Malware Analysis Report

2024-11-16 15:45

Sample ID 240221-wa41jsch62
Target https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE
Tags
google discovery persistence phishing spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE was found to be: Likely malicious.

Malicious Activity Summary

google discovery persistence phishing spyware stealer

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Registers COM server for autorun

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand google.

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Script User-Agent

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-21 17:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-21 17:44

Reported

2024-02-21 17:47

Platform

win10v2004-20240221-en

Max time kernel

192s

Max time network

193s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-7GT07.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7GT07.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_pm5kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7GT07.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe /startedFrom=registry" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\ChromiumStartupProxy.exe" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchUpdater = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\OneLaunchUpdaterProxy.exe" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\ChromiumStartupProxy.exe" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchUpdater = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exeUpdaterProxy" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A dropbox.com N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A dropbox.com N/A N/A
N/A dropbox.com N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A

Detected potential entity reuse from brand google.

phishing google

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4616_1188382275\manifest.json C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
File created C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4616_1188382275\LICENSE C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
File created C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4616_1188382275\_metadata\verified_contents.json C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
File created C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4616_1188382275\manifest.fingerprint C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
File created C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4616_1188382275\sets.json C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Shell C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Shell\open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\AppId = "{41dbafb1-26cc-a64e-6fd4-36024342151e}" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Shell\open C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application\ApplicationCompany = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\RunAs = "Interactive User" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\Has7.0.1Fix = "1" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\DisplayName = "OneLaunch" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\wbappbar C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application\ApplicationName = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Application\AppUserModelId = "OneLaunchHTML" C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\Shell\open\Command C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\OneLaunchHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\\Icon.png" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\IconBackgroundColor = "FFDDDDDD" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\CustomActivator = "{41dbafb1-26cc-a64e-6fd4-36024342151e}" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2760 wrote to memory of 4600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://geteasypdf.com/pdf/lp5?main=headline3&lower=headline3&utm_source=oh-gdn&utm_medium=153500824274&utm_campaign=17428010086&utm_term=npiprofile.com&utm_content=689508795359&gclid=EAIaIQobChMIsojp3ve8hAMVCqcAAB0pAgFCEAEYASAAEgJ85vD_BwE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9526e9758,0x7ff9526e9768,0x7ff9526e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x514

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:8

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe

"C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe"

C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp

"C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp" /SL5="$C0212,2484167,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe"

C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe

"C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiI2ZmYzNzEzNy0xMGJkLTRkMmItOTJjNS05OWYzOWM3ZDkzM2EiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM3NTAxLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18xMF9lbmhhbmNlZF9zZWFyY2hfYXNzaXN0IjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-7GT07.tmp\OneLaunch - Easy PDF_pm5kl.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7GT07.tmp\OneLaunch - Easy PDF_pm5kl.tmp" /SL5="$70202,2484167,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_pm5kl.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiI2ZmYzNzEzNy0xMGJkLTRkMmItOTJjNS05OWYzOWM3ZDkzM2EiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM3NTAxLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18xMF9lbmhhbmNlZF9zZWFyY2hfYXNzaXN0IjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_pm5kl.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_pm5kl.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiI2ZmYzNzEzNy0xMGJkLTRkMmItOTJjNS05OWYzOWM3ZDkzM2EiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM3NTAxLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18xMF9lbmhhbmNlZF9zZWFyY2hfYXNzaXN0IjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp

"C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp" /SL5="$10252,104692097,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_pm5kl.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiI2ZmYzNzEzNy0xMGJkLTRkMmItOTJjNS05OWYzOWM3ZDkzM2EiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM3NTAxLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYSIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18xMF9lbmhhbmNlZF9zZWFyY2hfYXNzaXN0IjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im chromium.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "OneLaunchLaunchTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "ChromiumLaunchTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "OneLaunchUpdateTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn ChromiumLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchUpdateTask /f

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" /l /startedFrom=installer

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --start-maximized --tab-trigger=Launch

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x6f5d2d80,0x6f5d2d90,0x6f5d2d9c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0xae6660,0xae6670,0xae667c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe"

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2380 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3024 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --mojo-platform-channel-handle=2984 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3404 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3520 -ip 3520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 2184

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3712 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --instant-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3904 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3520 -ip 3520

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" "https://geteasypdf.com/thanks/?data=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1MzUwMDgyNDI3NCIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJjaHJvbWUiLCJ1dG1fdGVybSI6Im5waXByb2ZpbGUuY29tIiwiZ2NsaWQiOiJFQUlhSVFvYkNoTUlzb2pwM3ZlOGhBTVZDcWNBQUIwcEFnRkNFQUVZQVNBQUVnSjg1dkRfQndFIiwiZGlzdGluY3RfaWQiOiI2ZmYzNzEzNy0xMGJkLTRkMmItOTJjNS05OWYzOWM3ZDkzM2EiLCJscF91cmwiOiJodHRwczovL2dldGVhc3lwZGYuY29tL3BkZi9scDUiLCJ3aGl0ZWxhYmVsIjoiZWFzeXBkZiIsImxwYyI6MCwidXRtX3NvdXJjZSI6Im9oLWdkbiIsInV0bV9jb250ZW50IjoiNjg5NTA4Nzk1MzU5IiwiaW5zdGFsbF90aW1lIjoxNzA4NTM3NTAxLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiY2hyb21pdW0iLCJzcGxpdCI6ImEiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImIiLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoidmFyaWF0aW9uIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yOF8xMV9udHBfZGlzdHJpYnV0aW9uIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzA2X3JvdW5kZWRfc2VhcmNoYmFyIjoidmFyaWF0aW9uIn0="

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9526e9758,0x7ff9526e9768,0x7ff9526e9778

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4476 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5060 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5388 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 2184

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4760 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5384 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5768 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5900 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6028 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6168 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5904 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5200 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5396 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6408 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5872 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 --field-trial-handle=1796,i,12133853555319833755,9390733796248705857,131072 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5052 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" https://wbd_ol.ampxdirect.com/amazon?sub1=default&sub2=amazon --tab-trigger=app

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x15c,0x160,0x164,0x138,0x168,0x6f5d2d80,0x6f5d2d90,0x6f5d2d9c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1760,i,2396561744595652505,12494502558270741781,262144 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5280 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --mojo-platform-channel-handle=1984 --field-trial-handle=1760,i,2396561744595652505,12494502558270741781,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5072 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5428 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6520 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" https://www.sodapdf.com/services/web/pdf-converter/?uid=1018533&wid=7135&ref=sodapdf.com/online&cmp=ol&key1=PdfConverter --tab-trigger=app

