Malware Analysis Report

2024-11-16 15:43

Sample ID 240222-ttb3rscc4z
Target OneLaunch - PDF_i3nxg.exe
SHA256 b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8
Tags
google discovery persistence phishing spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8

Threat Level: Shows suspicious behavior

The file OneLaunch - PDF_i3nxg.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

google discovery persistence phishing spyware stealer

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Downloads MZ/PE file

Detected potential entity reuse from brand google.

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Registers COM server for autorun

Program crash

Enumerates physical storage devices

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Modifies registry class

Script User-Agent

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 16:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 16:20

Reported

2024-02-22 16:23

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BUCQ9.tmp\OneLaunch - PDF_i3nxg.tmp N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

C:\Users\Admin\AppData\Local\Temp\is-BUCQ9.tmp\OneLaunch - PDF_i3nxg.tmp

"C:\Users\Admin\AppData\Local\Temp\is-BUCQ9.tmp\OneLaunch - PDF_i3nxg.tmp" /SL5="$5014E,2484167,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 attribution.onelaunch.com udp
GB 18.172.89.116:443 attribution.onelaunch.com tcp
GB 18.172.89.116:443 attribution.onelaunch.com tcp
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.12.224:443 update.onelaunch.com tcp

Files

memory/856-0-0x0000000000400000-0x00000000004E8000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-BUCQ9.tmp\OneLaunch - PDF_i3nxg.tmp

MD5 0859be57626d393b36096262e1881e8f
SHA1 f06debaa544dba35f45bba0e2542189d53e6da9b
SHA256 c406decc37ad9cc8a96b73a0526016d19235367a420a1f82b8d8d3f76fe0c4f1
SHA512 fa16bfb5958917e562e7c8f5152001eeed2b4de093fb3852e86bbc84bf60b0cca8746f2950e15ed0d4e1751c713db50726de2bf91a6260d8506ea7ea31f88800

memory/1744-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GSNVM.tmp\Win32Library.dll

MD5 f8c19389f44e9216600ba7bbd5355d3d
SHA1 79c78b77de6d9690bf3329833355cb9d30d449bf
SHA256 fb1109a29b39702440daef0cc92db50063b1cb7f5cde93ba10bcb49bef5d3cf7
SHA512 527ea720bed7e5c756b2c08c21c62ce300807ac21249f0106512481909c12bf1a49e9670c9c964d69d0a08e2a8c1fa040deada05a073b17ed12e0e685ae46dcc

C:\Users\Admin\AppData\Local\Temp\Cab1788.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar179B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

memory/1744-52-0x0000000000400000-0x000000000070A000-memory.dmp

memory/856-54-0x0000000000400000-0x00000000004E8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 16:20

Reported

2024-02-22 16:23

Platform

win10v2004-20240221-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe /startedFrom=registry" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\ChromiumStartupProxy.exe www.focuspinnedntp.com --tab-trigger=SystemStart " C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchUpdater = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\OneLaunchUpdaterProxy.exe" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunch = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchChromium = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\ChromiumStartupProxy.exe" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneLaunchUpdater = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exeUpdaterProxy" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A
N/A api.keen.io N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Detected potential entity reuse from brand google.

phishing google

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\program files\google\chrome\application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\program files\google\chrome\application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\program files\google\chrome\application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\program files\google\chrome\application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530924955237708" C:\program files\google\chrome\application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application\ApplicationName = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Shell\open\Command C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Shell\open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Shell\open C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\CustomActivator = "{41dbafb1-26cc-a64e-6fd4-36024342151e}" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\\Icon.png" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application\ApplicationCompany = "OneLaunch" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Shell C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e} C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32 C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\Has7.0.1Fix = "1" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\chromium\\chromium.exe,0" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\wbappbar C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\OneLaunchHTML\Application\AppUserModelId = "OneLaunchHTML" C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\OneLaunch\\5.27.0\\onelaunch.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\AppId = "{41dbafb1-26cc-a64e-6fd4-36024342151e}" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{41dbafb1-26cc-a64e-6fd4-36024342151e}\RunAs = "Interactive User" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\DisplayName = "OneLaunch" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\AppUserModelId\Microsoft.AutoGenerated.{AA019E86-DD4A-0F00-9FDA-FBCF0B4BA2E7}\IconBackgroundColor = "FFDDDDDD" C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
Token: SeShutdownPrivilege N/A C:\program files\google\chrome\application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\program files\google\chrome\application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 620 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp
PID 620 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp
PID 620 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp
PID 528 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe
PID 528 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe
PID 528 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe
PID 3112 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp
PID 3112 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp
PID 3112 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp
PID 2088 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe
PID 2088 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe
PID 2088 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe
PID 1816 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp
PID 1816 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp
PID 1816 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp
PID 3608 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\SysWOW64\taskkill.exe
PID 3608 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Windows\system32\schtasks.exe
PID 3608 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe
PID 3608 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe
PID 3608 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 3608 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 3608 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 2712 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe
PID 2712 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe
PID 1600 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp

"C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp" /SL5="$D01CA,2484167,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe"

C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe" /PDATA=eyJsb3dlciI6ImhlYWRsaW5lMyIsInByb2ZpbGUiOiJwZGYiLCJjaGFubmVsIjoiY20tZGlzcGxheSIsIm1haW4iOiJoZWFkbGluZTMiLCJvaWQiOiI3NSIsInVhIjoiY2hyb21lIiwiZWZUaWQiOiJhYTRiOTFjZDRlNDY0ZmY3YjM3YzlmYWQyNzk1MzM3YSIsInVpZCI6IjIyMCIsImdjbGlkIjoiRUFJYUlRb2JDaE1Ja0xtb3piSDVnZ01Wd1FLdEJoMG5YUWwzRUFFWUFTQUFFZ0t2T2ZEX0J3RSIsImRpc3RpbmN0X2lkIjoiYzg2OTU5N2ItY2U1Yi00YzNlLWE3NDgtYTc3MTdhYmUwY2ZiIiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRjb252ZXJ0cGRmLmNvbS9wZGYvbHA1IiwiYWZmaWQiOiIxMDIzIiwiZWZUaWRzIjoiYWE0YjkxY2Q0ZTQ2NGZmN2IzN2M5ZmFkMjc5NTMzN2EiLCJ3aGl0ZWxhYmVsIjoicGRmIiwidHJhY2tpbmdfaWQiOiI3NSIsImxwYyI6MCwiaW5zdGFsbF90aW1lIjoxNzA4NjE4ODQzLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYyIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYSIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzA2X3JvdW5kZWRfc2VhcmNoYmFyIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wMV9waW5fbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNwbGl0XzIyXzEyX21vcmVfZWR1Y2F0aW9uYWxfbWluaXByb21wdHMiOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp

