16d46ba2d60c91bd92072f4d2f699b534791fc2605ebffbbbbabe9f5e61e8d731d816b4a

memory/2520-286-0x00000000027F0000-0x00000000027F1000-memory.dmp

memory/884-287-0x0000000071DF0000-0x00000000725A0000-memory.dmp

memory/884-288-0x0000000000370000-0x0000000000A96000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\log4net.dll

MD5 27fe8d18682fd9901e589e65ef429b23
SHA1 6426e96243911beab547f2bc98a252a26692f11f
SHA256 896ab9cac41e3977792ba2034ea8730610c2779fa51bab6bed426094ea8d3ecd
SHA512 9d6bc8c77c72cbad15e808281818c2768f1b44aa6ea1d54a979c91218b8fbf2a02fee49fa97db6cfa6087ddc363d6cdd6407e4494934b4568c514437030a2615

memory/884-292-0x00000000052E0000-0x0000000005326000-memory.dmp

memory/884-294-0x0000000005850000-0x0000000005860000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\common.dll

MD5 75de057a323cbfbbef32fd395f37406c
SHA1 a29340c171511ced458e51ef7a2b7f06648a9770
SHA256 6291cc3dd5d4139bee3ea192365ede894e40a825ad63bcdda4993ea0397d83d9
SHA512 28241e1cb3ca98b02dc3629a7bba5da27a06f3463c9b1721cbdcd41b40fbed35d3a5e0fa9a20d82e57b65498af72e3e432729093a1edc475d6811ef6039a3d51

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\Newtonsoft.Json.dll

MD5 4df6c8781e70c3a4912b5be796e6d337
SHA1 cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA256 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

memory/884-302-0x0000000005860000-0x000000000590A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\Newtonsoft.Json.dll

MD5 13808f3d0f411ba41ff1a7c640abdf19
SHA1 0df5ab8d858415953d3e25137d37000e5e4608e8
SHA256 86613133e48626911e66fff80fa96d7b11614ef15660de51de7369720a643311
SHA512 7c3ca6714d545943cfe12eeb6e67a7ca4464a483a1f61746a600030ab35ff312125173bf0b15625e27a19309f8cf84f1420d6fc2c844a465e7449dd0aeaa78fe

memory/884-298-0x0000000005700000-0x000000000573A000-memory.dmp

memory/884-303-0x0000000005770000-0x0000000005792000-memory.dmp

memory/884-304-0x0000000005910000-0x0000000005C64000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\ServiceWire.dll

MD5 29d24184898935f66edf93fa03b16d59
SHA1 3f14c0f57d001bdf64719226a2b6e53462778d89
SHA256 da711ab7ab39da60446b13378667ec86f4375585e9a1fc98acea25efd311fd69
SHA512 4422c43e9e6793dec4acf7511c5a599cb65bd6c29a7e0f855e9b88bcdd81a59d413c20160ef5b538d10f400b3a207e6f19ced827fd7f40b66f41f9cc210377b2

memory/884-308-0x00000000057D0000-0x00000000057EC000-memory.dmp

memory/2520-309-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/884-310-0x0000000005850000-0x0000000005860000-memory.dmp

memory/884-311-0x0000000008570000-0x0000000008B14000-memory.dmp

memory/884-315-0x0000000071DF0000-0x00000000725A0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 b313fb3a7c7bd28ea3e1ac5d446ca7ce
SHA1 f8fc55de638ca1a55e573cf075cb9d30325dd962
SHA256 573b24507efded41f7a7de011ebbbd0864c939953cd9f5ec6d491651b53b99e3
SHA512 45bd7f9282e2afa4332e367ae4926cf8c7990fe5f0d8569881d96d080d806bb460cf19c637fffeb831e3a556c9ffa580c43c7b2431d2cf58743d06eda761f957