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x15c,0x160,0x164,0x138,0x168,0x6f5d2d80,0x6f5d2d90,0x6f5d2d9c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x1c8,0x1ac,0x1cc,0x1c4,0x174,0xae6660,0xae6670,0xae667c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6660 --field-trial-handle=2384,i,7937487816179824244,3884699709356178582,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1984 --field-trial-handle=1988,i,11778269641760450339,9703589902731673537,262144 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --mojo-platform-channel-handle=2020 --field-trial-handle=1988,i,11778269641760450339,9703589902731673537,262144 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 geteasypdf.com udp
US 172.67.210.87:443 geteasypdf.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 172.67.210.87:443 geteasypdf.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 87.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 104.16.56.101:443 cloudflareinsights.com tcp
US 8.8.8.8:53 6dbdxxya.apicdn.sanity.io udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io tcp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io udp
US 8.8.8.8:53 api.keen.io udp
US 8.8.8.8:53 cdn.sanity.io udp
US 35.190.70.79:443 cdn.sanity.io tcp
US 35.163.208.158:443 api.keen.io tcp
US 35.163.208.158:443 api.keen.io tcp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 197.211.102.34.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 79.70.190.35.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bat.bing.com udp
GB 142.250.178.4:443 www.google.com udp
US 204.79.197.200:443 bat.bing.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.208.163.35.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 53.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 172.67.210.87:443 geteasypdf.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 attribution.onelaunch.com udp
CZ 65.9.95.58:443 attribution.onelaunch.com tcp
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 58.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 api.keen.io udp
US 35.163.208.158:443 api.keen.io tcp
US 8.8.8.8:53 224.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 api.mixpanel.com udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 8.8.8.8:53 release-cdn.onelaunch.com udp
US 104.26.12.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 224.12.26.104.in-addr.arpa udp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 199.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 api.keen.io udp
US 35.163.208.158:443 api.keen.io tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
GB 142.250.200.14:80 clients2.google.com tcp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 onenews.com udp
US 8.8.8.8:53 onenews.com udp
US 104.22.0.81:443 onenews.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 static.slickdealscdn.com udp
US 104.18.23.62:443 static.slickdealscdn.com tcp
US 8.8.8.8:53 62.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 chrmxtnsnhdnnlnch.onelaunch.com udp
US 8.8.8.8:53 chrmxtnsnhdnnlnch.onelaunch.com udp
US 104.26.12.224:443 chrmxtnsnhdnnlnch.onelaunch.com tcp
NL 173.194.79.84:443 accounts.google.com tcp
US 172.67.210.87:443 geteasypdf.com udp
US 8.8.8.8:53 84.79.194.173.in-addr.arpa udp
US 8.8.8.8:53 extensions-cdn.onelaunch.com udp
US 8.8.8.8:53 extensions-cdn.onelaunch.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 6dbdxxya.apicdn.sanity.io udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io tcp
US 8.8.8.8:53 api.keen.io udp
US 54.186.176.79:443 api.keen.io tcp
US 35.190.70.79:443 cdn.sanity.io udp
US 8.8.8.8:53 79.176.186.54.in-addr.arpa udp
US 54.186.176.79:443 api.keen.io tcp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 107.178.240.159:443 api.mixpanel.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 api-ext.slickdeals.net udp
US 8.8.8.8:53 api-ext.slickdeals.net udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.accuweather.com udp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
GB 104.91.71.19:80 api.accuweather.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 slickdeals.net udp
US 8.8.8.8:53 slickdeals.net udp
GB 142.250.187.238:443 youtube.com tcp
US 104.17.125.18:443 slickdeals.net tcp
US 107.178.240.159:443 api.mixpanel.com tcp
US 54.186.176.79:443 api.keen.io tcp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
US 54.186.176.79:443 api.keen.io tcp
GB 104.91.71.19:443 api.accuweather.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 54.186.176.79:443 api.keen.io tcp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
GB 216.58.201.106:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 19.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.125.17.104.in-addr.arpa udp
US 8.8.8.8:53 101.50.182.199.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
US 8.8.8.8:53 olntptiles.tiles.ampfeed.com udp
US 8.8.8.8:53 olntptiles.tiles.ampfeed.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 104.84.93.117:443 olntptiles.tiles.ampfeed.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.93.84.104.in-addr.arpa udp
US 107.178.240.159:443 api.mixpanel.com tcp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 35.186.241.51:443 api-js.mixpanel.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 static.hotjar.com udp
CZ 65.9.95.121:443 static.hotjar.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.187.238:443 www.youtube.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 51.241.186.35.in-addr.arpa udp
US 8.8.8.8:53 121.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
CZ 65.9.95.27:443 script.hotjar.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 27.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 reddit.com udp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 140.129.101.151.in-addr.arpa udp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 8.8.8.8:53 www.reddit.com udp
US 151.101.1.140:443 www.reddit.com tcp
US 151.101.129.140:443 www.reddit.com tcp
US 151.101.129.140:443 www.reddit.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 151.101.129.140:443 www.reddit.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 t2.gstatic.com udp
GB 142.250.187.228:443 t2.gstatic.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 t3.gstatic.com udp
GB 142.250.178.4:443 t3.gstatic.com tcp
US 8.8.8.8:53 ebay.com udp
GB 23.48.165.132:443 ebay.com tcp
US 8.8.8.8:53 132.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 www.ebay.com udp
GB 173.222.9.77:443 www.ebay.com tcp
GB 173.222.9.77:80 www.ebay.com tcp
US 8.8.8.8:53 77.9.222.173.in-addr.arpa udp
US 8.8.8.8:53 pages.ebay.com udp
GB 173.222.9.178:80 pages.ebay.com tcp
GB 173.222.9.178:443 pages.ebay.com tcp
US 8.8.8.8:53 178.9.222.173.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 23.48.165.132:443 ebay.com tcp
GB 23.48.165.132:443 ebay.com tcp
GB 23.48.165.132:443 ebay.com tcp
GB 173.222.9.77:443 www.ebay.com tcp
US 8.8.8.8:53 instagram.com udp
GB 163.70.147.174:443 instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
FR 157.240.195.174:443 www.instagram.com tcp
GB 163.70.147.174:443 instagram.com tcp
US 8.8.8.8:53 174.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 174.147.70.163.in-addr.arpa udp
FR 157.240.195.174:443 www.instagram.com tcp
US 8.8.8.8:53 static.cdninstagram.com udp
GB 163.70.147.63:443 static.cdninstagram.com tcp
US 8.8.8.8:53 netflix.com udp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
US 8.8.8.8:53 63.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 149.50.251.3.in-addr.arpa udp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
IE 3.251.50.149:443 netflix.com tcp
US 8.8.8.8:53 t1.gstatic.com udp
GB 142.250.178.4:443 t1.gstatic.com tcp
US 8.8.8.8:53 linkedin.com udp
US 13.107.42.14:443 linkedin.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 wbd_ol.ampxdirect.com udp
US 8.8.8.8:53 wbd_ol.ampxdirect.com udp
US 104.218.72.27:443 wbd_ol.ampxdirect.com tcp
US 104.218.72.27:443 wbd_ol.ampxdirect.com tcp
US 8.8.8.8:53 amazon.com udp
US 8.8.8.8:53 amazon.com udp
US 205.251.242.103:443 amazon.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.amazon.com udp
CZ 65.9.92.45:443 www.amazon.com tcp
US 8.8.8.8:53 27.72.218.104.in-addr.arpa udp
US 8.8.8.8:53 103.242.251.205.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 images-na.ssl-images-amazon.com udp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 completion.amazon.com udp
US 8.8.8.8:53 completion.amazon.com udp
CZ 13.226.89.188:443 images-na.ssl-images-amazon.com tcp
CZ 13.226.89.188:443 images-na.ssl-images-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 8.8.8.8:53 outlook.live.com udp
GB 52.97.208.34:443 outlook.live.com tcp
CZ 13.226.89.188:443 images-na.ssl-images-amazon.com udp
US 8.8.8.8:53 fls-na.amazon.com udp
US 8.8.8.8:53 fls-na.amazon.com udp
US 151.101.1.16:443 m.media-amazon.com udp
US 151.101.1.16:443 m.media-amazon.com udp
CZ 13.226.89.188:443 images-na.ssl-images-amazon.com udp
US 34.231.75.248:443 fls-na.amazon.com tcp
US 8.8.8.8:53 45.92.9.65.in-addr.arpa udp
US 8.8.8.8:53 16.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 188.89.226.13.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 34.208.97.52.in-addr.arpa udp
US 8.8.8.8:53 248.75.231.34.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
CZ 65.9.92.45:443 www.amazon.com udp
US 8.8.8.8:53 twitch.tv udp
US 151.101.2.167:443 twitch.tv tcp
US 8.8.8.8:53 sentry.io udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 www.twitch.tv udp
FR 199.232.170.167:443 www.twitch.tv tcp
US 8.8.8.8:53 167.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 167.170.232.199.in-addr.arpa udp
US 44.215.128.78:443 completion.amazon.com tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 151.101.2.167:443 twitch.tv tcp
US 209.54.180.209:443 unagi-na.amazon.com tcp
US 8.8.8.8:53 chase.com udp
US 159.53.116.62:443 chase.com tcp
US 8.8.8.8:53 unagi.amazon.com udp
US 8.8.8.8:53 unagi.amazon.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 52.94.239.40:443 unagi.amazon.com tcp
US 8.8.8.8:53 78.128.215.44.in-addr.arpa udp
US 8.8.8.8:53 209.180.54.209.in-addr.arpa udp
US 8.8.8.8:53 62.116.53.159.in-addr.arpa udp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 www.chase.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
GB 92.122.54.120:443 www.chase.com tcp
US 159.53.116.62:443 chase.com tcp
US 52.94.239.40:443 unagi.amazon.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 match.360yield.com udp
US 8.8.8.8:53 match.360yield.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 amazon.partners.tremorhub.com udp
US 8.8.8.8:53 amazon.partners.tremorhub.com udp
US 8.8.8.8:53 www.imdb.com udp
US 8.8.8.8:53 www.imdb.com udp
US 8.8.8.8:53 usersync.samplicio.us udp
US 8.8.8.8:53 usersync.samplicio.us udp
DE 37.252.171.21:443 ib.adnxs.com tcp
IE 54.220.80.246:443 match.360yield.com tcp
IE 54.220.80.246:443 match.360yield.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
US 172.64.146.152:443 capi.connatix.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 18.196.24.98:443 usersync.samplicio.us tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
CZ 13.226.89.210:443 www.imdb.com tcp
US 54.146.228.128:443 amazon.partners.tremorhub.com tcp
US 8.8.8.8:53 40.239.94.52.in-addr.arpa udp
US 8.8.8.8:53 120.54.122.92.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 ads.samba.tv udp
US 8.8.8.8:53 ads.samba.tv udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 odr.mookie1.com udp
US 8.8.8.8:53 odr.mookie1.com udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 c1.adform.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 54.92.144.42:443 ads.samba.tv tcp
IE 52.214.81.36:443 dpm.demdex.net tcp
US 34.160.236.64:443 odr.mookie1.com tcp
DK 37.157.4.29:443 c1.adform.net tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 bs.serving-sys.com udp
US 8.8.8.8:53 bs.serving-sys.com udp
US 8.8.8.8:53 cookie-matching.mediarithmics.com udp
US 8.8.8.8:53 cookie-matching.mediarithmics.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
DE 3.121.35.96:443 bs.serving-sys.com tcp
FR 54.36.150.182:443 cookie-matching.mediarithmics.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 159.53.116.62:443 chase.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 crb.kargo.com udp
US 8.8.8.8:53 crb.kargo.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 lm.serving-sys.com udp
US 8.8.8.8:53 lm.serving-sys.com udp
DE 18.159.120.5:443 crb.kargo.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 3.71.140.96:443 lm.serving-sys.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
FR 54.36.150.182:443 cookie-matching.mediarithmics.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 8.8.8.8:53 loadus.exelator.com udp
US 8.8.8.8:53 loadus.exelator.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 lciapi.ninthdecimal.com udp
US 8.8.8.8:53 lciapi.ninthdecimal.com udp
US 8.8.8.8:53 sync-amazon.ads.yieldmo.com udp
US 8.8.8.8:53 sync-amazon.ads.yieldmo.com udp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 159.53.116.62:443 chase.com tcp
US 52.86.206.170:443 lciapi.ninthdecimal.com tcp
IE 54.73.97.67:443 sync-amazon.ads.yieldmo.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.taboola.com udp
US 8.8.8.8:53 sync.taboola.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 34.98.64.218:443 us-u.openx.net tcp
NL 141.226.228.48:443 sync.taboola.com tcp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 aa.agkn.com udp
US 8.8.8.8:53 aa.agkn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.209.97.3:443 aa.agkn.com tcp
US 8.8.8.8:53 tags.bluekai.com udp
US 8.8.8.8:53 tags.bluekai.com udp
US 8.8.8.8:53 t.myvisualiq.net udp
US 8.8.8.8:53 nc.onenews.com udp
GB 2.19.169.14:443 tags.bluekai.com tcp
US 8.8.8.8:53 public-prod-dspcookiematching.dmxleo.com udp
US 8.8.8.8:53 public-prod-dspcookiematching.dmxleo.com udp
US 8.8.8.8:53 246.80.220.54.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 t.myvisualiq.net udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 72.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 98.24.196.18.in-addr.arpa udp
US 8.8.8.8:53 210.89.226.13.in-addr.arpa udp
US 8.8.8.8:53 128.228.146.54.in-addr.arpa udp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 36.81.214.52.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 42.144.92.54.in-addr.arpa udp
US 8.8.8.8:53 96.35.121.3.in-addr.arpa udp
US 8.8.8.8:53 96.140.71.3.in-addr.arpa udp
US 8.8.8.8:53 182.150.36.54.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 67.97.73.54.in-addr.arpa udp
US 8.8.8.8:53 170.206.86.52.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cms.analytics.yahoo.com udp
GB 142.250.200.2:443 cm.g.doubleclick.net udp
US 172.67.14.199:443 nc.onenews.com tcp
US 8.8.8.8:53 t.myvisualiq.net udp
US 8.8.8.8:53 t.myvisualiq.net udp
FR 188.65.124.66:443 public-prod-dspcookiematching.dmxleo.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 sync.rfp.fout.jp udp
US 8.8.8.8:53 sync.rfp.fout.jp udp
US 8.8.8.8:53 beacon.krxd.net udp
US 8.8.8.8:53 beacon.krxd.net udp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
US 35.186.196.148:443 sync.rfp.fout.jp tcp
IE 52.30.87.132:443 beacon.krxd.net tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.sharethrough.com udp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 usermatch.krxd.net udp
US 8.8.8.8:53 usermatch.krxd.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 34.98.64.218:443 us-u.openx.net udp
DE 52.28.114.104:443 match.sharethrough.com tcp
US 18.214.126.143:443 usermatch.krxd.net tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 eb2.3lift.com udp
CZ 65.9.95.111:443 sb.scorecardresearch.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 redirect.prod.experiment.routing.cloudfront.aws.a2z.com udp
US 8.8.8.8:53 redirect.prod.experiment.routing.cloudfront.aws.a2z.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pi.ispot.tv udp
US 8.8.8.8:53 pi.ispot.tv udp
US 3.20.93.84:443 redirect.prod.experiment.routing.cloudfront.aws.a2z.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 172.67.14.199:80 nc.onenews.com tcp
US 151.101.2.132:443 pi.ispot.tv tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 159.53.116.62:443 chase.com tcp
US 8.8.8.8:53 a65170702f72b14f8f7eeccd2388801ae.profile.fra56-p4.cloudfront.net udp
US 8.8.8.8:53 a65170702f72b14f8f7eeccd2388801ae.profile.fra56-p4.cloudfront.net udp
DE 52.222.232.41:443 a65170702f72b14f8f7eeccd2388801ae.profile.fra56-p4.cloudfront.net tcp
GB 92.122.54.120:443 www.chase.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 3.97.209.52.in-addr.arpa udp
US 8.8.8.8:53 14.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 199.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 66.124.65.188.in-addr.arpa udp
US 8.8.8.8:53 150.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 132.87.30.52.in-addr.arpa udp
US 8.8.8.8:53 104.114.28.52.in-addr.arpa udp
US 8.8.8.8:53 148.196.186.35.in-addr.arpa udp
US 8.8.8.8:53 111.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 143.126.214.18.in-addr.arpa udp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 84.93.20.3.in-addr.arpa udp
US 8.8.8.8:53 media-cldnry.s-nbcnews.com udp
GB 23.213.249.37:443 media-cldnry.s-nbcnews.com tcp
US 8.8.8.8:53 media.cnn.com udp
US 151.101.3.5:443 media.cnn.com tcp
GB 92.122.54.120:80 www.chase.com tcp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
US 8.8.8.8:53 41.232.222.52.in-addr.arpa udp
US 8.8.8.8:53 37.249.213.23.in-addr.arpa udp
US 8.8.8.8:53 5.3.101.151.in-addr.arpa udp
GB 172.217.16.229:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.79.84:443 accounts.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 office.com udp
US 13.107.6.156:443 office.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 13.107.6.156:443 www.office.com tcp
US 209.54.180.209:443 unagi-na.amazon.com tcp
US 209.54.180.209:443 unagi-na.amazon.com tcp
US 209.54.180.209:443 unagi-na.amazon.com tcp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 res.cdn.office.net udp
GB 92.123.26.35:443 res.cdn.office.net tcp
US 8.8.8.8:53 craigslist.org udp
US 208.82.237.129:443 craigslist.org tcp
US 8.8.8.8:53 35.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.craigslist.org udp
US 208.82.237.17:443 www.craigslist.org tcp
US 208.82.237.17:443 www.craigslist.org tcp
US 8.8.8.8:53 129.237.82.208.in-addr.arpa udp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 8.8.8.8:53 17.237.82.208.in-addr.arpa udp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 8.8.8.8:53 cnn.com udp
US 151.101.3.5:443 cnn.com tcp
US 8.8.8.8:53 www.cnn.com udp
US 151.101.3.5:443 www.cnn.com tcp
US 8.8.8.8:53 edition.cnn.com udp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 8.8.8.8:53 5.131.101.151.in-addr.arpa udp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.131.5:80 edition.cnn.com tcp
US 8.8.8.8:53 espn.com udp
CZ 65.9.95.61:443 espn.com tcp
US 8.8.8.8:53 www.espn.com udp
US 52.84.150.51:443 www.espn.com tcp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:443 microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 www.sodapdf.com udp
US 8.8.8.8:53 www.sodapdf.com udp
US 104.16.180.79:443 www.sodapdf.com tcp
US 104.16.180.79:443 www.sodapdf.com tcp
US 8.8.8.8:53 61.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 51.150.84.52.in-addr.arpa udp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 79.180.16.104.in-addr.arpa udp
US 8.8.8.8:53 imgur.com udp
US 199.232.196.193:443 imgur.com tcp
US 8.8.8.8:53 jtracking.sodapdf.com udp
US 8.8.8.8:53 jtracking.sodapdf.com udp
US 8.8.8.8:53 track.sodapdf.com udp
US 8.8.8.8:53 track.sodapdf.com udp
US 8.8.8.8:53 qti.avanquest.com udp
US 8.8.8.8:53 qti.avanquest.com udp
US 8.8.8.8:53 jtracking-gate.lulusoft.com udp
US 8.8.8.8:53 jtracking-gate.lulusoft.com udp
US 8.8.8.8:53 cdn.fuseplatform.net udp
US 8.8.8.8:53 cdn.fuseplatform.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.18.6.41:443 qti.avanquest.com tcp
CA 64.15.159.203:443 jtracking-gate.lulusoft.com tcp
GB 104.77.160.197:443 cdn.fuseplatform.net tcp
NL 173.194.79.84:443 accounts.google.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 imdb.com udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 41.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 197.160.77.104.in-addr.arpa udp
US 52.94.225.248:443 imdb.com tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
NL 173.194.79.84:443 accounts.google.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 104.18.6.41:443 qti.avanquest.com tcp
GB 104.77.160.197:443 cdn.fuseplatform.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.imdb.com udp
GB 142.250.178.4:443 www.google.com udp
CZ 13.226.89.210:443 www.imdb.com tcp
US 8.8.8.8:53 gate.upclick.com udp
US 8.8.8.8:53 gate.upclick.com udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
CA 64.18.87.11:443 gate.upclick.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 203.159.15.64.in-addr.arpa udp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 248.225.94.52.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 11.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 29.95.9.65.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 cgate.sodapdf.com udp
US 8.8.8.8:53 cgate.sodapdf.com udp
BE 74.125.206.156:443 stats.g.doubleclick.net tcp
CA 64.18.87.10:443 cgate.sodapdf.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 dropbox.com udp
US 162.125.248.18:443 dropbox.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 162.125.248.18:443 dropbox.com tcp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 10.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 18.248.125.162.in-addr.arpa udp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 cfl.dropboxstatic.com udp
US 104.16.99.29:443 cfl.dropboxstatic.com tcp
US 8.8.8.8:53 paypal.com udp
US 8.8.8.8:53 29.99.16.104.in-addr.arpa udp
US 64.4.250.36:443 paypal.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 64.4.250.36:443 paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 36.250.4.64.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 salesforce.com udp
AU 23.1.35.132:443 salesforce.com tcp
US 8.8.8.8:53 132.35.1.23.in-addr.arpa udp
US 8.8.8.8:53 www.salesforce.com udp
GB 92.122.54.99:443 www.salesforce.com tcp
AU 23.1.35.132:443 salesforce.com tcp
US 8.8.8.8:53 99.54.122.92.in-addr.arpa udp
GB 92.122.54.99:443 www.salesforce.com tcp