"C:\Users\Admin\AppData\Local\Temp\is-FOQ9B.tmp\OneLaunch - PDF_i3nxg.tmp" /SL5="$701D2,2484167,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch - PDF_i3nxg.exe" /PDATA=eyJsb3dlciI6ImhlYWRsaW5lMyIsInByb2ZpbGUiOiJwZGYiLCJjaGFubmVsIjoiY20tZGlzcGxheSIsIm1haW4iOiJoZWFkbGluZTMiLCJvaWQiOiI3NSIsInVhIjoiY2hyb21lIiwiZWZUaWQiOiJhYTRiOTFjZDRlNDY0ZmY3YjM3YzlmYWQyNzk1MzM3YSIsInVpZCI6IjIyMCIsImdjbGlkIjoiRUFJYUlRb2JDaE1Ja0xtb3piSDVnZ01Wd1FLdEJoMG5YUWwzRUFFWUFTQUFFZ0t2T2ZEX0J3RSIsImRpc3RpbmN0X2lkIjoiYzg2OTU5N2ItY2U1Yi00YzNlLWE3NDgtYTc3MTdhYmUwY2ZiIiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRjb252ZXJ0cGRmLmNvbS9wZGYvbHA1IiwiYWZmaWQiOiIxMDIzIiwiZWZUaWRzIjoiYWE0YjkxY2Q0ZTQ2NGZmN2IzN2M5ZmFkMjc5NTMzN2EiLCJ3aGl0ZWxhYmVsIjoicGRmIiwidHJhY2tpbmdfaWQiOiI3NSIsImxwYyI6MCwiaW5zdGFsbF90aW1lIjoxNzA4NjE4ODQzLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYyIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYSIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzA2X3JvdW5kZWRfc2VhcmNoYmFyIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wMV9waW5fbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNwbGl0XzIyXzEyX21vcmVfZWR1Y2F0aW9uYWxfbWluaXByb21wdHMiOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe

"C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe" /PDATA=eyJsb3dlciI6ImhlYWRsaW5lMyIsInByb2ZpbGUiOiJwZGYiLCJjaGFubmVsIjoiY20tZGlzcGxheSIsIm1haW4iOiJoZWFkbGluZTMiLCJvaWQiOiI3NSIsInVhIjoiY2hyb21lIiwiZWZUaWQiOiJhYTRiOTFjZDRlNDY0ZmY3YjM3YzlmYWQyNzk1MzM3YSIsInVpZCI6IjIyMCIsImdjbGlkIjoiRUFJYUlRb2JDaE1Ja0xtb3piSDVnZ01Wd1FLdEJoMG5YUWwzRUFFWUFTQUFFZ0t2T2ZEX0J3RSIsImRpc3RpbmN0X2lkIjoiYzg2OTU5N2ItY2U1Yi00YzNlLWE3NDgtYTc3MTdhYmUwY2ZiIiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRjb252ZXJ0cGRmLmNvbS9wZGYvbHA1IiwiYWZmaWQiOiIxMDIzIiwiZWZUaWRzIjoiYWE0YjkxY2Q0ZTQ2NGZmN2IzN2M5ZmFkMjc5NTMzN2EiLCJ3aGl0ZWxhYmVsIjoicGRmIiwidHJhY2tpbmdfaWQiOiI3NSIsImxwYyI6MCwiaW5zdGFsbF90aW1lIjoxNzA4NjE4ODQzLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYyIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYSIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzA2X3JvdW5kZWRfc2VhcmNoYmFyIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wMV9waW5fbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNwbGl0XzIyXzEyX21vcmVfZWR1Y2F0aW9uYWxfbWluaXByb21wdHMiOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp

"C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp" /SL5="$100232,104692097,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe" /PDATA=eyJsb3dlciI6ImhlYWRsaW5lMyIsInByb2ZpbGUiOiJwZGYiLCJjaGFubmVsIjoiY20tZGlzcGxheSIsIm1haW4iOiJoZWFkbGluZTMiLCJvaWQiOiI3NSIsInVhIjoiY2hyb21lIiwiZWZUaWQiOiJhYTRiOTFjZDRlNDY0ZmY3YjM3YzlmYWQyNzk1MzM3YSIsInVpZCI6IjIyMCIsImdjbGlkIjoiRUFJYUlRb2JDaE1Ja0xtb3piSDVnZ01Wd1FLdEJoMG5YUWwzRUFFWUFTQUFFZ0t2T2ZEX0J3RSIsImRpc3RpbmN0X2lkIjoiYzg2OTU5N2ItY2U1Yi00YzNlLWE3NDgtYTc3MTdhYmUwY2ZiIiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRjb252ZXJ0cGRmLmNvbS9wZGYvbHA1IiwiYWZmaWQiOiIxMDIzIiwiZWZUaWRzIjoiYWE0YjkxY2Q0ZTQ2NGZmN2IzN2M5ZmFkMjc5NTMzN2EiLCJ3aGl0ZWxhYmVsIjoicGRmIiwidHJhY2tpbmdfaWQiOiI3NSIsImxwYyI6MCwiaW5zdGFsbF90aW1lIjoxNzA4NjE4ODQzLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiTm9uZSIsInNwbGl0IjoiYyIsIm5vX3NwbGl0IjpmYWxzZSwic3BsaXQyIjoiYSIsInNlcnZlcl9zaWRlX3NwbGl0XzIzXzA2X3JvdW5kZWRfc2VhcmNoYmFyIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wMV9waW5fbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNwbGl0XzIyXzEyX21vcmVfZWR1Y2F0aW9uYWxfbWluaXByb21wdHMiOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ==

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im chromium.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "OneLaunchLaunchTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "ChromiumLaunchTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /Delete /TN "OneLaunchUpdateTask" /F

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn ChromiumLaunchTask /f

C:\Windows\system32\schtasks.exe

"schtasks" /delete /tn OneLaunchUpdateTask /f

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" /l /startedFrom=installer

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --start-maximized --tab-trigger=Launch

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\OneLaunch\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\OneLaunch\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=OneLaunch --annotation=ver=118.1.0.0 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x6f6c2d80,0x6f6c2d90,0x6f6c2d9c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe"

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2336 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:2

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --mojo-platform-channel-handle=2400 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3024 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --instant-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4124 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3608 -ip 3608

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 2576

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" "https://getconvertpdf.com/thanks?data=eyJsb3dlciI6ImhlYWRsaW5lMyIsInByb2ZpbGUiOiJwZGYiLCJjaGFubmVsIjoiY20tZGlzcGxheSIsIm1haW4iOiJoZWFkbGluZTMiLCJvaWQiOiI3NSIsInVhIjoiY2hyb21lIiwiZWZUaWQiOiJhYTRiOTFjZDRlNDY0ZmY3YjM3YzlmYWQyNzk1MzM3YSIsInVpZCI6IjIyMCIsImdjbGlkIjoiRUFJYUlRb2JDaE1Ja0xtb3piSDVnZ01Wd1FLdEJoMG5YUWwzRUFFWUFTQUFFZ0t2T2ZEX0J3RSIsImRpc3RpbmN0X2lkIjoiYzg2OTU5N2ItY2U1Yi00YzNlLWE3NDgtYTc3MTdhYmUwY2ZiIiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRjb252ZXJ0cGRmLmNvbS9wZGYvbHA1IiwiYWZmaWQiOiIxMDIzIiwiZWZUaWRzIjoiYWE0YjkxY2Q0ZTQ2NGZmN2IzN2M5ZmFkMjc5NTMzN2EiLCJ3aGl0ZWxhYmVsIjoicGRmIiwidHJhY2tpbmdfaWQiOiI3NSIsImxwYyI6MCwiaW5zdGFsbF90aW1lIjoxNzA4NjE4ODQzLCJkZWZhdWx0X2Jyb3dzZXIiOiJNU0VkZ2VIVE0iLCJpbml0aW5hbF92ZXJzaW9uIjoiNS4yNy4wLjAiLCJwYWNrYWdlZF9icm93c2VyIjoiY2hyb21pdW0iLCJzcGxpdCI6ImMiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImEiLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsImVuY29kZWRfc3BsaXRzIjoiMDAwIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMTBfZW5oYW5jZWRfc2VhcmNoX2Fzc2lzdCI6InZhcmlhdGlvbiIsInNlcnZlcl9zaWRlX3NwbGl0XzI4XzExX250cF9kaXN0cmlidXRpb24iOiJjb250cm9sIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yM18wMV9waW5fbnRwIjoidmFyaWF0aW9uIn0="