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\onelaunch.exe.log

MD5 f9f866c0d5dc1ed17d7cbca87f60e559
SHA1 ee82302b988eea9b1c8eed7394e6608d9078425f
SHA256 f9edbb70594629399d65ab3df69c1d29da7cd304694a0e0d075596250f5b11ca
SHA512 3a63ffe7c57896b1b3710308f7ea9c0af273b2ed8fcab8e9951770da60dbbeda4303e6b6b307e90ecc98e18187c24de18c5fa7618f99a08dffceaff2ea5ad578

memory/4040-319-0x0000000071DF0000-0x00000000725A0000-memory.dmp

memory/4040-322-0x0000000006280000-0x0000000006290000-memory.dmp

memory/4040-329-0x0000000006280000-0x0000000006290000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\app.log

MD5 df3267c64f5c9b8e83b1e95b75694076
SHA1 9b6ec9cd276d48876118c32d924f887ec04e366d
SHA256 9cf559b9db63082bd64c1b7a50ba02836341c69719a5b62c8fac043b958489b6
SHA512 b53dfe83e1719abd17c405eab37d379266fd918dfb426e8a874a37a841b1efa25e5073f66b3b612f744adb8908bbd8773bc06cb38c261d99f6c912bd5426f503

C:\Users\Admin\AppData\Local\OneLaunch\app.settings

MD5 1dd6f3d5ac2fb692515f35913126f205
SHA1 64626c7298f911bf068cd8dc011600962085d212
SHA256 91add5011a4d99d62c26f7eb25f89b3d27f13688e9a12572588331e7f8ad659f
SHA512 71b672145ad4d84010ebfe14865a046bc230b28023461ae8cd479ce28596fe1b9e77ff46a332fd8472e119092f2b643fce026b47683c240db39daab68267d600

memory/4040-333-0x0000000008DA0000-0x0000000008E32000-memory.dmp

memory/4040-336-0x0000000009AC0000-0x0000000009FEC000-memory.dmp

memory/2520-335-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/4040-337-0x0000000008F90000-0x0000000008F98000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\Flurl.dll

MD5 88d6cef2bd73709f7f35d6cdb63c6b52
SHA1 9ec6e0b10922101af0135d40f2a5fcbb798002a4
SHA256 17714b55721d04c35ebb4898afd9e267e3cb04b25beb8bda9a460c52587955f5
SHA512 c187f53222988c23f45946cfce5e18d32c5ac3af22e65097aafcef0f3ddbc83f3c0acb02a90cf16c5241a0dda5162674ee7bd2627e1da38c13fff22bdf8febf8

memory/4040-341-0x00000000095F0000-0x0000000009600000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 66b06be0d364cf89940c76ca00940d6a
SHA1 0fc6be1503628627ea098a31856d83f0b08e6dad
SHA256 462513c07b3f80d520b60c8c1990e4f09c3a322303da0a2ccf90db8581fd1695
SHA512 5e13737afc5670506684ff3c45f8e765404f581b47df4c860ce0d95d10556a529fbef7dd7979ac1535dfd0fd8e169fb630c291993f4dbd81b49d20b593114d58

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 4d6f6eb35ca09d07971177236fb92dc7
SHA1 371715e4f039d8a6076e6582dd019fce44723a41
SHA256 fce1c2db28fc195d7a22708af34adc4ce29d3965b0657b291ee6fa89809dc1fa
SHA512 35318a39b3b4c900c748abcdedee5db850a0a92511896d4617aed773a5d7499bda1f4debfcc8f9c45f82ff2c5c5ab9b906dacd8e6aea77c55d0b232e69f1051e

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_elf.dll

MD5 c556a1edc566ab8b6fbcc18ce40dc562
SHA1 1be600b0eb3dc47f552398a41b60b5cd80d536cb
SHA256 f73d41a6439732a44c30896eb8d98b0dee898e0f824e29437277e1459132042a
SHA512 2e9440108fc9f0c6307810f9c6f82c272a3f4683a92d4112bf71741d41f01b4778c19f0a6c3da33496d1aa5ef328f48951ee9b38de773f51ee2d87ec19670961

