Malware Analysis Report

2024-11-16 15:45

Sample ID 240221-v3eqpacb9w
Target https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE was found to be: Likely malicious.

Malicious Activity Summary


Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Script User-Agent

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-21 17:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-21 17:30

Reported

2024-02-21 17:33

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-JL6EC.tmp\OneLaunch - Easy PDF_y7htx.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-5REOP.tmp\OneLaunch - Easy PDF_y7htx.tmp N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2000 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 1276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 1276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2000 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93f39758,0x7ffb93f39768,0x7ffb93f39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5472 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=744 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1964 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x518 0x51c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5512 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:8

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe

"C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe"

C:\Users\Admin\AppData\Local\Temp\is-JL6EC.tmp\OneLaunch - Easy PDF_y7htx.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JL6EC.tmp\OneLaunch - Easy PDF_y7htx.tmp" /SL5="$A0062,2484167,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe"

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe

"C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiIwYWUwMmNkZC1mMGE3LTQ4ZjgtYTc0ZS0wNGFiN2Y5YzU5ZmEiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM2NzQyLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzEwX2VuaGFuY2VkX3NlYXJjaF9hc3Npc3QiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wNl9yb3VuZGVkX3NlYXJjaGJhciI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1876,i,15714073280080449200,10929382912153844316,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\is-5REOP.tmp\OneLaunch - Easy PDF_y7htx.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5REOP.tmp\OneLaunch - Easy PDF_y7htx.tmp" /SL5="$F0228,2484167,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiIwYWUwMmNkZC1mMGE3LTQ4ZjgtYTc0ZS0wNGFiN2Y5YzU5ZmEiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM2NzQyLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzEwX2VuaGFuY2VkX3NlYXJjaF9hc3Npc3QiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wNl9yb3VuZGVkX3NlYXJjaGJhciI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_y7htx.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_y7htx.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiIwYWUwMmNkZC1mMGE3LTQ4ZjgtYTc0ZS0wNGFiN2Y5YzU5ZmEiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM2NzQyLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzEwX2VuaGFuY2VkX3NlYXJjaF9hc3Npc3QiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wNl9yb3VuZGVkX3NlYXJjaGJhciI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

C:\Users\Admin\AppData\Local\Temp\is-5K17I.tmp\OneLaunch Setup_y7htx.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5K17I.tmp\OneLaunch Setup_y7htx.tmp" /SL5="$20246,104692097,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_y7htx.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiIwYWUwMmNkZC1mMGE3LTQ4ZjgtYTc0ZS0wNGFiN2Y5YzU5ZmEiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM2NzQyLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzEwX2VuaGFuY2VkX3NlYXJjaF9hc3Npc3QiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wNl9yb3VuZGVkX3NlYXJjaGJhciI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 geteasypdf.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 172.67.210.87:443 geteasypdf.com tcp
US 172.67.210.87:443 geteasypdf.com tcp
US 172.67.210.87:443 geteasypdf.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 87.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 172.67.210.87:443 geteasypdf.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.16.56.101:443 cloudflareinsights.com tcp
US 104.16.56.101:443 cloudflareinsights.com tcp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 6dbdxxya.apicdn.sanity.io udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io tcp
US 8.8.8.8:53 197.211.102.34.in-addr.arpa udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io udp
US 8.8.8.8:53 api.keen.io udp
US 8.8.8.8:53 cdn.sanity.io udp
US 35.163.208.158:443 api.keen.io tcp
US 35.190.70.79:443 cdn.sanity.io tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 79.70.190.35.in-addr.arpa udp
US 8.8.8.8:53 158.208.163.35.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 53.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 attribution.onelaunch.com udp
CZ 65.9.95.58:443 attribution.onelaunch.com tcp
US 8.8.8.8:53 58.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 224.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 api.keen.io udp
US 35.163.208.158:443 api.keen.io tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 8.8.8.8:53 release-cdn.onelaunch.com udp
US 104.26.12.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 224.12.26.104.in-addr.arpa udp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.keen.io udp
US 54.186.176.79:443 api.keen.io tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 79.176.186.54.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