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea3b69758,0x7ffea3b69768,0x7ffea3b69778

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3972 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5248 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5512 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5672 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5828 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5852 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3608 -ip 3608

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6124 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6160 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6408 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 2576

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6100 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6712 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5360 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:1

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1964 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:8

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:8

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:2

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

"C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6468 --field-trial-handle=2340,i,637774582817217175,18074903302958565381,262144 /prefetch:1

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:8

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:8

C:\program files\google\chrome\application\chrome.exe

"C:\program files\google\chrome\application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=2340,i,3570999871549181271,15800491967222852329,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 attribution.onelaunch.com udp
GB 18.172.89.18:443 attribution.onelaunch.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 18.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 update.onelaunch.com udp
US 104.26.13.224:443 update.onelaunch.com tcp
US 8.8.8.8:53 12.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 api.keen.io udp
US 54.186.176.79:443 api.keen.io tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 224.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.176.186.54.in-addr.arpa udp
US 8.8.8.8:53 183.34.211.130.in-addr.arpa udp
US 8.8.8.8:53 release-cdn.onelaunch.com udp
US 104.26.12.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 224.12.26.104.in-addr.arpa udp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 54.186.176.79:443 api.keen.io tcp
US 130.211.34.183:443 api.mixpanel.com tcp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 api.keen.io udp
GB 142.250.200.14:80 clients2.google.com tcp
US 35.163.208.158:443 api.keen.io tcp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.208.163.35.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 chromium-updates.onelaunch.com udp
US 8.8.8.8:53 onenews.com udp
US 8.8.8.8:53 onenews.com udp
US 172.67.14.199:443 onenews.com tcp
US 8.8.8.8:53 199.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 static.slickdealscdn.com udp
US 104.18.23.62:443 static.slickdealscdn.com tcp
US 104.26.13.224:443 release-cdn.onelaunch.com tcp
US 8.8.8.8:53 62.23.18.104.in-addr.arpa udp
US 172.67.14.199:443 onenews.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 chrmxtnsnvsblnlnch.onelaunch.com udp
US 8.8.8.8:53 chrmxtnsnvsblnlnch.onelaunch.com udp
NL 108.177.119.84:443 accounts.google.com tcp
US 104.26.13.224:443 chrmxtnsnvsblnlnch.onelaunch.com tcp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 84.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 extensions-cdn.onelaunch.com udp
US 8.8.8.8:53 extensions-cdn.onelaunch.com udp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
US 8.8.8.8:53 dtj58.veve.com udp
US 8.8.8.8:53 dtj58.veve.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 35.209.117.75:443 dtj58.veve.com tcp
GB 96.16.109.182:443 widgets.outbrain.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 75.117.209.35.in-addr.arpa udp
US 35.209.117.75:443 dtj58.veve.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 static.hotjar.com udp
GB 18.165.160.73:443 static.hotjar.com tcp
US 8.8.8.8:53 tcheck.outbrainimg.com udp
US 8.8.8.8:53 tcheck.outbrainimg.com udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 static-02.veve.com udp
US 8.8.8.8:53 static-02.veve.com udp
US 8.8.8.8:53 imptrk.siteplug.com udp
US 8.8.8.8:53 imptrk.siteplug.com udp
GB 23.44.233.179:443 tcheck.outbrainimg.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
US 34.96.99.173:443 imptrk.siteplug.com tcp
GB 54.230.10.10:443 script.hotjar.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
GB 143.244.38.136:443 static-02.veve.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 log.outbrainimg.com udp
US 8.8.8.8:53 log.outbrainimg.com udp
US 64.74.236.159:443 log.outbrainimg.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 173.99.96.34.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 10.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 179.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 159.236.74.64.in-addr.arpa udp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 getconvertpdf.com udp
US 104.21.61.38:443 getconvertpdf.com tcp
US 104.21.61.38:443 getconvertpdf.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.61.21.104.in-addr.arpa udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 api-ext.slickdeals.net udp
US 8.8.8.8:53 api-ext.slickdeals.net udp
US 8.8.8.8:53 api.accuweather.com udp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
GB 104.91.71.9:80 api.accuweather.com tcp
US 35.163.208.158:443 api.keen.io tcp
US 104.26.13.224:443 extensions-cdn.onelaunch.com tcp
US 35.163.208.158:443 api.keen.io tcp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
US 8.8.8.8:53 youtube.com udp
GB 104.91.71.9:443 api.accuweather.com tcp
GB 104.91.71.9:443 api.accuweather.com tcp
US 35.163.208.158:443 api.keen.io tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 9.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 101.50.182.199.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 slickdeals.net udp
US 8.8.8.8:53 slickdeals.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 104.17.125.18:443 slickdeals.net tcp
US 8.8.8.8:53 cloudflareinsights.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.16.57.101:443 cloudflareinsights.com tcp
US 8.8.8.8:53 6dbdxxya.apicdn.sanity.io udp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 media.cnn.com udp
US 8.8.8.8:53 media.cnn.com udp
US 8.8.8.8:53 ca-times.brightspotcdn.com udp
US 8.8.8.8:53 ca-times.brightspotcdn.com udp
US 151.101.3.5:443 media.cnn.com tcp
US 151.101.3.5:443 media.cnn.com tcp
GB 13.224.81.87:443 ca-times.brightspotcdn.com tcp
US 130.211.34.183:443 api.mixpanel.com tcp
US 34.102.211.197:443 6dbdxxya.apicdn.sanity.io udp
US 8.8.8.8:53 static.foxnews.com udp
US 8.8.8.8:53 static.foxnews.com udp
US 151.101.3.5:443 media.cnn.com udp
US 8.8.8.8:53 static01.nyt.com udp
US 8.8.8.8:53 static01.nyt.com udp
US 151.101.1.164:443 static01.nyt.com tcp
US 151.101.2.132:443 static.foxnews.com tcp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
GB 216.58.201.106:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 cdn.sanity.io udp
US 8.8.8.8:53 mv.outbrain.com udp
US 8.8.8.8:53 mv.outbrain.com udp
US 35.190.70.79:443 cdn.sanity.io tcp
US 35.190.70.79:443 cdn.sanity.io tcp
US 35.190.70.79:443 cdn.sanity.io tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 18.125.17.104.in-addr.arpa udp
US 8.8.8.8:53 197.211.102.34.in-addr.arpa udp
US 8.8.8.8:53 5.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 164.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
FR 199.232.170.132:443 mv.outbrain.com tcp
US 8.8.8.8:53 www.trckolprtnr.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 172.67.194.34:443 www.trckolprtnr.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 api.keen.io udp
US 52.89.143.15:443 api.keen.io tcp
US 52.89.143.15:443 api.keen.io tcp
US 52.89.143.15:443 api.keen.io tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.70.190.35.in-addr.arpa udp
US 8.8.8.8:53 132.170.232.199.in-addr.arpa udp
US 8.8.8.8:53 34.194.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 mcdp-chidc2.outbrain.com udp
US 8.8.8.8:53 mcdp-chidc2.outbrain.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 64.74.236.159:443 mcdp-chidc2.outbrain.com tcp
US 8.8.8.8:53 images.outbrainimg.com udp
US 8.8.8.8:53 images.outbrainimg.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 96.16.109.182:443 widgets.outbrain.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.182.50.101:443 api-ext.slickdeals.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.143.89.52.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
GB 172.217.169.74:443 optimizationguide-pa.googleapis.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 34.96.99.173:443 imptrk.siteplug.com udp
FR 157.240.196.35:443 www.facebook.com tcp
GB 143.244.38.136:443 static-02.veve.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 reddit.com udp
US 130.211.34.183:443 api-js.mixpanel.com tcp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 151.101.129.140:443 reddit.com tcp
US 8.8.8.8:53 www.reddit.com udp
US 151.101.1.140:443 www.reddit.com tcp
US 8.8.8.8:53 140.129.101.151.in-addr.arpa udp
US 151.101.129.140:443 www.reddit.com tcp
US 151.101.129.140:443 www.reddit.com tcp
US 151.101.129.140:443 www.reddit.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 t1.gstatic.com udp
GB 142.250.178.4:443 t1.gstatic.com tcp
US 8.8.8.8:53 t2.gstatic.com udp
GB 142.250.187.228:443 t2.gstatic.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 t0.gstatic.com udp
GB 142.250.200.4:443 t0.gstatic.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 ebay.com udp
FR 96.16.248.175:443 ebay.com tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 175.248.16.96.in-addr.arpa udp
US 8.8.8.8:53 www.ebay.com udp
GB 173.222.9.77:443 www.ebay.com tcp
GB 173.222.9.77:80 www.ebay.com tcp
US 8.8.8.8:53 77.9.222.173.in-addr.arpa udp
US 8.8.8.8:53 pages.ebay.com udp
GB 173.222.9.178:80 pages.ebay.com tcp
GB 173.222.9.178:443 pages.ebay.com tcp
US 8.8.8.8:53 178.9.222.173.in-addr.arpa udp
FR 96.16.248.175:443 ebay.com tcp
FR 96.16.248.175:443 ebay.com tcp
FR 96.16.248.175:443 ebay.com tcp
GB 173.222.9.77:443 www.ebay.com tcp
US 8.8.8.8:53 instagram.com udp
GB 163.70.147.174:443 instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
GB 163.70.147.174:443 www.instagram.com tcp
US 8.8.8.8:53 174.147.70.163.in-addr.arpa udp
GB 163.70.147.174:443 www.instagram.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
US 8.8.8.8:53 static.cdninstagram.com udp
GB 163.70.147.63:443 static.cdninstagram.com tcp
US 8.8.8.8:53 netflix.com udp
IE 18.200.8.190:443 netflix.com tcp
US 35.190.70.79:443 cdn.sanity.io udp
IE 18.200.8.190:443 netflix.com tcp
IE 18.200.8.190:443 netflix.com tcp
US 8.8.8.8:53 www.netflix.com udp
US 8.8.8.8:53 190.8.200.18.in-addr.arpa udp
US 8.8.8.8:53 63.147.70.163.in-addr.arpa udp
IE 54.74.73.31:443 www.netflix.com tcp
IE 54.74.73.31:443 www.netflix.com tcp
IE 18.200.8.190:443 netflix.com tcp
IE 18.200.8.190:443 netflix.com tcp
IE 18.200.8.190:443 netflix.com tcp
IE 18.200.8.190:443 netflix.com tcp
US 8.8.8.8:53 t3.gstatic.com udp
GB 142.250.178.4:443 t3.gstatic.com tcp
US 8.8.8.8:53 linkedin.com udp
US 13.107.42.14:443 linkedin.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 31.73.74.54.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 outlook.live.com udp
GB 52.98.207.178:443 outlook.live.com tcp
US 8.8.8.8:53 twitch.tv udp
US 151.101.2.167:443 twitch.tv tcp
US 8.8.8.8:53 www.twitch.tv udp
FR 199.232.170.167:443 www.twitch.tv tcp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 178.207.98.52.in-addr.arpa udp
US 8.8.8.8:53 167.2.101.151.in-addr.arpa udp
US 151.101.2.167:443 twitch.tv tcp
US 8.8.8.8:53 chase.com udp
US 159.53.224.21:443 chase.com tcp
US 8.8.8.8:53 167.170.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.chase.com udp
GB 23.48.165.141:443 www.chase.com tcp
US 159.53.224.21:443 chase.com tcp
US 8.8.8.8:53 21.224.53.159.in-addr.arpa udp
US 159.53.224.21:443 chase.com tcp
US 159.53.224.21:443 chase.com tcp
US 8.8.8.8:53 141.165.48.23.in-addr.arpa udp
US 159.53.224.21:443 chase.com tcp
GB 23.48.165.141:443 www.chase.com tcp
GB 23.48.165.141:80 www.chase.com tcp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
GB 172.217.16.229:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.119.84:443 accounts.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 office.com udp
US 13.107.6.156:443 office.com tcp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 13.107.6.156:443 www.office.com tcp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
GB 92.123.26.131:443 res.cdn.office.net tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 craigslist.org udp
US 208.82.237.129:443 craigslist.org tcp
US 8.8.8.8:53 www.craigslist.org udp
US 8.8.8.8:53 131.26.123.92.in-addr.arpa udp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 8.8.8.8:53 129.237.82.208.in-addr.arpa udp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 208.82.237.129:443 www.craigslist.org tcp
US 8.8.8.8:53 cnn.com udp
US 151.101.195.5:443 cnn.com tcp
US 8.8.8.8:53 www.cnn.com udp
US 151.101.3.5:443 www.cnn.com tcp
US 8.8.8.8:53 edition.cnn.com udp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.195.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.195.5:443 edition.cnn.com tcp
US 151.101.195.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 8.8.8.8:53 5.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 5.131.101.151.in-addr.arpa udp
US 151.101.195.5:443 edition.cnn.com tcp
US 151.101.3.5:443 edition.cnn.com tcp
US 151.101.131.5:443 edition.cnn.com tcp
US 151.101.131.5:80 edition.cnn.com tcp
US 8.8.8.8:53 espn.com udp
GB 54.230.10.11:443 espn.com tcp
US 8.8.8.8:53 www.espn.com udp
US 52.84.150.51:443 www.espn.com tcp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:443 microsoft.com tcp
US 8.8.8.8:53 11.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 51.150.84.52.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp