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_elf.dll

MD5 c0bc92ee4fe09ab1ee4e32094c0b5580
SHA1 d19a853e8aecab51bf43ea6df2928db58bf95223
SHA256 e29e85e2351bac70694849561c27294c8e9f132a68d786526283878a5329616a
SHA512 8792b62118c74ea7704653bcd5a5e862db98f706faa1e8918fa2dbb824a57733692ef48710ab841ca299e0f9628f53a03842606468f4138f6f05cd13e54f499f

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chromium.exe

MD5 23b09273adcc17d5d37097f4d87c9120
SHA1 f3640c77946e4677d24b0fc1b4622f8204b7b66c
SHA256 0d2347f4fea567bd53396653b26d9ee2af326e46c9742634672e4b75e4436d6e
SHA512 8b9aac0687a06310b5b89f1e3f2d9741c8098f85f8eb37558bdc8e99002d8fb0a967e5bb4173ffa1999bcb5285498ba366efc70f525ed02c425e2e78d2ee5be7

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\System.Windows.Interactivity.dll

MD5 3ab57a33a6e3a1476695d5a6e856c06a
SHA1 dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA256 4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA512 58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

memory/4040-354-0x000000000A100000-0x000000000A110000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad\settings.dat

MD5 d4fed4c279080e3f82e90063c97cb6bb
SHA1 99eff69da14586ad7397437137d11f1d5d68471c
SHA256 3d85835fcd194ab1af534082a4dbbefb67150a44f78ba418f921840cc8014475
SHA512 486f3ec9f593d193fb34ec1c9ac9c217c2b216b7fc9624b1ceb20fe1b00e887ce7f68ef47c0e979d18f9bb3b47ee304abeb075b806a72c33a4ef4d31a242f830

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_elf.dll

MD5 fab0c8807ee23a14b419838b2cd32ae2
SHA1 03b89cb2df7cca40588c0a365aaefe23019846f3
SHA256 b8773952910df516e425ed9b6dff1cc1f539c9a60aaf31bbb318d904ffc0eec3
SHA512 9ae91756918538600901220421b1a7ccc9d772155a5cd7f7a5fec46ccc24cfbf5f321afd2baca17023180b84c309d6e01654b8f7fba33791957620bad049c670

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome.dll

MD5 455a7d93ec9e552abc245515175b871b
SHA1 3eb178707019c83d8656069bd38708e9a3442f6a
SHA256 298613c90eb01698d0b61d22a2190ec5e837ba3ab757a8f6855f97ad5b9b309f
SHA512 d8a01f2d8ecaf8cda6bac5bc253a15068541909179f3993b8feaf26bc5231cd67e2b94714bca8fcdafab9c92c406799e778a707b5e98ce1131079b95cc4e8f72

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\HtmlAgilityPack.dll

MD5 bc2675fb52dc52725e1ca9bb04793bf8
SHA1 ca701dfbbab2cdbf2071c48df854bc6ff8a9cc4e
SHA256 f5363ef2f4cced7cac8c4d8f3ac3f32ac4a6b8d477f53114ab032273476ec275
SHA512 96e4df0293af58e5c2d0595097cd2473bbbfb17a1dda2faba8ec25860ea9a6a969b38a282a8f5b3c89cdf073501e6278a7977b2db3901869f9368dcbffd03028

memory/4040-361-0x000000000A2C0000-0x000000000A2EE000-memory.dmp

memory/4040-365-0x000000000A290000-0x000000000A2AC000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\Microsoft.Expression.Interactions.dll

MD5 6a3b9e46c41e42e7b8e1479468d892af
SHA1 e31c05ae685e51d07808b1dd24ceced9d299ed81
SHA256 f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38
SHA512 d6416204875ce732edac51e36f267c9cca52f60ba79cd981b388988e435bd1cce87f972a9e90be4fd9a7fd25cb316293f938f45fb645f25a4f62b980a37236b7

memory/2520-369-0x0000000000400000-0x00000000006F7000-memory.dmp

memory/2492-370-0x0000000000400000-0x00000000004D5000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome.dll