Files

\??\pipe\crashpad_2760_KXMDLDFUHJVTVJJI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8dcaccedf4f8f8a99b24dff91deb223b
SHA1 ea200581a2fda70e52db6c1bbe2d50db25ad5fc6
SHA256 49992fca73addcc1388367a51eb193b3fcd790fbad9b13fb42763f78099d7b6c
SHA512 8de0eb1f32c2db95bd66a860be944d7d4ea185be4a021279e5c247570dbf2137260aa62ecdbe0cb56b773e4d89647f7bd094bf72bf94caa0cf0a3844fb2ffc20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91cebe326335f6ac7bc6cb4c97082db6
SHA1 2bcfecde7b231eb72f52b9ed2222caee5c9d9aaf
SHA256 b0f90e1e1c335618e12a6929806250a9e9c9137eff1072db1c1e0da97f217dc3
SHA512 fc27c831855dc6d6da4a60d63e11fa446204f4bdd18220c897217c2752768744b0570389df955ad310da46f67ba47782913229046aabd4078af072beeae2628b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec7240ff51e8d5908aa630811d77c979
SHA1 81319098c4d9b3b02ed920e199bf8fd03a42e524
SHA256 8f7ee67a339794d6a337f2e86199e36085a894f3b4481d7ccdf105ba185250ce
SHA512 361e886dab70eee95158e8443a66ce7e511a494c608f342a2f6473f52bf39f9fb13242f4cce1bd5e05cebefd1c7244172c14ee9bf38bc28cbbbc16d40cf0f85e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f53526df1f390fcdd7ec977d8846746
SHA1 d187eca0720dea3a9fb699d789559f15be0b9873
SHA256 5109fa8871be663b15c8cdd0d9717681142dedc6eeb20630ee4e4961ec7face3
SHA512 03962987c777544828bf33fb2724e94a27f8ab1a64ba4e546481422ebf087ac292d4a278aa19568d134fd966eb5f45eef7d390f99e174eb5e2d161939402727e

C:\Users\Admin\Downloads\Unconfirmed 997713.crdownload

MD5 6a05cd2d9491ef255c709724b782b476
SHA1 6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6
SHA256 b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8
SHA512 e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bae1dabb16d07c46554670eb29e184db
SHA1 d62213bdde07f4e9f0bd917635d0956313b196ad
SHA256 18c4b75a38f349c15bea614ea2ce8aad9a0b1f9686f2365b00aa3a50edcda256
SHA512 84dd036309abf45f41622ba5d6bf963b790d0594e807e5d3ebd5a324b7b74af5087503ebe095a0fcbdc0261800aa43ccc359beb8f314767ebb5b8c1bed9d52b1

memory/2984-159-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/2984-161-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-6OQRM.tmp\OneLaunch - Easy PDF_pm5kl.tmp

MD5 0859be57626d393b36096262e1881e8f
SHA1 f06debaa544dba35f45bba0e2542189d53e6da9b
SHA256 c406decc37ad9cc8a96b73a0526016d19235367a420a1f82b8d8d3f76fe0c4f1
SHA512 fa16bfb5958917e562e7c8f5152001eeed2b4de093fb3852e86bbc84bf60b0cca8746f2950e15ed0d4e1751c713db50726de2bf91a6260d8506ea7ea31f88800

memory/1236-166-0x0000000002800000-0x0000000002801000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-CRI3O.tmp\Win32Library.dll

MD5 f8c19389f44e9216600ba7bbd5355d3d
SHA1 79c78b77de6d9690bf3329833355cb9d30d449bf
SHA256 fb1109a29b39702440daef0cc92db50063b1cb7f5cde93ba10bcb49bef5d3cf7
SHA512 527ea720bed7e5c756b2c08c21c62ce300807ac21249f0106512481909c12bf1a49e9670c9c964d69d0a08e2a8c1fa040deada05a073b17ed12e0e685ae46dcc

memory/1236-181-0x0000000003730000-0x0000000003740000-memory.dmp

memory/1236-185-0x0000000008FC0000-0x0000000008FD4000-memory.dmp

memory/1236-186-0x0000000074110000-0x0000000074124000-memory.dmp

memory/1236-188-0x00000000733E0000-0x0000000073B90000-memory.dmp

memory/1236-187-0x0000000008FE0000-0x0000000009072000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-CRI3O.tmp\onelaunch.png

MD5 d3110fb775ee7fd24426503d67840c25
SHA1 54f649c8bf3af2ad3a4d92cd8b1397bad1a49a75
SHA256 f8392390dc81756e79ec5f359dbdcac3b4bd219b5188a429b814fc51aabb6e36
SHA512 f6b79f728be17c9060edb2df2dac2b0f59a4dffd8c416e7e957bc3fa4696f4237e5969647309f5425a6297f189e351e20c99c642f90d1476050285929657c32f

C:\Users\Admin\AppData\Local\Temp\is-CRI3O.tmp\pdf.png

MD5 485cd5451b6a5e12380aa2e181abf046
SHA1 e1fe4637b2568aa8b26057ba6e653c0d37c8abc8
SHA256 1d227c280d121311a0c7ec32acf8da0ffb34090da2c4c1e47cca701cd8b32c47
SHA512 3dd90236103a52b112bfe4b90ba1bf985fec0d23f70f21ee7b2d677a0f29e929266fb1f2abb37e06a0029448f08e0feb5d4f8612115a7e81b05de0a5875a85f3

memory/1236-212-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-213-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-214-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-215-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-216-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-217-0x00000000037C0000-0x0000000003900000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 881de0eaffb12065158e7871fa9dde35
SHA1 47fa92fb45b1ac56b75a86590081ae8654ab6902
SHA256 ea15bb9b22deb0c3704c2ce64ec360821f5f91656c6ea436de26653fe4e8412a
SHA512 00b60ca4400b742c43ab199e4b501d9a36d2af3c6dc39c88fc13ef8ec095b06eb74313a9ce2b2b795f622aaf7a8ecd174e8fe8c3ef92e32d8d2373513db80abe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f5d.TMP

MD5 a5ff2e09ed8b4ed63aee14116c05bb11
SHA1 fd667eab9e7dc51ca551ba1093efc7e62e81f64d
SHA256 73f5da2562b72fb5482270347b94a544f0db8ac937ef3827142fa7ec42683bf6
SHA512 23b08be8382da5c208e8b28b5c442ce6a2794c530c800fccdfaf3a021e2713b6aa1394655717212b2e7a81b927657464abf880ab5aa186fcf18cf4f8cfb4ecc2

memory/2984-236-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/1236-237-0x0000000000400000-0x000000000070A000-memory.dmp

memory/1236-242-0x00000000037C0000-0x0000000003900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 1c08b352f5297ca54c982c44417ca428
SHA1 e9299de8ddb836ab73fb25ef88d4184a89b555f2
SHA256 978c841da9ea5e4c16521bc0077ce747d64d401fee04478ee5aed4d7019fbc0a
SHA512 35e827393de3c90a67ead9309ee25f773a1aa09e1b100d0238b091e3f027beda5a4e1ae458d8a215b7d4a0149d94cfd6e7076c908d43ccfc50e2ef8ad7461bc8

memory/1236-247-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/3384-250-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/1236-257-0x0000000002800000-0x0000000002801000-memory.dmp

memory/3644-258-0x00000000009E0000-0x00000000009E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 23118f1dd957dd75c8d40ae71c1516b7
SHA1 2caf0aa12207003b39de7c634581db46cc523708
SHA256 77e5e401862860822ba69dc2f1a2a798708ec218d55ff1e07a5c1d2fc08c4d8e
SHA512 df4081213b52c89320c34cd40efa3932cad4d62881e5c90eb59d37b0794eeae53888e6ecad5dcf2bda4cdf038c38e9302dc1080dfe5894073e2cd83494ea69e4