Files

memory/620-0-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-71PVA.tmp\OneLaunch - PDF_i3nxg.tmp

MD5 0859be57626d393b36096262e1881e8f
SHA1 f06debaa544dba35f45bba0e2542189d53e6da9b
SHA256 c406decc37ad9cc8a96b73a0526016d19235367a420a1f82b8d8d3f76fe0c4f1
SHA512 fa16bfb5958917e562e7c8f5152001eeed2b4de093fb3852e86bbc84bf60b0cca8746f2950e15ed0d4e1751c713db50726de2bf91a6260d8506ea7ea31f88800

memory/528-6-0x0000000002800000-0x0000000002801000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I28PG.tmp\Win32Library.dll

MD5 f8c19389f44e9216600ba7bbd5355d3d
SHA1 79c78b77de6d9690bf3329833355cb9d30d449bf
SHA256 fb1109a29b39702440daef0cc92db50063b1cb7f5cde93ba10bcb49bef5d3cf7
SHA512 527ea720bed7e5c756b2c08c21c62ce300807ac21249f0106512481909c12bf1a49e9670c9c964d69d0a08e2a8c1fa040deada05a073b17ed12e0e685ae46dcc

memory/528-21-0x00000000036A0000-0x00000000036B0000-memory.dmp

memory/528-25-0x0000000008F60000-0x0000000008F74000-memory.dmp

memory/528-26-0x0000000074200000-0x0000000074214000-memory.dmp

memory/528-27-0x00000000734D0000-0x0000000073C80000-memory.dmp

memory/528-28-0x0000000008F90000-0x0000000009022000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I28PG.tmp\onelaunch.png