MD5 76349dd9731026daa811c5a7107ad4a7
SHA1 ebff9e6cbcdece7ba967a4f471d44129ef399ad4
SHA256 4e71dce0642cfa5787d214bde4eb62a74a0d7eea1c693ee7dc4e1575d8b459c7
SHA512 9e8a6a1854dde90e925587ba810ddc15bca6d3b11ff77c795fa0bc83262da44fb0c7075e7a402db2e741c2b36fda38e78abeb138c7c4ffb0b3941aedc0a36c0c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\icudtl.dat

MD5 ff63e5c90e423bdaa3ad49edf4107a58
SHA1 036fe59a959da12227e8d293492eedb72e4020f0
SHA256 9199aea75897406adf4bb5d7def5a93c9ca9be53e592a056729287ecc6cdc805
SHA512 87fde7272109db0d77392f794390d1c7af677863b255dba9fc07696c21957b15220915c4a0858148b2c7118a28cf21982000173a0cc523f9716f85e8790636e5

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\v8_context_snapshot.bin

MD5 72d83b9c1dbc165e61ca7464e7d160c9
SHA1 d226eb1460bc847c95a5b0e66b6ba736efa9e66f
SHA256 6076b7cd42ff579a12a9de2983967ff6116ffd4d677e6dd4da5f6cc791f50979
SHA512 68f0155f49d53d9a5487ae375183fcfb76d8260e3eeac57006e1d84d510d668af1c6621a42f6c810c83c5853c605d7112ab2faf60d71804d7f93640e62ff976c

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_200_percent.pak

MD5 a2a6cab2fd388416fdfd7b32ca214fdc
SHA1 90ecbdea1ee41e4420265c369fb3c681cc6cc2d9
SHA256 4f6deb5351a533950826a410da9983b64128146d574c70e77984a5e02e3d1d97
SHA512 97f22a77956c1072013cb3a415cfeb853d0cb465a3deafc5ed91762cca9823fe44918c78f4787455f7627d4c6784cdd2b15e8b604f30bbb12e4f6a5cca79a1d1

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\resources.pak

MD5 07142caa1fc13d8a6e08fdaf7d841129
SHA1 4a7d6173fdc6cdb3664afb24fa93bd2cd1be2039
SHA256 be81acd2874aab979322bc0b68c00e655395c6ef3686f6e939fef2932d08e70f
SHA512 d42c04c4451165e0584f62889256a0ea6c015ae271521340be0b896a5f5c53ab916542f31805b694b7ce75aeee2a01adb2e65b894703b04f4728e9cfb4c1ae17

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\locales\en-US.pak

MD5 b3924fb2e689ffe11594384672628f0b
SHA1 fa145922ef4e289be503faf7009150b86b0412da
SHA256 b4168b4845454a371bda70fe437d31ee3f31789e3e086240d9fa445ee85132e3
SHA512 c299c1ccf4b6c13e6375dda0aa6d912238301c657358227bbac36e0b246248d7261e16bf7a3ebd7b00b249f87c36b760366d61a810b9606fd7bfef6d23bcd5fb

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\chrome_100_percent.pak

MD5 97b7f0e052e8795a0e9df07258e953f0
SHA1 b2cf0636d19b1d7bc41d9e7ed56262811fe4d9c5
SHA256 b0b174d7f870bf33a7d63c4edff217bb6e3f4c87bc414b90eb153a1f9de70251
SHA512 6be33b9904557fe9795f6ea8f4cb7f0c0ef793de72f03b78cbc82583ccb0dfa6d997e1398d1ed171ea14839de3cd02c2a31f69d42fe7be2390c5a245feb573d8

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunch.exe

MD5 03b4701b4e7f9340238def3a344d599f
SHA1 af900d06fe7305face7ff13d3b1ebe52715e3be0
SHA256 45acbd4b7f1b6a82c1fb2d17708ea20c302f543ed6aa1e497487263c2c71eab4
SHA512 03aa1b22b9f80dc83cda5c6c87b561294ef26dfc96695536a88c3cd9bbbec57ab6fb769cf7115285352acd3565ee190218a7c1d6430836e2e6988563d9fc5f27