\??\pipe\crashpad_2000_VLVJIAYVPJSCCWVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 50c65475726820d63e28e57b19a3c46f
SHA1 3e16f663501463218d6024c49d0ba5c96b7a8463
SHA256 c40377ac18ed2d8c11812326ef046e389880ae4a9f4cd172e0853860804d859d
SHA512 c47866a4f2530ceecd89be47ba956ebb0ba87086fe628b870531e84a237a656245df0748652f16725c2a640e328297dab96e25384e641a663b10b20e599cf1de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44bbc408087e1e2ca43e80967279b36a
SHA1 e8e15a5099366b08226533c7ae22fedd4c9ec37c
SHA256 2d0dc8114acf2d8d560147758a59ab4e3ae0efffd15061db8ed88b659fb6ed8a
SHA512 61d5bca9355c4d751cd6db32df7e7f092c1d6288eec1269e7d95c742c8174782ff8de709c9cb71d3bfd63d6cc1b35f5720afce1527435206fa8b125d9491a6cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0ff567c059166f244d030877e510914a
SHA1 def6538536fe721e4d2075738e80a00b572ea2f8
SHA256 61573b2acbb35f2dee65248186ac5bafcd6071b783b51bbfb7140d680861644e
SHA512 ac8b7b193ebf11b8291297aa6946db8cd812e77691bbcae9e8cba36704e684158c08bb7988634bc926d32910512e311a074753fb7c5636c3b58b542d3e7428ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffc684c254943440ae3e5fb0e72f80ed
SHA1 d1a205176138361adb27e7f28e7d32ec346ead66
SHA256 0e5e6cf05f8a6225bddd2c1e0c3dbf763a7eb624c2bc1b008bb7f35ccbfe3c30
SHA512 ed1c3bb9ccdf66f17784b70e2dbfa3b447d6a9d316eb31951b15802eb5246c1402fbf54ad119df9de7ebf546f555633352ae58697e1668254d10ab3e9111e1f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb87086ef500813226bb6f9516a9c38f
SHA1 122d96add23e326d611c42e49514b7668029da1d
SHA256 d5a7b81f8ba0ff88b0123291fcee1f0910f5832492ec4c470ea180b5259113b3
SHA512 3b3284693181e5e737b7604013af8ef1fb8809aac7f69958c242dec817965661be487bcd73fd68fd0181ed8747a0594e01cc504199b7da50547a51e4a84cdf07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02df7a7fa8ced20f22191274f525e4c6
SHA1 37bb35901f963996f0672acebf9b477e16fc7e96
SHA256 e41e4ec271e7cc2f83aab41e7138b8f58583a700dee830d4834f703c97a602d2
SHA512 60e4a9d47a244367ab073a28f7ee74cd0a1fd5eb55a7d7344d4bc0a067f9dbe52a848d99dd724003a818874d601c8ef1fbfdeb9461e810f89164ad67693c1778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a530e91b23449f4a465a82caf6e15ee2
SHA1 f2e0f3e369eea86f127313afd70a8f3c1c4b0e78
SHA256 54e55324167e81c129478acb5cf282bd10357dd209756822f4246ce79b162bfd
SHA512 4b452a7d06fbd2b7668c50b5d10f96f0c08aea8682bf81870516c422ed5623fed38c8283dccb44fe41b9c71f5c835f89d0cd75f13917dee991a90bd65f572fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584987.TMP

MD5 1a68ff94ca85b871015515de6cf76482
SHA1 726b3935e2e50e72ae1ec3f69b9f3ba1ec50615d
SHA256 fee553ca343ef7b976e1c3b0c50c354b51da1979cfa100514e4e9978ccf6ded9
SHA512 a347bcf8a60c41c4e74a66c7d21fde3c67ed31bd4d55b9b002b01c42b50ed24f2a15a0baed0d83d9ee309ae7e4717d6877e2d14a8ce3cfe87347d7fc1db446fc

C:\Users\Admin\Downloads\Unconfirmed 286012.crdownload

MD5 6a05cd2d9491ef255c709724b782b476
SHA1 6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6
SHA256 b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8
SHA512 e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5375d1cc4bedfe71f9dc65f24d931a2a
SHA1 90675a2a1187a17df61ed5c2546a009eb7d3680e
SHA256 7074e32603cabb24707c1536e371fd9c7c2215aea211d42e732de9dd3500fad1
SHA512 2be7557546bffd4d6f4ecc400f705a2637b546a670eda5f1bd2c937c159b2a9d08f09f38cb080eae62249f78261fd5316872f1cc788c436e0d57362451432aad

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe

MD5 804ec9104241e4e1733eff382867f883
SHA1 6e5f97ceb39f622945e2909cd1de2ef9dec25ed2
SHA256 01d6be203797223a76d43d6f2527fd5c453534260d231c8616006def7ddc16ae
SHA512 7a0748323485f2478d6bb5d026496f372385e5f40f72db1e7ed2f601139987c7242c9c4a396eefbb559b9d27214787269070a9cd54cd4436d374ab883a30de05