MD5 d3110fb775ee7fd24426503d67840c25
SHA1 54f649c8bf3af2ad3a4d92cd8b1397bad1a49a75
SHA256 f8392390dc81756e79ec5f359dbdcac3b4bd219b5188a429b814fc51aabb6e36
SHA512 f6b79f728be17c9060edb2df2dac2b0f59a4dffd8c416e7e957bc3fa4696f4237e5969647309f5425a6297f189e351e20c99c642f90d1476050285929657c32f

C:\Users\Admin\AppData\Local\Temp\is-I28PG.tmp\pdf.png

MD5 485cd5451b6a5e12380aa2e181abf046
SHA1 e1fe4637b2568aa8b26057ba6e653c0d37c8abc8
SHA256 1d227c280d121311a0c7ec32acf8da0ffb34090da2c4c1e47cca701cd8b32c47
SHA512 3dd90236103a52b112bfe4b90ba1bf985fec0d23f70f21ee7b2d677a0f29e929266fb1f2abb37e06a0029448f08e0feb5d4f8612115a7e81b05de0a5875a85f3

memory/528-50-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-51-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-52-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-53-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-54-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-55-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/620-56-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/528-57-0x0000000000400000-0x000000000070A000-memory.dmp

memory/528-60-0x00000000037C0000-0x0000000003900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 0b4cec3ca02f4159b6c7678188a132b0
SHA1 69154a405013810cc9b1628db4a184d17a091d2d
SHA256 bf64b154df6596991d5cbe4fcfe5503673cd318c53756fc0bf1ddc26810acc07
SHA512 ababcddc920a9a78882105d29a8cf42470f548ef87b03f1d2aac149e6486a09f454e25f14f9f80aab5ab13c4fa8ee11d29c9710c12d8c22a58693c0c0452ad5b

memory/528-65-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/3112-66-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3112-68-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/2088-73-0x00000000025D0000-0x00000000025D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

MD5 a08ca7c2a756f6d52b93e946fc8e6544
SHA1 8cce8ddcf6bfa3bf0a46ab4fb590e6bd8321d981
SHA256 6030840971aab89b3bdf584fd08a1f561716441347897e609272dff4a70c5561
SHA512 ddcf726c2f2dfe922f6f8f23632c220fb10b8d1c4db1971f58c6e8d72684676cb692cb5fa60b262d1aa55ce21d965732ccee8118723b87b17bc70e16756d28e3

C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_i3nxg.exe

MD5 3b2d905050c53e44bd95dd5a97beb029
SHA1 8ce08d89cb816aa7c831fc5bf72a61f0cb3679d1
SHA256 6e460911fcfb343fe5b6b582b4f426c1a498ccaec41f9239cc7974a1c99cdf42
SHA512 252e7eb80d9019c409f08cf680f1896c96c5416f849882fd2ae1e5b3e043dafb76e09f2fa3e855a73c6655904bcdd5ac94c98601aa532f5d19f3827347071f6f

memory/1816-85-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/528-87-0x0000000002800000-0x0000000002801000-memory.dmp

memory/1816-88-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-O92S2.tmp\OneLaunch Setup_i3nxg.tmp

MD5 f248f132c4ecb30df87c74463ac18e0c
SHA1 1e55b7c2c7b18f908df6422268c7f79a720eb046
SHA256 ee59c8d03d3600ab0d883ae62d03a550550f6749c7a070f1eeb780eb1673632a
SHA512 f34713f264a759ea03d00899f0742cbb613dd2b1483c5ee18869b18b4ee780fbe2351a8661046916ed2207da91bfa921ee7e9b85884d3f5e4b6e4200135a4d57

memory/3608-93-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/528-104-0x0000000000400000-0x000000000070A000-memory.dmp

memory/528-105-0x00000000036A0000-0x00000000036B0000-memory.dmp

memory/3608-106-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3608-107-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3112-108-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3608-118-0x0000000006FD0000-0x0000000006FE4000-memory.dmp

memory/3608-122-0x0000000003630000-0x0000000003640000-memory.dmp

memory/528-119-0x00000000734D0000-0x0000000073C80000-memory.dmp

memory/2088-109-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3608-121-0x000000006FB90000-0x000000006FBA4000-memory.dmp

memory/3608-120-0x00000000037F0000-0x0000000003930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\min-rest.bmp

MD5 2484489c7443ec4745488a77ed084d80
SHA1 fcf49d1be8bbbae3d0dea49bb5e677fb19d98d9d
SHA256 70b6921812f29b698f454927802db818c1625402baefd53ced1bfb9135c17d5a
SHA512 a4776969b6bf215a85e7cfbc8f13dbb1beb4ef42eb5abfa572bb7f54c0032941c8bb178e7b77eda0c442741c29fccb02d8de157068dd31203bfed4e49ce051a5

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\min-10-light.png

MD5 2257b1d0d33a41f509e7c3e117819f8b
SHA1 87583bfbc655aec4e8cc4465b341c3f7889a6317
SHA256 d43e4b285b5b54313b53e87d2a56ca9ba0c85f8f55c9c5fdcdb4fac815ff4d02
SHA512 702d1a126a0a7a64af5cee9450daeed74364aa9e9f123e1bc398ecd4215c082e7f55e43dd292a4119749e84999b015109bff8b11732df11143d202b385411cc5

memory/3608-138-0x00000000734D0000-0x0000000073C80000-memory.dmp

memory/1816-144-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/528-139-0x00000000037C0000-0x0000000003900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\checkmark-10-light.png

MD5 a4d4dc66a41d9c3b54a2ed3ee8d4b3df
SHA1 e91a5e7a6690c14c6f799e2433beb2f6388c4df6
SHA256 46e9c171e2115cd43e5d05f6a5f6015b27bda065fbab939916fee2fd5c06d5a4
SHA512 99d5425aa653b93d0b6065020f88c095c39d982fb20a0ed0078418e8e862a104b4f0392791c79d2df86410a0ba5ba60e644852943a9fc602f7eaf82fecaaefd4

memory/528-187-0x00000000037C0000-0x0000000003900000-memory.dmp

memory/528-186-0x00000000734D0000-0x0000000073C80000-memory.dmp

memory/620-188-0x0000000000400000-0x00000000004E8000-memory.dmp

memory/3608-189-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3608-191-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3608-192-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3608-190-0x0000000000400000-0x000000000070A000-memory.dmp

memory/3608-193-0x00000000037F0000-0x0000000003930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\features.json

MD5 f9eff3539962e941e2c8389e7ff3b03f
SHA1 c4fc63586750c6132d2bb99b7b493b84e3beeb6d
SHA256 3c3e85b89969aa3313848bc7944d8e8648ffd95dff755adf9c28bbf10613a3be
SHA512 8b97d5a7a8c1f3653d2b665abf0075858f76031c3a4df20b2f957f31e2daaa9dd6afd94a6e23275947d26357681c07860f021527c1ed2995ea1c8987c637af31