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_pm5kl.exe

MD5 d2472e77fd84fe296d903151090e1d7e
SHA1 93fd3b883ed0735d065dac4bb58c2185a5d27d62
SHA256 1f155136d463607dbd3fc1304b3ee5bf9cb7a5cab5f3bd715decc3083a7c4468
SHA512 963f2f3cd4926e7af981b5020bc58562b3bb086e8629fd63b9d70a3510e44ef3264980753aadde36932eea9595dd51e78af2ec78aabe2649aa023127c1ca6f11

memory/5056-270-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/1236-273-0x0000000000400000-0x000000000070A000-memory.dmp

memory/5056-274-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C61QT.tmp\OneLaunch Setup_pm5kl.tmp

MD5 f248f132c4ecb30df87c74463ac18e0c
SHA1 1e55b7c2c7b18f908df6422268c7f79a720eb046
SHA256 ee59c8d03d3600ab0d883ae62d03a550550f6749c7a070f1eeb780eb1673632a
SHA512 f34713f264a759ea03d00899f0742cbb613dd2b1483c5ee18869b18b4ee780fbe2351a8661046916ed2207da91bfa921ee7e9b85884d3f5e4b6e4200135a4d57

memory/1236-279-0x0000000003730000-0x0000000003740000-memory.dmp

memory/3520-280-0x0000000000B70000-0x0000000000B71000-memory.dmp

memory/1236-290-0x00000000733E0000-0x0000000073B90000-memory.dmp

memory/3384-291-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3644-292-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3520-294-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3520-293-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/1236-295-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/3520-296-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3520-305-0x0000000006DB0000-0x0000000006DC4000-memory.dmp

memory/3520-317-0x000000006FAA0000-0x000000006FAB4000-memory.dmp

memory/5056-318-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\min-10-light.png

MD5 2257b1d0d33a41f509e7c3e117819f8b
SHA1 87583bfbc655aec4e8cc4465b341c3f7889a6317
SHA256 d43e4b285b5b54313b53e87d2a56ca9ba0c85f8f55c9c5fdcdb4fac815ff4d02
SHA512 702d1a126a0a7a64af5cee9450daeed74364aa9e9f123e1bc398ecd4215c082e7f55e43dd292a4119749e84999b015109bff8b11732df11143d202b385411cc5

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\min-rest.bmp

MD5 2484489c7443ec4745488a77ed084d80
SHA1 fcf49d1be8bbbae3d0dea49bb5e677fb19d98d9d
SHA256 70b6921812f29b698f454927802db818c1625402baefd53ced1bfb9135c17d5a
SHA512 a4776969b6bf215a85e7cfbc8f13dbb1beb4ef42eb5abfa572bb7f54c0032941c8bb178e7b77eda0c442741c29fccb02d8de157068dd31203bfed4e49ce051a5

memory/3520-335-0x0000000003540000-0x0000000003550000-memory.dmp

memory/1236-334-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/3520-354-0x00000000733E0000-0x0000000073B90000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab3ffecf07470967a72ed59912b0a958
SHA1 02cb70d25a695f21aa4c181128d46415c26a0658
SHA256 1120866074fb3deb5985064e65f151b1900c549c192fa1090b2abf83bee4f483
SHA512 d7da78423b6f259d728fbd8d95abfece831fd916d3193cc34fdb04e897123d5930b5f387b172ea4aa2daa3dc62e2117f8f84c27af5519ddf470aa62d0b508688

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\checkmark-10-light.png

MD5 a4d4dc66a41d9c3b54a2ed3ee8d4b3df
SHA1 e91a5e7a6690c14c6f799e2433beb2f6388c4df6
SHA256 46e9c171e2115cd43e5d05f6a5f6015b27bda065fbab939916fee2fd5c06d5a4
SHA512 99d5425aa653b93d0b6065020f88c095c39d982fb20a0ed0078418e8e862a104b4f0392791c79d2df86410a0ba5ba60e644852943a9fc602f7eaf82fecaaefd4

memory/1236-388-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/1236-387-0x00000000733E0000-0x0000000073B90000-memory.dmp

memory/2984-389-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3520-390-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3520-392-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3520-394-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3520-393-0x00000000036C0000-0x0000000003800000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\features.json

MD5 f9eff3539962e941e2c8389e7ff3b03f
SHA1 c4fc63586750c6132d2bb99b7b493b84e3beeb6d
SHA256 3c3e85b89969aa3313848bc7944d8e8648ffd95dff755adf9c28bbf10613a3be
SHA512 8b97d5a7a8c1f3653d2b665abf0075858f76031c3a4df20b2f957f31e2daaa9dd6afd94a6e23275947d26357681c07860f021527c1ed2995ea1c8987c637af31

memory/3520-406-0x00000000036C0000-0x0000000003800000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\profile_descriptions.json

MD5 d23e9f5a6bff3160b1ba511ccc6135fa
SHA1 fb8954917f695af80b607c8fca8c16563b0571fa
SHA256 c4d2d5b80624095a2f2acb0db4cb05ddcdfc9e3022567c82d5227ec515ea1e4a
SHA512 1c46992f3f23306e911dcee65d1c6ec073765de3aac3de3a5f9d9ebd55cff908e1036467ba04ab82803442d07c44a23b1615aeceb8f8c120ae1226bde3b0550f

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\profile_headlines.json

MD5 752c01ebe7dfb51ca60fb6161c55b582
SHA1 11303edfb61b10ed5a22d513ed748e7fa154073d
SHA256 18e328f40e5a54ebbb28dd121cf429f2b51603d1a90f26fd52de1abd68e0d6ca
SHA512 67b21cd8f0b2e04dac8f44a351f42127dcbe036ea07468066c54cce927ae29f0d739b4ed2bd09678cca70a36156df92ce7671200a96386e0ebefea9ff128a80d

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\button-10-light.png

MD5 a879852024bf6de33c3bb293704e6fe5
SHA1 8487af86f572f80d18720157906c6b74de2a52a8
SHA256 a45a7bf12d8e17d5b05c81cc3bd5ee5e9299b9b522e4b883ed00808635d99bba
SHA512 34666447f27f4355f991b66e4781738400619a4553415060c2c0dde59198b797999be4f24734ee04fa3c1c6dd3b4eb26ba48c361cd891855b30eed7586d521a7

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\button-cancel-10-light.png

MD5 7631238b127e061a3509d98f83da7487
SHA1 6c7ad20207be9a0fda44092de3772743a594835b
SHA256 160f9a1ac9cdef54357cf709ecff851b84001709baf6c1516b77493597e41e39
SHA512 2e5805c6c85baf164b79b9358def543a4f3c3a9935d614be86e9a1cdb6e3bd3c1a38cf9592bb4b324f668fd9e22e1ed3b4fa36b964fb92c2c27029da2920f243

C:\Users\Admin\AppData\Local\Temp\is-FE6HO.tmp\exit-10-light.png

MD5 2cce6763f61dddb4599cb058d6761c56
SHA1 40bb1a5e735e52791c7c3f0a22ca4a63ec9a3737
SHA256 0fc8e40a3b0e7a516e108dc0f3267dcccb4de04d28a21eb68a45a8ac1bb9df8f
SHA512 bda0d42e1a844b2a9608816b07160ee42e1f4c8705d820cadf5cd5e714b7c9fb0c6e066db04b74d573a1f8f435324d807634648c348d5e456a61cc9dab684fa2

C:\Users\Admin\AppData\Local\OneLaunch\profile.ico

MD5 d3c9b4d1d3878103ff515bf5233395c0
SHA1 2f4c871057b9ef3f364074579afa6c5ef5c006c1
SHA256 85cf400ce5de14535f8bef5097230aa5f10beaec06061848441ec294916a1022
SHA512 0041b024d0b15d0840777e4a187df8f35f3667e60159f41fe76863f47b19cd2e8f38ebd4e9627a17e93f8bbe7407b47c3dda49eff7824a86345faf781df67f09

memory/3520-815-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3520-853-0x0000000000B70000-0x0000000000B71000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\OneLaunch.exe

MD5 1fc926c08c238c4c4db7c4eb2b858c7e
SHA1 32feec3bb3e67ce21e3fc006bb68327d05a784a0
SHA256 2fb77c9768b10bb33357b2f78468ebb44a64a6a114ca56ce4c8473d3bfcf8446
SHA512 f77ac171dbe7f7811cc7d4335b872daa2c53a7e6f458d4389062b4dd0e5279fc42b8ff764fcc39a1337e59aa3a2520a707416b2d4d8a1770042ff08454f74422

memory/3520-1343-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3520-1344-0x00000000036C0000-0x0000000003800000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\OneLaunch.exe

MD5 5ed46637d81ce52effd2036c8e67de67
SHA1 2eeb9932b8d019231734478687d577c98896a1a7
SHA256 819ec76259cb569b80f741e9bc6286fee470caab12b6f96a00f1133a57da0e9f
SHA512 3a793bb37a738baa790c68b8993eb98f2b358b0a7ef4c07dac1887367613b91b2a54a2fda3673f2fb4b146a8a63e0184f8ffdbb08250c0b616935a187e76d692

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe

MD5 b05a9adb75476fdd6b1d6450598a73c0
SHA1 78a67c255bf2556012fb7eed75bf1224220d23f8
SHA256 fd97d0103339a96eeca0533c78d1a8332c81e26d4b6308fd43033ddc56774d05
SHA512 60da9e7ee1c5d62e3de2673170f16d85669bfa34d9348e654d31aea983e7d464c4893e843d134df479b67988481518eee5380d10fb7f57bfa9b85b16b67a2ef7

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe.config

MD5 2722a3de42a1d0ef4089459da2cb3596
SHA1 a3b2a985eff4f694bfb4936fcf8ee8904e3b6917
SHA256 f9d49daf8e030400897c673abe22e7b4d4e38c7411b2aa2dd990de27643c6f21
SHA512 b50f4ac22281092a505d49deea50d50a6ba476f2c78db5d632e4afd8fab7246bac812a166adf5f6fa287c94e325cdf49ffcbd6d8b19bfedf97a716a4f0cfd816

memory/3520-1356-0x0000000003540000-0x0000000003550000-memory.dmp

memory/3520-1357-0x00000000733E0000-0x0000000073B90000-memory.dmp

memory/3992-1358-0x00007FF93FD30000-0x00007FF9407F1000-memory.dmp

memory/3992-1359-0x0000019F64BE0000-0x0000019F65CE8000-memory.dmp

memory/3992-1361-0x0000019F67A00000-0x0000019F67A46000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\log4net.dll

MD5 5c1c94140a2f815f64117dbb63a4477a
SHA1 9a79e9c6325e20e5c10e654908d6fd923a25229b
SHA256 55b2fe686bc8f739ce845d1689fd08cbca20381c8e0d2417185d1a0018d8a938
SHA512 502e77236418afac1d9a15d9840b3b6872440f8a1601706e7a4b0e98a62d0de70c3acd192d53d5c29994d1e088fab07c7e299ab7f6b3232a858cc8782d283084

memory/3992-1362-0x0000019F00520000-0x0000019F00530000-memory.dmp

memory/3992-1364-0x0000019F660A0000-0x0000019F660BC000-memory.dmp

memory/3992-1365-0x0000019F660C0000-0x0000019F660DA000-memory.dmp

memory/3992-1367-0x0000019F67AD0000-0x0000019F67B46000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\common.dll