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe

MD5 56f81eaf213f7e5c2dfe8571145188ea
SHA1 6348c663597c8f40c7ebcc18d5f888dbd54d9418
SHA256 77094808c020ef301762c9a065d5724782049b6531835d662423ae82f832470a
SHA512 38fe41c2e15ef30e464e37c9c201f34aa020833d61d3a16ba7d9e997f6753718414d82f0e02ec3f721835a72eeeb9c10befb53e8ac4e1baacad7e8c709f2c6ed

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\common.pdb

MD5 7ee0d18d534c342cfce2a88e58840a45
SHA1 dcfa316061190b4e9602265aa629131cbc37761e
SHA256 45a8091081d5b901c3a35991991ecaef411970e2d915b5d0e01aa52afcbe9ad9
SHA512 6d0f5d399a46f0d62d8d81191b61f5e77693a28f727473780f4684b97759f0d374492b8a9967fd5da36629cc22b8bed4234ed45cca6be15c1b09948c13d43ab0

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\chromium\master_preferences

MD5 1145e5f59ecbb095fb6b2c589c45e824
SHA1 f867d306e1d59a477b6221b2cb4a37a18a71cdd9
SHA256 6717cf4c3142666873a050c9e6578977e874aeb5553d6aa4a653a9a9a2cd7ad0
SHA512 4968fe6874f5d410a3e8faf3ea4a8c0bdb0e07472698dc1a98a94414abcb960e01440e1e04b8636a69fd3907e71ad3967309c3f6428fed1a3e845c1c08f974f3

memory/3996-385-0x0000000071DF0000-0x00000000725A0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe

MD5 0699f7e53ea49b5601e54dfc0527c7d4
SHA1 8f9dcf4e108c989846f4d4ac28866aa0873095fc
SHA256 86e0a1aeebe94107e3caf6456896b9a7ed29fcd7954bdc6ccd9224e96a6af449
SHA512 de040f47e534df13624091421cbb03e6a02c31eb1bcfbe2255f238c7a8a4fc495374190ab892c8ab5a2d3395e1a416b344aba397689ca6733d92f229a522a267

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\onelaunchtray.exe.config

MD5 6891a2d698345e77d9d035ee5d255da0
SHA1 40ab9b88d3348b885860540d5d92bd9be0b19733
SHA256 16ad36e32a44c7f1e3216af5d92899668cc3d0def71dfa4f9ac54baca5f91fc0
SHA512 5f2b597c32b9f030ca4cb99a6bfaafae804c5e896e826cbb7eb01ad34ee671451ebebe10abc969b7f06eebc2938de02505a5480f3384f7059d44c01c915ffc28

memory/1236-388-0x0000000000B50000-0x0000000000B70000-memory.dmp

memory/1236-389-0x0000000071DF0000-0x00000000725A0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\4.92.0\log4net.dll

MD5 43fa4985a52dfcbd02bcbb40ef2279c5
SHA1 6e650433eabbea8daaf1cabaa2ab3f45be7b192a
SHA256 677d85ae30b89299207e08612b3b1ae7fb97df4a1bc344dd5a41b63d47495b72
SHA512 97c1e7dcfd7ef0021d49772e59ac50a4b19508aa7b007fedb219fcb12a9ca71e85d9be8d1dc5987afac19f516db2b69dbdb8d1355a731ab821567891864f996d