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\profile_descriptions.json

MD5 d23e9f5a6bff3160b1ba511ccc6135fa
SHA1 fb8954917f695af80b607c8fca8c16563b0571fa
SHA256 c4d2d5b80624095a2f2acb0db4cb05ddcdfc9e3022567c82d5227ec515ea1e4a
SHA512 1c46992f3f23306e911dcee65d1c6ec073765de3aac3de3a5f9d9ebd55cff908e1036467ba04ab82803442d07c44a23b1615aeceb8f8c120ae1226bde3b0550f

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\profile_headlines.json

MD5 752c01ebe7dfb51ca60fb6161c55b582
SHA1 11303edfb61b10ed5a22d513ed748e7fa154073d
SHA256 18e328f40e5a54ebbb28dd121cf429f2b51603d1a90f26fd52de1abd68e0d6ca
SHA512 67b21cd8f0b2e04dac8f44a351f42127dcbe036ea07468066c54cce927ae29f0d739b4ed2bd09678cca70a36156df92ce7671200a96386e0ebefea9ff128a80d

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\exit-10-light.png

MD5 2cce6763f61dddb4599cb058d6761c56
SHA1 40bb1a5e735e52791c7c3f0a22ca4a63ec9a3737
SHA256 0fc8e40a3b0e7a516e108dc0f3267dcccb4de04d28a21eb68a45a8ac1bb9df8f
SHA512 bda0d42e1a844b2a9608816b07160ee42e1f4c8705d820cadf5cd5e714b7c9fb0c6e066db04b74d573a1f8f435324d807634648c348d5e456a61cc9dab684fa2

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\button-10-light.png

MD5 a879852024bf6de33c3bb293704e6fe5
SHA1 8487af86f572f80d18720157906c6b74de2a52a8
SHA256 a45a7bf12d8e17d5b05c81cc3bd5ee5e9299b9b522e4b883ed00808635d99bba
SHA512 34666447f27f4355f991b66e4781738400619a4553415060c2c0dde59198b797999be4f24734ee04fa3c1c6dd3b4eb26ba48c361cd891855b30eed7586d521a7

C:\Users\Admin\AppData\Local\Temp\is-ITSTV.tmp\button-cancel-10-light.png

MD5 7631238b127e061a3509d98f83da7487
SHA1 6c7ad20207be9a0fda44092de3772743a594835b
SHA256 160f9a1ac9cdef54357cf709ecff851b84001709baf6c1516b77493597e41e39
SHA512 2e5805c6c85baf164b79b9358def543a4f3c3a9935d614be86e9a1cdb6e3bd3c1a38cf9592bb4b324f668fd9e22e1ed3b4fa36b964fb92c2c27029da2920f243

C:\Users\Admin\AppData\Local\OneLaunch\profile.ico

MD5 d3c9b4d1d3878103ff515bf5233395c0
SHA1 2f4c871057b9ef3f364074579afa6c5ef5c006c1
SHA256 85cf400ce5de14535f8bef5097230aa5f10beaec06061848441ec294916a1022
SHA512 0041b024d0b15d0840777e4a187df8f35f3667e60159f41fe76863f47b19cd2e8f38ebd4e9627a17e93f8bbe7407b47c3dda49eff7824a86345faf781df67f09

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\OneLaunch.exe

MD5 1fc926c08c238c4c4db7c4eb2b858c7e
SHA1 32feec3bb3e67ce21e3fc006bb68327d05a784a0
SHA256 2fb77c9768b10bb33357b2f78468ebb44a64a6a114ca56ce4c8473d3bfcf8446
SHA512 f77ac171dbe7f7811cc7d4335b872daa2c53a7e6f458d4389062b4dd0e5279fc42b8ff764fcc39a1337e59aa3a2520a707416b2d4d8a1770042ff08454f74422

memory/3608-1135-0x0000000000400000-0x000000000070A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\OneLaunch.exe

MD5 9d318d86754eeabd0d59c35752e8d81f
SHA1 9e8932e44164e9cc55259dce910893b4af54f1a2
SHA256 725b252307c1266bcefe8fe1a7f1ab1cd4758f541575fab1611f516fa4f00604
SHA512 871692c8083e9ae6b69baa81cddfa999ed266e0d11132486bb0ca4b9484a604e86167395dcdfaa86e40733a0a6c3afac8ccef1346ac4d693ec7c09d15792ea2f

memory/3608-1148-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe.config

MD5 2722a3de42a1d0ef4089459da2cb3596
SHA1 a3b2a985eff4f694bfb4936fcf8ee8904e3b6917
SHA256 f9d49daf8e030400897c673abe22e7b4d4e38c7411b2aa2dd990de27643c6f21
SHA512 b50f4ac22281092a505d49deea50d50a6ba476f2c78db5d632e4afd8fab7246bac812a166adf5f6fa287c94e325cdf49ffcbd6d8b19bfedf97a716a4f0cfd816

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunch.exe

MD5 13da1314d428dbcdaa9c98768dc60323
SHA1 2c5c138895d0f865bca99b79b8283c1aa4173cef
SHA256 c8489eeb0feca6415f8cc3024ab4df6a4a5caee2ac80820489d2b269db07534d
SHA512 5db9c9280f788afeaf80937f4a1b218a0ab0792aa646b4fbfaae6803f58f86e8ba008346fb41d9330c6dcc3c4faca89e8aa1bfc237dad48043cfe9741536b832

memory/2712-1150-0x00007FFEB1110000-0x00007FFEB1BD1000-memory.dmp

memory/2712-1151-0x0000019FC5390000-0x0000019FC6498000-memory.dmp

memory/2712-1153-0x0000019FC68A0000-0x0000019FC68E6000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\log4net.dll

MD5 5c1c94140a2f815f64117dbb63a4477a
SHA1 9a79e9c6325e20e5c10e654908d6fd923a25229b
SHA256 55b2fe686bc8f739ce845d1689fd08cbca20381c8e0d2417185d1a0018d8a938
SHA512 502e77236418afac1d9a15d9840b3b6872440f8a1601706e7a4b0e98a62d0de70c3acd192d53d5c29994d1e088fab07c7e299ab7f6b3232a858cc8782d283084

memory/2712-1154-0x0000019FE0960000-0x0000019FE0970000-memory.dmp

memory/2712-1156-0x0000019FC8210000-0x0000019FC822C000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\ServiceWire.dll

MD5 99b3d7efabd8f3afe78405d3e9ff2d00
SHA1 ff7742716bf3759ecab5547520362e1694786696
SHA256 152558a74c510f529ffa5c9397fdfb37858961371bd23e89219236a14f4ea16a
SHA512 01392be8b1c28ac135b15c700913879e1250a78092adf32443ce77f4b95f942a4451e46123241f43bdc06c14488a7c2f636891fecf1c8fa3ab0bccaa7f53a03f

memory/2712-1157-0x0000019FE0910000-0x0000019FE092A000-memory.dmp

memory/2712-1159-0x0000019FE1A50000-0x0000019FE1AC6000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\common.dll

MD5 f8982bca959e27db5ce19d7932551d43
SHA1 755b3ca63d16c57f93f073989162575304843f5d
SHA256 0ad834746488898d82e2a42d30ee3e8e6c70d1efb64d1abd6bc7430be38c3212
SHA512 81f9fb461e619792c51c1fe41dbb9d1a4b76554e65441fc82be7b39f103efbc8ea744c24b9833b98bef5a0803619f733e3d247dbdfc3290d6bc5770adc33b3b3

memory/2712-1163-0x0000019FE0930000-0x0000019FE0946000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Unity.Abstractions.dll