MD5 f8982bca959e27db5ce19d7932551d43
SHA1 755b3ca63d16c57f93f073989162575304843f5d
SHA256 0ad834746488898d82e2a42d30ee3e8e6c70d1efb64d1abd6bc7430be38c3212
SHA512 81f9fb461e619792c51c1fe41dbb9d1a4b76554e65441fc82be7b39f103efbc8ea744c24b9833b98bef5a0803619f733e3d247dbdfc3290d6bc5770adc33b3b3

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\ServiceWire.dll

MD5 99b3d7efabd8f3afe78405d3e9ff2d00
SHA1 ff7742716bf3759ecab5547520362e1694786696
SHA256 152558a74c510f529ffa5c9397fdfb37858961371bd23e89219236a14f4ea16a
SHA512 01392be8b1c28ac135b15c700913879e1250a78092adf32443ce77f4b95f942a4451e46123241f43bdc06c14488a7c2f636891fecf1c8fa3ab0bccaa7f53a03f

memory/3992-1369-0x0000019F67A50000-0x0000019F67A7A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Unity.Container.dll

MD5 d618cbbbab32121bb8f78ed1de80189a
SHA1 f52efd7e2fbb87c57be0f6a981a527a6a6e9b338
SHA256 033ffdf50a855fd3b42e8950a4707edb2ed0820e37d2c9ee9456af41d22aeb7e
SHA512 607074853bdd4e953906896686b873c0214edee889730ea47ea643173ba2cd9c44ee10006943952d2c60ed2f43414776b7ae38050ca62e0628723fbbd9306e31

memory/3992-1371-0x0000019F660E0000-0x0000019F660F6000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Unity.Abstractions.dll

MD5 1b066b3cb5d8ca243a8bbd13e11fa596
SHA1 63f9d1c08e011d9aca6bdc6839887d03d38944a8
SHA256 788f516054fa47046514fab1ba81b712fb441814e9745fb46c09d29f6de8a464
SHA512 a35a8881b928057c165be32f637ffafce456c5a23eded2d867847898c37a84fc0db4f1892550eb11d86e89d55123520c0b34626321b756e2fede7974592a0b22

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Win32Library.dll

MD5 48b3ed59d4716f040be7bde04ef9419e
SHA1 b8a3086b8229294c6d0c307f9576bc3582ffa7c8
SHA256 06b116abc62a4fc8002c394e8e0f241769dd89545c39d8b155e87dc691e981e2
SHA512 13abdd70947eb24eaa4419201e30737d7b61d8128c4142e76c8112d42c083888a8afca457613f491bf29d76992685c2f9be7d4ecc10bb66103cd3e99ee5314a8

memory/3992-1373-0x0000019F67A80000-0x0000019F67A92000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Microsoft.Toolkit.Uwp.Notifications.dll

MD5 f58e9ca60368433534c420b054b01cd3
SHA1 598b9280153e53c6fff56af80d2c59d087809612
SHA256 51eebdb28f042f6169e3c71cec16d3fa95634c4284a20ed1d4e4d182de5f4bec
SHA512 14e180a029a81c777e2b4e938891de578203ef01ac2f187280e87fc161a2b7de9e36cff5fbd810ff5ca5bbc5cc84bdbce68f120014813c8e5ed17ee200e7f573

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 1c12d15f2c7c534deea964f20942b471
SHA1 162fb05640cdc592049419273b5176b00503cd5d
SHA256 e250c58662c2c8efa8e2c74bcec8de1f193e4b9ff6d60e4551a5b49e66fbff22
SHA512 01a18f084df947ab353aff014a98fda6cacd9619566ec8d344a29f677006603a14cb5f194642f139d6ed8ccc7da982792fe2ac409f9049465917caf950f9c991

memory/3992-1376-0x0000019F67B50000-0x0000019F67B78000-memory.dmp

memory/3992-1384-0x0000019F7FFE0000-0x0000019F80090000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 f19af1770216a3bbf159536c937ea006
SHA1 73e29b5bea48a1e3e99e48b1dd3e42a19c90fdd5
SHA256 be04bcd256b493009ce9f088d0455e9f0e71aca8951ccf8776c49360aa96bf2d
SHA512 24a7c55e12d14ce8acbe4f7a692b247a956820425b2cf1bdc878569058e61e94d728c5f7908f29f6ef1615421605e8da4784bd44b2b37ec4185478e2df9bec25

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 610dfa442b3fc7f9a33a8763a17965c5
SHA1 1d509b1bfe71a6a3a4fe32e1e8b26b3341a7b3e9
SHA256 e10d236ccf37aff5d60fc9cd5ad8f2950d52cb67afce73f079f19e4abc932c8b
SHA512 aedc8a3acdac6e9d4e8cb5118914d009a6a6be127d6d354c9d928f2562e255372769a242edcdc9bb507a104dbf42fe529187070ba17b20a9b7a575e1c2c9e8f1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 9e973c1a8973e95ffce646261adb55ff
SHA1 2fc2f7d3a16cae2f24ba35bbe9dd420702ce27b2
SHA256 af91df851d4628723163a4eecafd81a7e43034f690a4a0197ee626ff029888c6
SHA512 ea552d5e2608e4209b32a307ec9f72e72de2318a5cd6a7969451fcfe4d8e1c5220cd958835d3499f0a8be2398003d393d9895ba243939e782e379a258ed6a145

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Newtonsoft.Json.dll

MD5 081d9558bbb7adce142da153b2d5577a
SHA1 7d0ad03fbda1c24f883116b940717e596073ae96
SHA256 b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
SHA512 2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

memory/3992-1392-0x0000019F66090000-0x0000019F66098000-memory.dmp

memory/3992-1396-0x0000019F7FF30000-0x0000019F7FF52000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome.dll

MD5 c95d8af04638b30481302f38fe8b79d5
SHA1 32bb93da214e43c59e5777db05c3e6e30ce2fb63
SHA256 dd5f58b930c02a5757729fad09926c39e47d422bf21046bab92ac4bc400960a8
SHA512 982ab62a337571faeff6b3ab1b0312ce6bf060535517faae161e1790994aec741c8340b189595457b5e874974d311531d4fc7b5a8da2416dfb425ff56175075f

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chromium_base_version

MD5 24af27209c641f801d94a63cf07cb346
SHA1 9568aef96d210612927b9a3d09f2b6bb34947093
SHA256 924771ab3d4b68a38632467dc23654c6a8defaa8da8cf8fb610c1849b8c34881
SHA512 45c240bff6ed765eca17a50965c1f5c69a2c072331bcc2cbe45e978cd1850505994c318939616f942929d49c968f1a15da3623c567cb56b23b1991f801fc7065

memory/3992-1399-0x0000019F80090000-0x0000019F80106000-memory.dmp

memory/3992-1400-0x0000019F7FF60000-0x0000019F7FF7E000-memory.dmp

memory/3992-1402-0x0000019F7FF80000-0x0000019F7FF98000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\SharpVectors.Runtime.Wpf.dll

MD5 ef579ac90fcd8525234a517e055a3e88
SHA1 d14e31848b8688562b48f3c756492ee1bf71981f
SHA256 de7c471617d8f42fe9a42e5b0b96fab23196f941a336fbd57c888b453a8a13c9
SHA512 288c6c8f13d64f7b6c24c8294760f9f9937c76e1331a5a74c171f0e3ce3a7e47441b82e3bb3adddba4abc564b1b58d11612f7e92a00059a6f36dbdb9b32fb897

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\icudtl.dat

MD5 b53dab2644e2b44c874df9eb7ff9ba9d
SHA1 8dd5459e1358026316bf4199ed39ab646def0c98
SHA256 8eee505762b93042e43cf8b4b79b48ac1e965bbcfba664965b7436c4202c477d
SHA512 3435fe2f1e8a357394358b47ef3931e9de4b33d9ca27b7db2f81520f8df79d9032abe7261aaf7be30f3f5aa8fb5b664bdceded3090ba278687d875b7fe4594f3

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_100_percent.pak

MD5 69f3466601fdbfef17cc97570e7fbba4
SHA1 85cfdf98b47692509d6c29d556e03a61e069dfe6
SHA256 0c80e85f6ba285a21b59a7a135535a0047008492d20147a8a2140ae3d1e1eb15
SHA512 a5c7b2f4ec5dcc88dcfe68144ef3c91fea35e7603c153266546181ec4e350aebe544f4dcc79e49310da9063737f66877096b7841557480b8a4b73124d4ee434e

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\resources.pak

MD5 7cebebf809266e2d3f85dfdd50c010f0
SHA1 4678901b0009690f7662885b0fa0a6d5b58b54d4
SHA256 6416c87723b94113908ab2897c28e87c8ff6f31e2c7f31182acfc85c0982d98e
SHA512 bccd818edb2d2e8a66372888140c2cf8e204b28ba5437c215e0b6abbf7a303fbaac368bfa82d86432576ca78ae1793a5d76dd7f5e2089c2032d3e0411e296333

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\locales\en-US.pak

MD5 2ba0eb22acbc90d8955e33b613337ab3
SHA1 6479d1295e4cc071cd23a09412e521db0d025e45
SHA256 49813a25d205ca5b046a32881f9dfd189efacd815e913d7aeacc7087583dc2e1
SHA512 b24e6535bb282c0919f7f782aaf8170f129280949bbbeec3e35b8bcf44acdf88507a615794095e9ee39c78ef4208ede49fe3fb039453744cdf5f1b708912cc9f

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_200_percent.pak

MD5 b191cca204eaa14e4e6e48a4892f4ce6
SHA1 7944d268039d1f033209c0c65fe6823222c5fa24
SHA256 b4a1f4f93eb1f6d5d570a4c31393405839b580804f0133fca0f74ce55333572f
SHA512 555ad5c0f38b9e2e8269d7f013dc3858097d390dd299a5f2adeb42d04c2c1ba7424ce92afaea52469a9001c25e9f53476142348cc6b8751525e58b6572b24a24

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\master_preferences

MD5 1145e5f59ecbb095fb6b2c589c45e824
SHA1 f867d306e1d59a477b6221b2cb4a37a18a71cdd9
SHA256 6717cf4c3142666873a050c9e6578977e874aeb5553d6aa4a653a9a9a2cd7ad0
SHA512 4968fe6874f5d410a3e8faf3ea4a8c0bdb0e07472698dc1a98a94414abcb960e01440e1e04b8636a69fd3907e71ad3967309c3f6428fed1a3e845c1c08f974f3

memory/3992-1411-0x0000019F00520000-0x0000019F00530000-memory.dmp

memory/3520-1410-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3992-1408-0x0000019F66100000-0x0000019F66110000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\System.Windows.Interactivity.dll

MD5 580244bc805220253a87196913eb3e5e
SHA1 ce6c4c18cf638f980905b9cb6710ee1fa73bb397
SHA256 93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
SHA512 2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome.dll

MD5 97d64cfb656ede0c2d01279ec5f0f867
SHA1 c48417fc09f85509259823aebfd91e63c2f2953e
SHA256 64f66c23a084451ebb7fafecf7ee3db165a2d8e48219a964166b4d890f569a6d
SHA512 bb00f243857ba5639e3cb504fe024f9eb7da0e296f9d8a8db14a48b59b3cded02902363ceffab65535e63763521f73f1aa64fc687cd3cd40f28817b7b98c7f37

memory/3992-1419-0x0000019F7FFA0000-0x0000019F7FFBC000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Microsoft.Expression.Interactions.dll