memory/4040-393-0x0000000006280000-0x0000000006290000-memory.dmp

memory/1236-394-0x00000000059E0000-0x00000000059F0000-memory.dmp

memory/3996-395-0x0000000006360000-0x0000000006370000-memory.dmp

memory/4040-396-0x000000000BFF0000-0x000000000BFF8000-memory.dmp

memory/1236-398-0x0000000005A10000-0x0000000005A22000-memory.dmp

memory/4040-397-0x000000000C010000-0x000000000C018000-memory.dmp

memory/1236-414-0x0000000005DC0000-0x0000000005DC8000-memory.dmp

memory/4040-429-0x0000000005820000-0x0000000005858000-memory.dmp

memory/4040-433-0x0000000005800000-0x000000000580E000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 0592174d40f9f5de66084d827a4fbcf4
SHA1 6de815bb127084d0394072e1c551a152a12ab143
SHA256 f6cc8b3779a6b4449fa8ba388ce63a5b299ba0022999f4c149f1afef2ecc8387
SHA512 216990f3d3e295eb9492043bd69840265ecc63575353864838a53914eba0ba0045023aae0efb8bf09e909643a1e072673f846c9726b00108b648dba1b7411a82

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences~RFe5886cf.TMP

MD5 6d9da01f21e7e5eea4ea8d921118e250
SHA1 63781c10a5cbbc942ed5626337f384cb8e567e32
SHA256 7f7e55a375310e7fcf5a35664f36263f15e4eb4ad55a68b332dc4e86ce4af002
SHA512 69ba715f845bd3a1528d9572794820b43ecbdaa1a192b429540823c4103dd6f0a8d3f22cd4883ed15b7beca907d78f512d51dda5b698b5b63f0af6fb7069e4b8

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\e73a0f7a-330b-4ae7-a93d-647d71ba1d37.tmp

MD5 f61394ec7fa707e36214d21d1bb4edfc
SHA1 5f1fb30eff554f2bb80337fee3e75aed7f56a9be
SHA256 76b60cb58fd8f5610a5426b09414d46fbe62337e65379b839ca7ed98f600a6db
SHA512 c8ab927b25113367d400f4dc14061f76d1f8de0bcf0fcee1a6078d56f177fbb772c25f7ef14fd6d14a9c2049adbc8a47c7e38c6f2c0c152bfeb542ed51f6dc1b

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 af5fc2b57943c79639f99b7793e7fa8a
SHA1 91bac7a3121314e0ade094d67f72b8407696992c
SHA256 57c627da00c40e306d535c0c4d5ae94776f55299edf956d7fbd2884ded2fc3db
SHA512 04097ac8d3901bb6a34c0b50f0be254b48ea45fcee20be5e935406c5e8041c3368e91212378f6040d78a8b33958d1041a9eecda2d7f596f5860d388a8e4cf056

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

MD5 c959aa400f988f2b458c30ee2e722b52
SHA1 e639ed5046013f47a893695da2a26ff73b6e7004
SHA256 ce2ed5cf56d7901f3e787f6f3f127f01b84083dbc007fdce0c977d659c4333b7
SHA512 914be6d2c2f1ad6de2f6a1a251189dfe053776b5e38f6b276dd7fc32bfb85ee362042ec56ae421ed85ca3cd334a74b4d034fcdf352391f612c34e885fbb2a1ec

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences~RFe58b1d6.TMP

MD5 337ad4eae0e4548e43df59373a189781
SHA1 393fb56f95a3d98c47fefbd6c652f0555a180d34
SHA256 e5d38be7eb0ce6690ee2da61de16bfc37e5abb474ff61401fe29fa2510125263
SHA512 6ef3c1a2a5798519e0a81a085b7e88ddacd63fa4234e6190db41991fb660178e1a941939b65f4ff4c69791e14d1fa8e136299e920f88a5828756d35947d66d1f

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\scoped_dir4520_1102797794\59bf4108-bf69-4192-bd3d-7fbef38e37c0.tmp

MD5 034ce0c40d7bcefb3e6b5bdf3480bce7
SHA1 3b19e399d7b2cbd4f3b8a7dd17d8b4a3af839e53
SHA256 93def3fa90190d2434bd74843575f4cccb634ba8481dfba5520815e01cf2325f
SHA512 9304cc186fee44ea84759530be33da9f45d702878823fc5c64e15bb39fa28c3be0a942593e9e43bdf2af9376bb2fa7717b942aa494dbc345a6e00c3362b21061