MD5 1b066b3cb5d8ca243a8bbd13e11fa596
SHA1 63f9d1c08e011d9aca6bdc6839887d03d38944a8
SHA256 788f516054fa47046514fab1ba81b712fb441814e9745fb46c09d29f6de8a464
SHA512 a35a8881b928057c165be32f637ffafce456c5a23eded2d867847898c37a84fc0db4f1892550eb11d86e89d55123520c0b34626321b756e2fede7974592a0b22

memory/2712-1161-0x0000019FE0970000-0x0000019FE099A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Unity.Container.dll

MD5 d618cbbbab32121bb8f78ed1de80189a
SHA1 f52efd7e2fbb87c57be0f6a981a527a6a6e9b338
SHA256 033ffdf50a855fd3b42e8950a4707edb2ed0820e37d2c9ee9456af41d22aeb7e
SHA512 607074853bdd4e953906896686b873c0214edee889730ea47ea643173ba2cd9c44ee10006943952d2c60ed2f43414776b7ae38050ca62e0628723fbbd9306e31

memory/2712-1165-0x0000019FE09C0000-0x0000019FE09D2000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Win32Library.dll

MD5 48b3ed59d4716f040be7bde04ef9419e
SHA1 b8a3086b8229294c6d0c307f9576bc3582ffa7c8
SHA256 06b116abc62a4fc8002c394e8e0f241769dd89545c39d8b155e87dc691e981e2
SHA512 13abdd70947eb24eaa4419201e30737d7b61d8128c4142e76c8112d42c083888a8afca457613f491bf29d76992685c2f9be7d4ecc10bb66103cd3e99ee5314a8

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 2fddaf7276c13bc3e1fc8aac636e14a6
SHA1 6a976edf92abc8d613d27801a5ff6e15c9c996a0
SHA256 683e76448aab5848953a0f4a3889931018f842e8eacd2f46ccf7096104c14fb5
SHA512 ff6b9a75f9c4f224ff1fbccf834c9b70948237d4eaf5c96f75beb9caa90f8f10a154dd1c18aec2d1c5d9e90eedf08c05cc2007430c622aad559270a24160469f

memory/2712-1174-0x0000019FE2EF0000-0x0000019FE2F18000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Microsoft.Toolkit.Uwp.Notifications.dll

MD5 f58e9ca60368433534c420b054b01cd3
SHA1 598b9280153e53c6fff56af80d2c59d087809612
SHA256 51eebdb28f042f6169e3c71cec16d3fa95634c4284a20ed1d4e4d182de5f4bec
SHA512 14e180a029a81c777e2b4e938891de578203ef01ac2f187280e87fc161a2b7de9e36cff5fbd810ff5ca5bbc5cc84bdbce68f120014813c8e5ed17ee200e7f573

memory/2712-1176-0x0000019FE30D0000-0x0000019FE3180000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 7dccae1290249539674646d98587319d
SHA1 f120bf719de0ffa85c6d0a2d967a4c81d77d9c27
SHA256 6f926d1ca08acf60acbfb84241707e78286df7f139d542d5845fef2380aaaac3
SHA512 b42d20d2f58e687f4cbd7732fe922d5b7440b66a4423d692cb6d547c2d929ff93a229b3767b8491c0a6b2ba8b68810b64886670f683e20c11db9f8c471be3674

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 56f0769a3fb18f9a6408aa98af6ae389
SHA1 09036f4940a9ef959fa94214b66e942a2197f2dc
SHA256 10874849b541b7042ad72d69ac026341270ed3496b1c6464cb138f5c9cc6bb1d
SHA512 d08668d032567ccceb77c01fd5bb9aee852e75bc8dd42576822074b586e666cb094762bd6d34315a9a037fcbf7ea889aa8ce9905c25426fbce6c5f8d2eaf0b0f

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 54201afa7d6b522b94f4edebbafecdf3
SHA1 9f4b8c217168b9de7c7047166ecb85b56646145f
SHA256 3026d34e63092ede570f9e93cbd4979661b5a9f4ed34bf0c01eaaebd50211ed6
SHA512 660000f388a6e2ede1e0efcbc7cf301fd9c065943801463666331feb4e3a55f3468b5cf33f1c0ec6f4e8a7f7912aa3f3057fd91a06ae4acbe4dbbd2fd0e8c701

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Newtonsoft.Json.dll

MD5 081d9558bbb7adce142da153b2d5577a
SHA1 7d0ad03fbda1c24f883116b940717e596073ae96
SHA256 b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
SHA512 2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

memory/2712-1184-0x0000019FE09A0000-0x0000019FE09A8000-memory.dmp

memory/2712-1186-0x0000019FE3020000-0x0000019FE3042000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 f4fa3eedac57ca5cd032037f438c2024
SHA1 ba19a8a4274773345501ceb8135fd5fde6b7c813
SHA256 6adeca88782de3f18cc55f9deb428c56ffa5a6ddbeb2aba68d6f5c86b16ed6ab
SHA512 dbbd135df0525e25446a4b054c0bc44ff65af16253af370642cacd17cab20eee16ded9ba8f6a71161918b384461d171b50a2f89a9307be097658a041b05d7c52

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 56156f3292767379d465a76f989ded7b
SHA1 ac4584c0abab723b09ae0a6fc3332e8e42c8c247
SHA256 9596915499befa6d76e94e4530dcf1bb02984fc5a0d9f2fd964c4508c439044b
SHA512 db09749a43f4eb704554391c6f716a1e6153bebe4cc6098dfaa7053b8aac144463feb32c59a0ed3b03f694a09dba6400149653b72cefdbf31267938227a37257

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chromium_base_version

MD5 24af27209c641f801d94a63cf07cb346
SHA1 9568aef96d210612927b9a3d09f2b6bb34947093
SHA256 924771ab3d4b68a38632467dc23654c6a8defaa8da8cf8fb610c1849b8c34881
SHA512 45c240bff6ed765eca17a50965c1f5c69a2c072331bcc2cbe45e978cd1850505994c318939616f942929d49c968f1a15da3623c567cb56b23b1991f801fc7065

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome.dll

MD5 129731e53e60048bfc5f2a057e8dff5f
SHA1 03de6b69d33b6cd0d61ca25680ec9ff850446c44
SHA256 2c602416d5388c8f81f444c9c1fd32988dabb313a0fbd6f4e1a69de4a0607836
SHA512 0a2172737e27576e0a0a66a6828aecdf5d71950cca26f7a634937bac9cb1aa14399065f33eabde3dcb9cd4d5ea54c1135d5445db9c19e7955996594d81ac4347

memory/2712-1190-0x0000019FE3340000-0x0000019FE33B6000-memory.dmp

memory/3608-1189-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3608-1191-0x0000000003630000-0x0000000003640000-memory.dmp

memory/2712-1193-0x0000019FE0960000-0x0000019FE0970000-memory.dmp

memory/3608-1192-0x00000000734D0000-0x0000000073C80000-memory.dmp

memory/2712-1194-0x0000019FE30B0000-0x0000019FE30CE000-memory.dmp

memory/2712-1196-0x0000019FE36C0000-0x0000019FE36D8000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\SharpVectors.Runtime.Wpf.dll

MD5 ef579ac90fcd8525234a517e055a3e88
SHA1 d14e31848b8688562b48f3c756492ee1bf71981f
SHA256 de7c471617d8f42fe9a42e5b0b96fab23196f941a336fbd57c888b453a8a13c9
SHA512 288c6c8f13d64f7b6c24c8294760f9f9937c76e1331a5a74c171f0e3ce3a7e47441b82e3bb3adddba4abc564b1b58d11612f7e92a00059a6f36dbdb9b32fb897