MD5 3034cc0d5cf3731ed90153aa616f3f59
SHA1 aace8d26358d9829f0e6632bddf183534acfec0d
SHA256 63cd5e8a60d77d1007352538a4285c60c0c3efb9c771035589105a284e4f63a9
SHA512 88589b022d713d565342e331394ed5600d1fe346aa788e45e16cf51221ce898f10bd28c6a09fdc44d9ad94f25b4ed22c6f0eb28fa832863c01732def5b6c6086

memory/3992-1422-0x0000019F80170000-0x0000019F801C8000-memory.dmp

memory/3992-1430-0x0000019F7FFC0000-0x0000019F7FFD2000-memory.dmp

memory/3520-1431-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3520-1432-0x00000000036C0000-0x0000000003800000-memory.dmp

memory/3992-1466-0x0000019F00520000-0x0000019F00530000-memory.dmp

memory/3992-1469-0x0000019F66120000-0x0000019F6612A000-memory.dmp

memory/3992-1470-0x0000019F67AA0000-0x0000019F67AA8000-memory.dmp

memory/3992-1480-0x0000019F67AB0000-0x0000019F67AB8000-memory.dmp

memory/3992-1507-0x0000019F67AC0000-0x0000019F67AC8000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\fe687687-a998-41c5-b64a-4681c8bf1ecf.tmp

MD5 a3521925004fbbbec5a0818595eadeb4
SHA1 f59ad7f16254402c91d2c83b3307f9d4ee0b1f86
SHA256 2361a312323d45991cef2ab16c8674c775e196e241c4b42ad0506c481b1b2022
SHA512 78aee5267af2084fe839d774b8b0fa0a55008652f039ced988d7c29f35a4ae924efe5384478a25d41d7255d5f76eac3608229ccbec4516c2a73cfc60a478b24e

memory/2960-1477-0x00007FF93FD30000-0x00007FF9407F1000-memory.dmp

memory/2960-1474-0x000001D567EE0000-0x000001D567F84000-memory.dmp

memory/3992-1472-0x0000019F801D0000-0x0000019F801F6000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\255E87C.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\255E858.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Temp\43db418a-4546-42a6-ace4-83ebef103d29.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\extensions\gcklppdiegejnfnpepkaagjmdneobkgi.crx

MD5 d5b2db9b5a51865f66452f32fb7c4e81
SHA1 64e679e7f732f5b005528c2af25f777c85109e7e
SHA256 71a31380a317480881b882a9efb315412762eaca5660fdf11815d158126692ad
SHA512 6971eb104e8f5a7d080ea33b19450baffed81a713242cfe4bcdfe60964bacacb8369ea000622f2598364d6a69b18bd5287173198f88196169f5f135d07570c7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 5a7ab5fbacf71c3d8715f77a1d6b4cbf
SHA1 0a63a4ebb7fd505fcc0e569fb4a74af763a503ec
SHA256 98238e2a03fe407645a13d6e1654487ddb761ff25036aeb214055f5db4ab0cbd
SHA512 e110b1e979f7a3032ef6b195c58a8c5b7abd6760bf9a469437f763570e451c01716059626487080edc8be775a37a2cb7b66cb0426dc638b97e7a73d8ed7701db

C:\Users\Admin\AppData\Local\Temp\5deefdb6-9d93-4c52-a24d-d8e1103214a8.tmp

MD5 034ce0c40d7bcefb3e6b5bdf3480bce7
SHA1 3b19e399d7b2cbd4f3b8a7dd17d8b4a3af839e53
SHA256 93def3fa90190d2434bd74843575f4cccb634ba8481dfba5520815e01cf2325f
SHA512 9304cc186fee44ea84759530be33da9f45d702878823fc5c64e15bb39fa28c3be0a942593e9e43bdf2af9376bb2fa7717b942aa494dbc345a6e00c3362b21061

memory/3520-1848-0x0000000000400000-0x000000000070A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_239892526\CRX_INSTALL\src\contentScript\globalInjector\index.js

MD5 fe07a602fcdc55732a567bceda208e17
SHA1 cded2eae412bfc40d31e8285e3fae7bbd995bb69
SHA256 d459db412275bd93229a3c44dd4acef7c5880b35fa50732f76114a2378fcb5e2
SHA512 a8b49dbb4dbc184332fa4dc1b03f7664a09939cfd472bbf772bf411c5ed1e01a251e628246484a2ab35144b3f97f25c8818304346a7b392108c33b4b3347fdef

memory/5056-2021-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_239892526\CRX_INSTALL\assets\src\contentScript\slickdealsStart\index.a0908cfc.js

MD5 19cc33d58ec9e3d42825a814b8d9063b
SHA1 bce43d7ab37440ebb87f9822f2f7ca77aaa79b6b
SHA256 dc57439f8f8747f3b55ce505ed1937e915b9011c697b0bc29b0b2848fb4b0df5
SHA512 b278f43bbb7d0eea8dc982d157bea877d43b0d57231ff2cd146696e072392ae6c4a6bb9c6bfb46545af74c8cc73c1fa572a0abb704e6aac9c06722f40c6b9a07

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\16.png

MD5 f7964407d8460444ac479a39866b8291
SHA1 1f07f558e639f507ef5c0a3d15c5567f43ce09e7
SHA256 1206d28eb2995f94cfdc64db6837704999b16a68536b097bdc2a7b2c6ec27f26
SHA512 b063f81ee01787bf27b7ce3078d0d620e2ba52dbfdfbd43ed9929722ce7e27abca3df63370b9778d5d1ee5400b7d83b1cbcacc8369dcc329bfcd17cef82bee82

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\manifest.json

MD5 bd71d16d73d457de9c55312b53458b5b
SHA1 c99af7188e136fdc6fc59144e77ff21df0cc8d0c
SHA256 7189850ed2f8e830153634e7fc936d5ab3f0eed9a5d1408c57ee750d07f4829d
SHA512 a4bba3c470c7306035fc2c14352fb37a6a9dd80bb0b11c9a936bf9c4bfe6317270512f7626d3ee480e4f9f4ad272b6c4a58845fb792b0cd714eaecb8ab3b3ccb

C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_239892526\CRX_INSTALL\src\contentScript\globalStart\index.js

MD5 97c06edc57360ed9d8ced96ffb10c265
SHA1 00778a6df29f8c34f4b66472d9c9c905577c2613
SHA256 8eff34dd1eaeac24aeb9e385dd77a69eae9fb975400389ecce6b73a5385c2dd4
SHA512 b25dde0368501e7935e0d177009dbd5e91288bf648407a958d715f62e7df19fc67a60ca9597a3c938a0f3d12c10559b53f25c58e50d49db50145b9475d4e75df

C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_239892526\CRX_INSTALL\src\contentScript\slickdealsDealDetails\index.js

MD5 6f13fe2d9ad6c6dca797c4aaa7ea520c
SHA1 33abd608ce8c6687c0930776c4bdd252b6e03ce7
SHA256 120fcbc0bb7e09aee7f2dda95f2cde930c3379878c27fb96e0a21b92b1114b11
SHA512 9823a2321acd4cc37a6cae09e2b5817690efa1f923ef01220291194f5fa40fa615ebc384a9eecc9126fea2567750179e349ee21d14aaf423705ee5fd872cad92

C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_239892526\CRX_INSTALL\src\contentScript\slickdealsIdle\index.js

MD5 4df3facc60197e3c00afaa676a844367
SHA1 ccf1df4c665eba566276fc833da0d48490dfef8f
SHA256 ab2270fbfea2cc9a9e871abafa5d152003d460591cd96bed34c4b90666e1ed29
SHA512 87c5d67fc5bcb016b7f85523e3073cc963293632a152f93a8d61b9ca6ff6f851e22de9568de77eb2c8a90aae6d395530a2acddc99c353beb2d624512f0f0befb

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\d462e830-11e5-4260-98fe-67bbd14f05b3.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\serviceWorker.js

MD5 02bc07d152eacaffe4a31e667d9fbd0e
SHA1 f22c58599db466522eb70606fd9187bd59cd6b01
SHA256 85c8d0928c6ba30ea4ee87f5f39e001876acab70acd155e16d088f3a56878e97
SHA512 0eea4cde4b673a42926e6601741205637869593d3ed9dc65b3f6a40f2ac61c3b9391cd7b0f75036a1e091eee4a3ed0c73e2cd2f9cffd2ba973c76a92c880842a

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\src\background\index.c3470784.js

MD5 1bcb87bfe1672dd9d5b6d2ec4bdd1440
SHA1 7af255523505b9e6c0cf373484127c4401861b1b
SHA256 e51b2907b1e86b1c58ade11475a6eb1ee1454f0c524cd8e6102ab5fc76d0b5c4
SHA512 0ef4fdcb8e038d75fe271bd60f57cc92dc1e00a4acec13bca416001ffd305561cf3ebc6ef0bfb3a9a2cc4946706e893b072bf9c0a66e1e3fce18813f26a72587

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\devLog.fc48ebad.js

MD5 9db618256c16923d4be2d163196b028d
SHA1 adfa216df1a5e9eb88fdd755b335c393bf0fd7a0
SHA256 1e88e611c49a97f75e2a4c17a06448b4e7cced3f94139181c9641226a6c10b28
SHA512 ce184074527b8ce85181c045eb0af2787f5a5f66448d8ddf4a6db1a92a1cf1d8ad7b85883398d0eeeb8e79a2e3f51ef9b33286379de0308686a08dc6121489b7

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\popupInitializer.ee567670.js

MD5 68f1d1b16ed68737147103e509a2e4f5
SHA1 1a5880149ee4c86f2cd43b1d07d170b1c9476eda
SHA256 eb2ead8ce52358f547bdbd4f737f27cdea65078b9d8746a0f73eb3596a765af2
SHA512 775084ff48e7d6ed71ac0e793a2b932f99685fc615664b2b0ecf56f621d1fc70362d09da15f445dc033cea973d7b0447a79a73f969c43bc95ffd568e45f1fe03

memory/3644-2285-0x0000000000400000-0x000000000070A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\index.0a1d9bc1.js

MD5 a9881409aa51da613775f3413ff5165c
SHA1 6f6f016a330bc9c152839f839aa2b785ab44e01d
SHA256 4f291e9a648c109b78669cd878f8e6b5e32333b10a3d73a7c19df2ff8e03fccb
SHA512 58b035189bb35f6819343cab6e28d23155e90fb47eed930d158fb43398c47348f9062bb92e0a6681e3983849ea2c485385f21f63dfc7e5e97f46657fc3cc6798

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\loyaltyOfferService.4f4dbe5f.js

MD5 e4a9f2b0e51084e81ca6c0b658277ee5
SHA1 45a86f5b7741339efde55e55c9765c6e9b65525f
SHA256 18c195435be4e22778f0f1c52f5a63f926d12a9d6b8c8323e10ebb299f275f07
SHA512 f734589bd7b6a0d0249fcc33b8f905ab1ee48ca1ceca6aa1ae79292f0b538e815455b7a4617186194ae079aa2531f98db470f3f0e23cdeddb419bc86c6531ba9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\directToMerchantOnboardingService.4d58e5e4.js

MD5 0e394aa21637d49b1ef3fa330b3c6824
SHA1 e1036eacebee448e5a54193626a4a6b74e23bf40
SHA256 71041e19472c9d5cd9e914d2d613eaf281bb1ac660b3f5ecd20ca8f97f005ba3
SHA512 e207b43120e24de398e7878abe3d2d8a947fcf9590cc8b223f1c16abb85339bdb9af7a08fb39761b3f796a65be913623aef1afe2ed6196d49e8adc528230c084

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\src\contentScript\slickdealsWorldStart\index.js

MD5 4ccc13ba0eaa600938bcaf8d673134e2
SHA1 2d34a38435f2f014f99b345cbe7e7fa568a28d17
SHA256 fd2de0e6a6d5c30d33b0778ab1aab323b56f40cf788f298d03477e693694a189
SHA512 26a2adf768c410dd88f75597be01a77e95583fab142f433d7d66030bc8b46efbbf07075dbd10eeb599fa1c03a4ee7b8aafd9c41166192134a439b6a68f82ac9b

memory/3384-2302-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 85211def82555799521713419ce37a4e
SHA1 137e145a30f09d5e831db5a541d76d379a5fa829
SHA256 287cacdb766e7febbbc6bc58029f6b8650105f379b5bcdfebdbb9bb0626d2cfa
SHA512 28642c4bfa6e323b5165af93623b05a96e0649f491681e4535279b225446a3f99fa965d594dfff954b1f99615f2c2b74ad6f94a140a7aa9693af7eee27f59b78