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\f_00000f

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 3aae8ba32b7c495beb4c4a8100e8890f
SHA1 666eda2705ad2cd3a52128b96970f9f62b9c2a18
SHA256 d77efec827a554f2a3ffa277c1fe401564cde25bc82bcb851d47a154e97677fb
SHA512 8e313f8807c5dbf09a11e5ae7251e1221967b43b66a4662dd31666e1899488975ce7b56d1b9d59243cd1dd8dd77f8fa88d25005aef2c9ff2ce5461d9fade98b9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State~RFe58d8a8.TMP

MD5 1aa9c54bd140b4fd733728fe22566f05
SHA1 19b2f63e7596ab482d98ba75ecb7328b1b58ea91
SHA256 700d9cd498c9bf8900b7c258502ca42148e1ec9f918e4f7dae6090052511ecfe
SHA512 fe3a57978568d1437d646842e706b2a09bcc9e62978bec206789fbdbc844f401eadae8e820b6b3f785187102c70cf9ae7cdcea6c9480b2d8f617b03c157a0071

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir4520_1952742000\CRX_INSTALL\_metadata\computed_hashes.json

MD5 4066370eb78c1cc107c91245a38c1f67
SHA1 10b0b6f5f4610af7983aadcbcc7de824f2d2cccf
SHA256 5dd7b6d2da79ab24939b7292183c4f86c05a588f25e662b0e8f6db1127accecb
SHA512 a23b6b4810c599122e99a355be4bdfc6d86ccc639806b653d59b9bac5fa432dfdbce1339f47fc3b5bcc5b6e7880cbafbee1ab1f0865c35de1f59014c58c5a7cd

C:\Users\Admin\AppData\Local\Temp\scoped_dir4520_1102797794\CRX_INSTALL\manifest.json

MD5 dbf6f89cdf3ee6dc4e0b6fdab030b71b
SHA1 82765ec030a152ffbc7851bfe1437f7f8ccda67d
SHA256 d4af5fec9580dae80a846362354028b6021cddc0a80d5e335a4eadc5ae2fa2dc
SHA512 b419f95ae0abf536bb5fb28fb9753f75271b00e25d07a4db7e6fcd12e163eed4ecfa0f8d08e00c57abff7f2c02577e994a682e420e020acea952ec3ae70835d0

C:\Users\Admin\AppData\Local\Temp\scoped_dir4520_1102797794\CRX_INSTALL\bookmark.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir4520_1102797794\CRX_INSTALL\background.js

MD5 5e054a8fe477486662d086cab2809926
SHA1 5c02539a4beb402999b16da6b6e3a95ce8ce5d3c
SHA256 cc46b2e1d063b038718d693d09f10d7f054aab1f7948636e71b2fb8cf1940355
SHA512 b7387d516dccf6712dd8eb202e6c91c1df6538d800a5cbc057ffab8190a65e22cbd63f30d14c2da3f4e60b48c0e433df7ceb29e7f48c9c3437d7f5666aec9c84

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 7a700e06db2c2f4d843ead002d0379bd
SHA1 d1b3347cd2edcee1e86c0eb847483e32308c860b
SHA256 603db87228ab78f41a9a7e8a3ed760036903e3beabef0cb45124d24c716849b5
SHA512 30fda4430874f7bcf75a9c622c4762fa9b033ae17d2fa04ee521299551e98c51c067a43c07e13af7036e797f88195dc59c22d56c2ca6046b6ab5a7b55e929d47

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

MD5 fbd7dbd035ef163849e52b91480bae90
SHA1 f6f5880e42fc8e3de8fa0633e004d56bab520fda
SHA256 ac65e5636538e28187d0dead31a05da9720e8293ba0d39fa9cfc4ecf09b3946a
SHA512 5551a0f213b9a76a35751c5521afae2a5a239c3a03f90a52f8cded7e0c2d919d5305e80d954fc05178c2a09e761f9a139121c577cf549974a6230a58226a5824

memory/4040-916-0x0000000071DF0000-0x00000000725A0000-memory.dmp

memory/4040-932-0x0000000006280000-0x0000000006290000-memory.dmp