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_y7htx.exe

MD5 27686899089989115662223b8e080feb
SHA1 8ac9b0ed1198630e273b826d35bf7141e47e5b69
SHA256 79a21f88d7de1d8b08dae09784b6ced007680fb0a1a78486b8cf53e596adcd89
SHA512 f2c8a507f36be97a63660e2f9b91a5a7b865d69081caad1ff443dae1bb6d050a83742c0b4bffaa17706bea4e1f9da43f1ca5878e2d5ba29b527520746d740d73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7fd727c2d37e9ae80293810c623a02dc
SHA1 812c6d6a01c834f1b7bf4a42d2dae0e04f51f7ff
SHA256 5e324364b60566debf043d248c2ace1e826e4f0516b7a0de76571ab4a4c8658f
SHA512 abab0b10d59ee5d7ea9ef9cdb9ceaec9f702b284359f88db1e73296743ef42e907e19370c204760a38cae9ed0118a39de2aa08644742289ac7e78bb5b523df9b

memory/1472-196-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-JL6EC.tmp\OneLaunch - Easy PDF_y7htx.tmp

MD5 0859be57626d393b36096262e1881e8f
SHA1 f06debaa544dba35f45bba0e2542189d53e6da9b
SHA256 c406decc37ad9cc8a96b73a0526016d19235367a420a1f82b8d8d3f76fe0c4f1
SHA512 fa16bfb5958917e562e7c8f5152001eeed2b4de093fb3852e86bbc84bf60b0cca8746f2950e15ed0d4e1751c713db50726de2bf91a6260d8506ea7ea31f88800

memory/4192-202-0x0000000000820000-0x0000000000821000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-APJTL.tmp\Win32Library.dll

MD5 f8c19389f44e9216600ba7bbd5355d3d
SHA1 79c78b77de6d9690bf3329833355cb9d30d449bf
SHA256 fb1109a29b39702440daef0cc92db50063b1cb7f5cde93ba10bcb49bef5d3cf7
SHA512 527ea720bed7e5c756b2c08c21c62ce300807ac21249f0106512481909c12bf1a49e9670c9c964d69d0a08e2a8c1fa040deada05a073b17ed12e0e685ae46dcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9a33f6f8a36cfbda4682e78cb2f20fa4
SHA1 da54e81276f7e28f4e6a7bcea25ece78480180f8
SHA256 b8827633638a3ec4a35a5aaa579713924470a054bc94bb51eeddd792fbdac03c
SHA512 a5451699f8259fa4b68c098c5dcb09540e2952ea3513c7d2325717b60e24be939294e213dedbffdb8b9b9b95970bf88aab102dafb0ecf5199e2467a214f5cdcd

memory/1472-232-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/4192-233-0x0000000000400000-0x000000000070A000-memory.dmp

memory/4192-239-0x0000000003660000-0x0000000003670000-memory.dmp

memory/4192-243-0x0000000008FB0000-0x0000000008FC4000-memory.dmp

memory/4192-244-0x00000000742F0000-0x0000000074304000-memory.dmp

memory/4192-245-0x00000000735C0000-0x0000000073D70000-memory.dmp

memory/4192-246-0x0000000008FD0000-0x0000000009062000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-APJTL.tmp\onelaunch.png

MD5 d3110fb775ee7fd24426503d67840c25
SHA1 54f649c8bf3af2ad3a4d92cd8b1397bad1a49a75
SHA256 f8392390dc81756e79ec5f359dbdcac3b4bd219b5188a429b814fc51aabb6e36
SHA512 f6b79f728be17c9060edb2df2dac2b0f59a4dffd8c416e7e957bc3fa4696f4237e5969647309f5425a6297f189e351e20c99c642f90d1476050285929657c32f

C:\Users\Admin\AppData\Local\Temp\is-APJTL.tmp\pdf.png

MD5 485cd5451b6a5e12380aa2e181abf046
SHA1 e1fe4637b2568aa8b26057ba6e653c0d37c8abc8
SHA256 1d227c280d121311a0c7ec32acf8da0ffb34090da2c4c1e47cca701cd8b32c47
SHA512 3dd90236103a52b112bfe4b90ba1bf985fec0d23f70f21ee7b2d677a0f29e929266fb1f2abb37e06a0029448f08e0feb5d4f8612115a7e81b05de0a5875a85f3

memory/4192-268-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-269-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-270-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-271-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-272-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-273-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4192-284-0x0000000000400000-0x000000000070A000-memory.dmp

memory/4192-285-0x0000000000820000-0x0000000000821000-memory.dmp

memory/4192-288-0x00000000037F0000-0x0000000003930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 e768e11661392c83133dcbab6a850dd8
SHA1 fd16ccb3df5a77b627d20754cf7bcbaa7b73241c
SHA256 ddaaec94d0b2dcc1d601dfe3aa354cd36916c26ca81f347a90bfa4b9bd8cdea2
SHA512 77c62467f244eeffef23046cf520a2d3ef11b5316e61e85d2266ae9d217df6dd24fb83f0f8c254fb693d4dc0fc65bd2dcf6ed9b3cca4a8480c75ddbaba863192

memory/4192-294-0x0000000000400000-0x000000000070A000-memory.dmp

memory/4192-295-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4348-298-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5REOP.tmp\OneLaunch - Easy PDF_y7htx.tmp