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State~RFe590ab4.TMP

MD5 7ecd58391e598b751f43eda24fcf4132
SHA1 dcaf96acd3cc51f8c69ac0c09e6c3054ae2d72fa
SHA256 55c6e146ba41f947a247cb270fa0d47c69e8932d5bf8afad8ea9ddadc455a687
SHA512 3b41bf1ba7e1dd4b12108469bc6f5c68c8facac77713f065027d71eb5f4656a91491a7d70ecc79b92edee2203987f01777d55098af0bda264405526132e367a2

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 bba23e98382921266328f98ebf367aac
SHA1 c2eed6a54f46b0e3c537d7d6dd8cccacf0a483c7
SHA256 6cb8b296fa83990fa03a74068ccdcad278c7810d3bbf8e8194cbb041d7c75b9e
SHA512 5a7f63b4f563e48116f37be8e43b33118ea34af25f491c595992eb02c9a9b852c4999d522e0463483365a832eff97ee7823af6d7a1109cf5e61063ef9170732e

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences~RFe590b12.TMP

MD5 476d130df779b5880a2a7f6affbddd8e
SHA1 12d798efc1a23254c858427c4bb1815171b510ec
SHA256 15e85768ff37563fee2c7eec2e0e379fa20b068169109705a822f45169781c7b
SHA512 ff1f2d02fdf9c96f82e86c80dbc2294c64d9e8d34b2311f0d4b2220b4913c7f473bb1437340e382dafc436d1f489243e62f61cecd2a8be060a3005bdddbb61ab

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\32.png

MD5 2f3fcb68a97b28572ea5a6f6036e9d2d
SHA1 1f40c0e5ca228895f5251b318840089390a92109
SHA256 95477dfa9523aeeb6c54b99e05b2e77aebd169707ff4870d7a88312c3c9db472
SHA512 28ee5356d0b08749d4ed5df9d2baac0bff7570f6a4f3ccf117481879a549cd63cd33d9371ca769e79c00fe2f050bd027fb1df71502916f55dbb90315603e4b13

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\38.png

MD5 6963ca5b2b2d542066627aba5a524ba1
SHA1 ba505166df7dbd99eca91b369fee3ebcafe27e61
SHA256 c214904497572f7d19b1a9745d8e90a398098a86a8116c4db7f6bb430cd0da21
SHA512 3207e96f545477fa9106c212d96646921bd3505851e1323f4c283ea0ed964e961beb2dc04f920b76270326964cee8391ccac2d8b23f5c94762b719c0958a7131

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\19.png

MD5 ac164fe8d95aab9ef6c9aaf862e8f2d6
SHA1 dd8fa00ec5ff4caccd74329b5d61b313974d8167
SHA256 28a2d5edc6fd51c7274b75b465649f15316bfd3f5e47fe955de262a93ca1dd86
SHA512 2de6700a9e68dd7bc386d1c15ebcc3624b6e32d3dc16d624b87b6e0664ada8c330f6eab5cfd3307bbd0f8d32255ee5734d14e48164cc9b8014a422bbc8ef1255

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\monochrome\16.png

MD5 e9bd81b06e20c5d05aeac790c732f77d
SHA1 cdb7484d2f7c4a4ce354c3a42e5356a5124157d6
SHA256 b9c0d50fa39d97ae1d26d89f20c6da8309e0ad060c89c5a9c600c12213a54449
SHA512 1dad56a3c56170e5d2c7b3d688be6b6f8e498951578c54a68a00f3aedeaf5dc047573443391397221c9f0cd662909eb189543303bf6ba998f76750a61ff14753

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_00000a

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da7136f2d2ad85045b02561d32a1410a
SHA1 cb43c0f31fe865b0dbafe32347b56ac3b6554648
SHA256 9d988119e926ab4e7ec04dcf04654355977d853b1f995877fb04fb96b52068a6
SHA512 e50b6744f90469845627f2f4c5b667e8edf7cda0d3d98203641dd41bdaf126cfe5d5ee889a1a0f8c33e1c4d9e67cebbb4741eac7616566643ffd5bc2074742f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c0aadbb81435bf0e572754ee04f7205
SHA1 5916955dd445f30de188829b81d9a156da944739
SHA256 f8aa0d65a4dc9d7ff3bbb12d2c61d3f4cd6b80d6f41ed6575f65aad8992a9b6e
SHA512 e11630071dd5cf294c53adb14bc348d0e2aa26ad707b6c5cc5d6f9df76e0a1b8bac19ee1dad8a7ff38a6a6f3ee1ab0000affaebb94cd8255246da72d6505f702

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 565f72b9605b76996f62bfd3db027e0c
SHA1 b56f50a251ea0f88fdae01e2ffbc619f92955c4a
SHA256 6213418fbec1845a4cec756efe7276c2ac6ef7dfbbe92c74c3cc35040c9c1cff
SHA512 0a529c5cd0c129e337cd0944c15b5077ccf7d2ae183e875aa8b082ba78dc4b2d595f1580c1e3efbba5e033326ea259d4176a9cf644c0b4d4d5d599f59ca19862

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences~RFe593445.TMP

MD5 c75d3221165d55c3758fd957e92edce1
SHA1 9f814a1f4346d0ad2e7a78017efc06bce70a9430
SHA256 d1a11bb1dcab2793abf69999ca8112022f24c07414fd3d024cf1f4ede61abc51
SHA512 e938bf3c447bcf432045048af95fba7c7e395146dae967ac97fae2305900139d2ad0e8e9189b26334ba1ee0a701273f2d2f46efcacf3d12504c5dd85c8e4dcb4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

MD5 1bd34930c50fb850727c1541ad1c5f41
SHA1 7ce144ed7e19bd50c27cd82c384bd47c70633f90
SHA256 4be5f94ddc91c4b3b37cee1ebb78b4543a9d3d311234695061b8395a9d63db22
SHA512 f7b4bbf2fe9b289b0e46074dbfc8434cd9eeec0974284b7f3ccb16f2269908e10d376c53a2648f9c7ed5dae5824628cc408d08848a54c2ac466531d0246858b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9dcfdef6647ce7de7b474825a642d477
SHA1 4617faef6752596f88ae5f47658a5393f88779ab
SHA256 c5816e056e65288a36c01ea7e547f999aa84cfcbbd404aeb78726ad0cb48db00
SHA512 13a3988372a932efb060bd4e0c64606a75875458dfaf8afe7dfe251a6935b2ee05927792c3e12178a61df85a121884a0c949422d409cdcf7720ed952cfa8abbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2ad98547884cdd0b2be52f4f770238a
SHA1 86080282d1f7c805e6fee300b86ff91c06fa92a6
SHA256 c98c5cfeca1fb51553dfffec49ec368ce890c3e8d53b97566402c5d31d672453
SHA512 bc9ff26e0d7eacc4e1b5e075a3be5e779881b353676af89c94374cd2fc4ac942c319483edb5f5443198e64d3e33135ddcd0f07925e2bf4279c6ca16977514328

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595450.TMP

MD5 c0a233203273011cac185f1cbedf6ac0
SHA1 0cb848cefa632c1653f46da749628502f42fb9a3
SHA256 75ac1442d85ed0430bc17609d871be0dcd806c9a40aef286fea25a93a667f95a
SHA512 b0d481989208c311cae20785ff9dcc8209f3bcafc4d37ae2427e376ede462c6bfc971ac6f5b0bd60435904e32dd0cdf2e5db81a8847d2e20f74c2d62be85dd0c

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4a078d56fe11ee7af8c2bcf091c151a4
SHA1 9e3266901b0445b18f5803ab8f4b33e40fb4830e
SHA256 bb0d45c5886079f578507b6ceeb0f304b79e34c84e7e909fbb125c67201a3180
SHA512 f04c8b48fb463a02c119daf24f9226901cbb95ee7b912be36bbc76c0111745ac70a8b0a70774d0a0b855b24b91f89b058455217528e868ceca55f1cecf5ba90c

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 09f9ee2c947ceafa65d5e990dff855c3
SHA1 f3bfe8d5eae6bae7c2dc874d1c34b02a7412ebb7
SHA256 6b98fa799ef103226be1344b0efed190553d513eb92fcc875a7480948fd7a93b
SHA512 8aefcb6c01a2264b90e4efe361a3e3ed17afdf86cafbffa5966597ed6b56c19db098098726f0b7a1786384ef3742fe08cb1be8f2f1df3dbfb96926e31a5ca19b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe596577.TMP

MD5 3795fd0ad33c0878047fe51d8e9f43a7
SHA1 7d354d8012ebbcdaa6cb67d235fe72007a3c6ead
SHA256 77e13bfd1c729c73c551b51b1c3e01ab6af848e38475a06e7005cc3106fcbfd5
SHA512 fd709a0e0f692a6660129f295e0fda9b8e9186e75c754421ce1821109601236ecd0d43572a743cafaa821760a69aaf05211c03edf1d1741809c0be92751b3862

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 6b9002185175983fa85caea853926d7e
SHA1 74004263499de63f1f1b24e3ad55f30c3c969916
SHA256 4714047e247004e7c2cae908afae6b4e02fde6e7183a7f47005bf17bdb4d8017
SHA512 5a5c53524e25c5d426b79ca09c4aa0d624c7e782f4f3988abd8af9bf9ed42515ccae888f2f9c852ee3d76b8d69b90fe5da4e941d3d60e99bc7f197f82ff7b25b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 71c87dc33d1fe2a316a1cdf19b6c9e29
SHA1 1ad83b667653000425ddc37f1ce9afe6938ec066
SHA256 92c84fda7496dd666f1cf52040fce093d1f3b2e8d421d192a9759c93468c53a2
SHA512 310f7256865381c69fca1a369bdf383fc3b1dcbd473ddfd7257fe32a7f44c7072d386d847ee417ad9db6e69b003262948731686520114ff67415c9a391b529d0

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 99f6b371e2b8b282400b80879ce64c3e
SHA1 14d38d9af16e30a5bbad4a586ef055f05f8457f6
SHA256 aec6d656f61db37a6c990bbf95038439cbadd51dc221b513e7edcecb14822709
SHA512 b801b3cf5b173d23df643a47045a3601dc0e0b56944addf99c3e83a04f79df8af2813a0bd2592d3f5102342fd62eaaa978d48a83d9b7164fedc2dc5efe9931f9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_000003

MD5 4e82ccecaa3808ffe23b3c92e21d17fc
SHA1 8d45e94a4b5ad406c40cda4bd7fe90aa1d72caf2
SHA256 6e536340da1a503fd176e1b1af0bd6d14a73a87ca35702cf3e59b8bea57a6958
SHA512 4c9abc4899c5ab97fdc7a88bcce4ddf800380b6f3735dd12b2c1ade318bc38465584449a9fb275343f523074e7175389a0bcb81b3a692ae7681240a499f9a7e4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\src\contentScript\globalStart\index.3fc83030.js

MD5 745f189cb113d2af0d8d6f33adf177e9
SHA1 b0066ed915549e99502ebf5f0a5a3cfd785e199c
SHA256 2fde09e7b5af6b339b43ae81258600eaf05ea3e04f9302697e0e3a80ace3bf95
SHA512 a8ea04967daa4f6cb7cb20759420de33918b272edf0b61447ec49d349271b544016026f9901d016d6a9c4b00cd5831c94e89a731d3e7118ad54142b5f6c78d09

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\src\contentScript\globalInjector\index.44abef34.js

MD5 621f84413426d85ef949dbc76823cb34
SHA1 73f05326fb64de58f03876c5457ec10a601c1f13
SHA256 5e542429604c5dcd7b1baad8a6f1a14daa13b47e4c4294673aac9a0309735e77
SHA512 7f0a5caa17b38dd3ed214b129329feb972290c962a06b433682a16e4b3b0d19a19d986d869b2f65b4a0273048906cd5917cd1ba88c5caef71ed76a79b3f5dc43

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\src\contentScript\global\index.js

MD5 bdd15e1b6c881a285d940e7666bd55f8
SHA1 65be02986526cfe30c7c22f169b95f5a5b50b503
SHA256 8e1b2a501459c11ede2ff2c6accf0b4698d68d3f592a2222d164b402d995b04a
SHA512 efe4e7c0795c84eae25e20b7f9666ff98ae9961f556b17484375da79b27a2559b5dda53ea6b7f09a981501edfe210ecc544d6cff7aa585e371f22e124b034807

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\38.png

MD5 c293039207c726e8dbef0573c555a7aa
SHA1 477494d9f5806772d88055f2e5de66ca5a6e002c
SHA256 64f92d2995941adc86691fa92b8393d31d009cadb9d8ce3f625012d6608239dc
SHA512 0b09ab12b7e72a45f2aa9bde58528ef7cb43dfdb5b93c519c5eb7e48def7fffb6eb9f192bf6b732e0e6ca0383b0e2b3f7617ea622290b9d31d7d126500eadcfe

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\19.png

MD5 0b8f18a16604fda757ec7a3a832a7dd0
SHA1 600a3306bb45c07c85120cb112ef29692f9a9b35
SHA256 23f928e03099819d19eb933c4e0afbf1e93b12489402a22af2c7b417c11a26f6
SHA512 dfa4b25a532beed330962626910b9a4c54cef73edd9017367d73ece6dd5e7acb52924b08e2d73c3a378d5d40d2bfc83076a956393ae042b1a0ddbc87dd1a60a9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\icons\32.png

MD5 8b15174b525809349b2dbf3c94868de8
SHA1 0440586b9c9e79c9d747720f77f65dc262b334e4
SHA256 90acec76dc5819b26e042c39d5bc676df7e6edbe3d8fb2d316957bfcb306e026
SHA512 f4dcbdbe0657c25a88b8a67d4159aab919537900ef3be3870244e031fd3ef59987165fb7ae0d566047763c27630e0dfe61d3608b6ded0216f0629f345bda5895

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\index.b3c97f2b.css

MD5 1abfa7da15f6c808d5f538078e78d7b4
SHA1 d20164b4620ae3f8e040fd02ff4536f41d7e63ef
SHA256 b3c97f2b4cfc637908e35c8c4b4ae80f5b17941cab3f2c3800703c3349afeb5b
SHA512 ff7f1d3d715dca165411c2b8b09f6cf616ee0f31607244dc8c2069eb9df79d65f667e9b7b32112d4937f973f28b96db3217d866b9feee543bf43c28982ff32bb

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\ExtensionWindow.f4ea2052.css

MD5 4435a64c8f61c9afb24d74143c300571
SHA1 85f6d6f276a8c424757d0b6c4cf21607909d6fc5
SHA256 f4ea20524a0ded94fd090a55ad8ec5d625a54bec9722c27a38766a5d61d3c9dd
SHA512 7fec5d8dd9711dfc1ed14d1e0587ce578bc9d563ff12fbc03e57c20f713563c505f4ba2451d5510b1deb7c2cead8386f397443b96ae0f0197d14ea46cb8f70a4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\style.3f520dd4.css

MD5 3816984d480cb86722053c2a2237b4f8
SHA1 53a7b4c0cde388b926f14300d4ec9dbf2c108445
SHA256 3f520dd47ec8f642261b56d22fc8a98be494184ad8e702beaf04f1f97a80f4ff
SHA512 c600f6688a891387bfcd4c6526c3b9fa6585816dfd6f346c8a8724467c87db49b3dbf222eb167a6a85c646c1c3e3cdfe7420ce29c404dc53c7c4f3449723e277

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\renderContent.f6e675db.js

MD5 a192f4fe97074c38501a480d8b7a3534
SHA1 9d9169a8603ce308ed3984ea49a9d44a114f89be
SHA256 acd8c5b9d0ccdb296b5d48e206e2f720d119cb1c107309b4c8b32fd8ef9f3abe
SHA512 302c87f4e93b59123020df65d56242c2f31347fd75fc1ca26f9b6fd082c716b02bdaab42904ec16c48c3914e996a1d1387ff52bdb9718e5faa613e3973b5556b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\close.0f2bda35.js

MD5 502ebbaa12e936bc95c4d036f28a02e5
SHA1 e58888c7a26065109ea7fea9844a075ecf3044bc
SHA256 ffde759cb7d17e47ee8535820ee87dc1685bf82e15d67548d0e2290d8df010fd
SHA512 008c4344e14d78bc30c162ab17dfa69db88308c790fdf5fc40737497ff8f9aa799f4461fe1de058cd13e13a1890dd32433a6f6bd71368049d4c6045ea28d8292

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\ExtensionWindow.cd04b84f.js

MD5 1d5b9214149a9dd0d74ef479d2f751ca
SHA1 04a511fcddfaa11de5e89e3fdbda588fd4860e9a
SHA256 8158334cf59a29e36cae8bdca82646a616b45ab987d0e1f599b079f5cbfa8c47
SHA512 ffa34af3d4d23e1e3935b0e7d82f7a7a0c495cbf157fb347b4d9ac9d32cfc5eb3d0764c7ce32a24aa7fd14fba070f7433de2b344e83ecb05dfbe5b4d26031890

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\gcklppdiegejnfnpepkaagjmdneobkgi\3.5.3_0\assets\src\contentScript\global\index.3de956d6.js

MD5 7c0ac97a9e6fa4e0047467a073baf9a8
SHA1 6c074a4cc7eae4e360e7be9df271ec496ec486c2
SHA256 2567adf149a8bf70c083c6e10e79fe088de7da9bcb855882fffb8bda54987ac4
SHA512 9da4f8a7ee585865905f7dfa15ae9e20a39436fccc2bb4cec63e1ce0d2a2099ab7ce1e3c83da707c4800c0a83c5bacc7b0d189070acd93a649f70c10441922dd

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 5c41c9afbd3a806582a78da39c549f18
SHA1 5aabf3c30e5f90912030a696b9529e34978586ee
SHA256 2514d462805a3b4d454691fabaf0108dda0130a791e38d8baca98ef5a4fe6738
SHA512 2788a865077acbb876f361029393689f62b64ebc0ab511d06c3cf341b9310d085232fc452bc2cdb9f95ccf247c2620999c0fb7cf6ec584617fe91132bcc82451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd709f20d8c75906b683df9af63eba54
SHA1 33d96c378f5d05579532564e9f8c359e819f33f6
SHA256 f528d90a84ec55a6151c5083864031dbf5eeb5f885507222d33259d36953fb75
SHA512 f5b7e4ccd7fb2644bd8afde07a327c4fe20f00034e23b1d5fef0efcb32eca37f3b7d226621d9357517bbaad8be25fa6343a219ec64edf9c5a2f3cda6f1ca020a

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity

MD5 3cac364d11e3588bcec549723e08400d
SHA1 3c93589e33e61301b182dac496258c337faafaf8
SHA256 7511e854e1c79af884d0e03343f5607005e67ad6b1d72d837027c5df1e8398c2
SHA512 fc955c7bd5dc174fa81e1906f66cc5a1f851475def9a6a01d3b5615b7c4a8bcff0c139daa1db93a8daae5ab12f905f9785955229d7d412d2bb41205de8c8a9bd

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity~RFe59be74.TMP

MD5 b4b978e23497cbcce2b4b2b8ff987b7a
SHA1 94214be5b3f688d1d7bde2351f7b51791f2335a9
SHA256 678baa2188d6526abc9384a06237f759fbd760c7a556fc60d0cac93b432fcbf9
SHA512 9cc621ee905b6c7fc9341e66094a07d3bb3a590bc959b392b13e7778b578ac962dd5a1b7f611353348427900526d20d2c2cc2d0a826ad9c07a9f9ce1ce54cb4b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity

MD5 ae48c09697aa0d5fc020f762959e498d
SHA1 d48aeb00b816ab87f348f84d4efd062f88350988
SHA256 1b71555aae39d75f000206a67b7220824f2ecbc086860456670d75003581cb48
SHA512 4861b8a3a789b6d55fd7f256cbd208ac00e5f72dc183acb556b87e4f20f8356565e51b762f820ec279de4ab75c624aa9e1dae7cd09a6a37acdd6e981c854d65b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 6ce494fc2412739cb49c84723f389f25
SHA1 c8aad6006f9b4a522df92b1b727364c34a00e1f9
SHA256 c4aa47e7de4fa2f5638c19e1de8f91561178bff5645837f3291a175a4d3b68e1
SHA512 35325c610155152fd1116b02304a5c7508f9a6f6c16f490eb4d48aff4c2840fe0a8966b502d42b590b8ff5ea86c851894a3683d50d378a7594d1121c4fcc0efc

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad\settings.dat

MD5 c404d408bcc5ff1cba2788609d75808e
SHA1 ebe205dd87d71c0f1df021d76a7b8fcd914e4ee7
SHA256 64c47d14a47c17cfe342d0c4981efcac366cee117931b9de0640943c32fd831a
SHA512 518bfe20970c3a8fb7c0514c7e3d7eb57535232d2fc8e4dcf4713c1cbc961394d550b1c12561eb42dcc22e3d2fc8d84b596c3708a5beae43696d0e7d33af310b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8ba1863775809e690a51992d7e2773ab
SHA1 9a3f9b21fa9b5f3d49a248c807f1334c26560ef2
SHA256 a2f30e3ffdc6cda1506b7d68d1e172d40467e366fcaf3789718a1e0e186811c9
SHA512 f4289ff42f6c45c61e13231a3c558c6edcf81192da8fd4b0247f6eb5089ae12feb803d59bd9c6cb8cc3c94c487bba7ec77086f1936e44d31769b4317f5ea3312

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State

MD5 4d9529696e46602f36dccbbe33a997c8
SHA1 09904fdce2321ca522312a27a730a2eaef6626af
SHA256 197a399503d50034ab795314f3519c7fa2de62bd1f38d89cedfb2537804aaaef
SHA512 e9226b801e22d9a05986923ad87b6d613c7a6dbf51aa3fe3b35aed48d80c7aca919b8770e993a4da5e32dbfebcd893160b0e0575d7b8cf70627ed64a60a120b6

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State~RFe5a0d9e.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\TransportSecurity

MD5 20e926672d1e170200538df1188afc31
SHA1 cddf3df571126cf60410f1b36c946370d247aced
SHA256 d00b6d9ba28552db62951fcf1328b778583ba2f83cc1154d884d1021df89ee2d
SHA512 d66fa1b0b3a38fdd15e643b8612413be7f32e1dc392427d892965a1940beca887ab75f8335cc50c0d166dd6b53e31690d3447258516a243dcd9d242f0413c550

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 198ec60f1702926ee1e9450315fafc95
SHA1 66eb8e0369969dde3081596e2760c61436059f8f
SHA256 3a668128ba0aea3985a57f4a3a061a717f1be7b129956f4ffd7eb2c2bf97ba36
SHA512 a08a17d7d2e475eefdb17c59eac43629d2ea0328a6e9e13402fb736f572d9aec8420afa3565360b76770c969c298012753bc79873dc6236106e4ce49aefe8636

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 e1fafa1f572a7acbcd5fe9cb53ccac53
SHA1 709c433e36be02c93bb61eeb7ac08f4c0931e01b
SHA256 129501a6edc9b5ede834f4ec0a782ad17e479429b1d1e8c97890ea67a3eda78d
SHA512 f54dc6bed7fe41ec97c361a6e0bb575f77fa66de618dabd9f3873438545f37fecc35712e04de95a09c28dbb71458eb8c7e6d990382f180993cd8ec52045b612c