MD5 29c7c5d758358fdf12343177dd4d0bc1
SHA1 345414ddda9637e528ecb923af69cd4e651f1d0e
SHA256 ae60d20ccdc6385332af8b3a5568f0d0907c75c263803a8c8a345ac3410b3ff5
SHA512 7f2c113db28aaafce9e3e7a202d71dc0429ed511b42ee94b9e80ae664275be0fce41a80d6ffd8d333f0943f696858a76899d87f7ca9d91bc6bad2db5b4e28876

memory/3288-311-0x00000000009E0000-0x00000000009E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 46686797e408f2d6045e081034fef147
SHA1 3006317400ee0d5bca602c8a22dcac1daed7ab66
SHA256 3ce6b699d6e1bf697b56289fbe2564a53666b4742d9e2bfffe841e4b233d75c2
SHA512 dec90e861b19dce4b4e6caa5a5f4f6e1ec3742735baaa55d65ed88a189e387761e4be6cbbbf4e5b81403594a85475543e4efa2b6a8df26f141a42203605e9d5e

memory/4192-321-0x0000000000400000-0x000000000070A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_y7htx.exe

MD5 2626d80494ca9df390fd60f2a9168138
SHA1 8d92ff264659ba638aa8078864155f18a39cbf0d
SHA256 7b3838b766bbb3dc5b6fced5e0c381905e6d3ffa6817e413475c48b2f9bbde7d
SHA512 fe66d1fcbb2e21e77077af780a8a90214501668c6b7b790015d8266c8a252478ebd09e3528c5697962418f6330c658c86200ff68398758642b4fafcc9f0d763c

memory/2352-323-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/4348-325-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3288-326-0x0000000000400000-0x000000000070A000-memory.dmp

memory/4192-327-0x0000000003660000-0x0000000003670000-memory.dmp

memory/2352-328-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5K17I.tmp\OneLaunch Setup_y7htx.tmp

MD5 f248f132c4ecb30df87c74463ac18e0c
SHA1 1e55b7c2c7b18f908df6422268c7f79a720eb046
SHA256 ee59c8d03d3600ab0d883ae62d03a550550f6749c7a070f1eeb780eb1673632a
SHA512 f34713f264a759ea03d00899f0742cbb613dd2b1483c5ee18869b18b4ee780fbe2351a8661046916ed2207da91bfa921ee7e9b85884d3f5e4b6e4200135a4d57

memory/2352-344-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/4192-345-0x00000000735C0000-0x0000000073D70000-memory.dmp

memory/4764-346-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/4192-349-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4764-351-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/4764-352-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/4192-353-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/4764-354-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/4764-364-0x0000000006EF0000-0x0000000006F04000-memory.dmp

memory/4764-367-0x0000000003630000-0x0000000003640000-memory.dmp

memory/4764-366-0x000000006FC80000-0x000000006FC94000-memory.dmp

memory/4764-372-0x00000000735C0000-0x0000000073D70000-memory.dmp

memory/4192-374-0x00000000037F0000-0x0000000003930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RTCRT.tmp\min-rest.bmp

MD5 2484489c7443ec4745488a77ed084d80
SHA1 fcf49d1be8bbbae3d0dea49bb5e677fb19d98d9d
SHA256 70b6921812f29b698f454927802db818c1625402baefd53ced1bfb9135c17d5a
SHA512 a4776969b6bf215a85e7cfbc8f13dbb1beb4ef42eb5abfa572bb7f54c0032941c8bb178e7b77eda0c442741c29fccb02d8de157068dd31203bfed4e49ce051a5

C:\Users\Admin\AppData\Local\Temp\is-RTCRT.tmp\min-10-light.png

MD5 2257b1d0d33a41f509e7c3e117819f8b
SHA1 87583bfbc655aec4e8cc4465b341c3f7889a6317
SHA256 d43e4b285b5b54313b53e87d2a56ca9ba0c85f8f55c9c5fdcdb4fac815ff4d02
SHA512 702d1a126a0a7a64af5cee9450daeed74364aa9e9f123e1bc398ecd4215c082e7f55e43dd292a4119749e84999b015109bff8b11732df11143d202b385411cc5

C:\Users\Admin\AppData\Local\Temp\is-RTCRT.tmp\checkmark-10-light.png

MD5 a4d4dc66a41d9c3b54a2ed3ee8d4b3df
SHA1 e91a5e7a6690c14c6f799e2433beb2f6388c4df6
SHA256 46e9c171e2115cd43e5d05f6a5f6015b27bda065fbab939916fee2fd5c06d5a4
SHA512 99d5425aa653b93d0b6065020f88c095c39d982fb20a0ed0078418e8e862a104b4f0392791c79d2df86410a0ba5ba60e644852943a9fc602f7eaf82fecaaefd4