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome.dll

MD5 3ff696e21bfb8c47a388528bc625b085
SHA1 19c3f3983c1b01f185fc1cd32051796ea729e2e4
SHA256 fe024b69b64e1d92c0f9d77f019f4e82efe3354f3f0a293275d4e0e0c90710b5
SHA512 c83393a2dd640ee76d1407caf90aca1d6183b2d055ebbfc11afe0fcb4ccf7fc6a63d42d66dce97858a5c66220c55ab9abc0b28069bca9af7deb716e83bb5fb96

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\icudtl.dat

MD5 fb6423a609655e5ee1746631d9a955b6
SHA1 6af9763d48564097f9a8cd6462f184d2fd755a5a
SHA256 b16d5f7150a5f98c4d9811648a423078a7b2d69ea81ef8d502d13d2c6a9d1f45
SHA512 5bae514498282ae4a01049bbef7f697b6cee9f6125a55ef11f58a685b25d5234eefa98006d35a45ba63fcc790618a4c45cf90ef9a4ba8a1134549f2c96269597

memory/2712-1200-0x0000019FE3840000-0x0000019FE3850000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\locales\en-US.pak

MD5 6c24ae6e678a2079a814b0fd1de947b3
SHA1 4b4610259bbc5fae67ad80b62c6f27e9c85c66bb
SHA256 caa377cc7c209e4bc4fce648141c010abe6ee3ce7ff665813d5039e1fc293cb6
SHA512 f3ca66289bf6d149ad56d1f052101a082c285504bf6fc94cef2cfb383d18358df7c80b201019b4d7f03aa7d5916a3bcb2471b3fdf777afcc8c65875fef2ac624

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\resources.pak

MD5 c978bed960fc17e285db3b2212758a56
SHA1 acd684636ef3cee99f32b9f0b16d00e8bee83320
SHA256 4321382c287533e4ea05a59f44b34aa47b0d95a2e7616d84c1fed4003da4df37
SHA512 78b6bca63c8e8ca8536866ad61e9b18fef714453402b87fdea63e1d16fac8f17d8387ca0abb2582f7ae64b368b001630a7b51ad7d59bb6464424399bdeb6551a

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_200_percent.pak

MD5 9d916690aa47129a593d90842270a0e7
SHA1 8f1b682c03f980219d3f6c50f35ec59278b015bd
SHA256 8a39516f032266c6ff2297f3416d9d2d2b01ad33221fd87fcea54e64ef5411e7
SHA512 afa5a3c94c3ad0790346ae14b124cc4aa0d561c3ea350eef20047bac4ce85e89552b337ccc974b1fc2ae0febeff0766543c0fd00db796aa03d366b00490d5542

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_100_percent.pak

MD5 ccede732eebc6d80440ec3ed0d3e8e2b
SHA1 00451c34223e3735eb14490150e4a48966f98ec5
SHA256 4c27a68720daf314d237d78ad17c34e27c98c77c95e2adb81eea6ff324adcef2
SHA512 d1ed169619878e8b4ee9b71bcd850a794b974a276b65f0b5ddf72b88d6fa48f7a457fd7f6edfea1d40f5c8dcb17807a6539eae707fbe93ad4c467fd673f29525

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\master_preferences

MD5 1145e5f59ecbb095fb6b2c589c45e824
SHA1 f867d306e1d59a477b6221b2cb4a37a18a71cdd9
SHA256 6717cf4c3142666873a050c9e6578977e874aeb5553d6aa4a653a9a9a2cd7ad0
SHA512 4968fe6874f5d410a3e8faf3ea4a8c0bdb0e07472698dc1a98a94414abcb960e01440e1e04b8636a69fd3907e71ad3967309c3f6428fed1a3e845c1c08f974f3

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\System.Windows.Interactivity.dll

MD5 580244bc805220253a87196913eb3e5e
SHA1 ce6c4c18cf638f980905b9cb6710ee1fa73bb397
SHA256 93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
SHA512 2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

memory/2712-1208-0x0000019FE3310000-0x0000019FE332C000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Microsoft.Expression.Interactions.dll

MD5 3034cc0d5cf3731ed90153aa616f3f59
SHA1 aace8d26358d9829f0e6632bddf183534acfec0d
SHA256 63cd5e8a60d77d1007352538a4285c60c0c3efb9c771035589105a284e4f63a9
SHA512 88589b022d713d565342e331394ed5600d1fe346aa788e45e16cf51221ce898f10bd28c6a09fdc44d9ad94f25b4ed22c6f0eb28fa832863c01732def5b6c6086

memory/2712-1211-0x0000019FE3740000-0x0000019FE3798000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Microsoft.Win32.TaskScheduler.dll

MD5 a844ac745a4005fbd3f51d79ff88583c
SHA1 92671774fd4be9781a77d2788a8dddbf8981ead5
SHA256 74fe1a6a1e36be7d893e31bbb4d4bd83bf4b927e715276cd5607982139818ebd
SHA512 5f0734058d9146ffeb552abf443df5097cf134a4737bed499467830e08d97f5d1996c1f1647c5c12289ca4d4209effd480010afebc59d50290d4ca7d45bb41f8

memory/2712-1218-0x0000019FE37A0000-0x0000019FE37B2000-memory.dmp

memory/2712-1219-0x0000019FE3700000-0x0000019FE370A000-memory.dmp

memory/2712-1221-0x0000019FE0960000-0x0000019FE0970000-memory.dmp

memory/2712-1223-0x0000019FE3830000-0x0000019FE3838000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe

MD5 171284ff3e811bd5bd801a2b552a4ca4
SHA1 533fcf58f25e3fea00bc17f291aad97b8df683fe
SHA256 75d6da5f81d9037c1e95a50fdcd19ff5d64a7c54ccaa2bb5bbdea88d6dc90b55
SHA512 32cf62c76b0164a79143f1c6fddb8e72d0a50d8c7af0fc17de19c5385d16c478d6b16689fe5710b71dfb2b8760f43b724df7ef8ca9ea8f133aef67e91ce4a7ea

memory/2712-1225-0x0000019FE3A20000-0x0000019FE3A46000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\onelaunchtray.exe.config

MD5 df2bbcebe3a519028906408953369d89
SHA1 44945a14e363d6ea464303b0e8bd4a81cf12bec4
SHA256 badd2a9ca02e0af14649aeec26e50d57db7e4d542335a7b8622da51b781f37cb
SHA512 61474e0d5361d7cbfa4ca5beadbf306835d551fa599f676fa1b5cf539eeccdda61883aa38b8ee7f388d795e3f44c0302137164307e5c20129a6a1ef4df37b4d1

memory/3608-1228-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3596-1229-0x0000021E08660000-0x0000021E08704000-memory.dmp

memory/3596-1230-0x00007FFEB1110000-0x00007FFEB1BD1000-memory.dmp

memory/3608-1231-0x00000000037F0000-0x0000000003930000-memory.dmp

memory/3596-1234-0x0000021E0A540000-0x0000021E0A55E000-memory.dmp

memory/2712-1235-0x0000019FE0960000-0x0000019FE0970000-memory.dmp

memory/3596-1233-0x0000021E23DE0000-0x0000021E23DF0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Hardcodet.NotifyIcon.Wpf.dll

MD5 5fea5381909fcca75ed4e79b058e512a
SHA1 1d619f03449eaf4405008a97ddf05b313eedd21f
SHA256 9c5a27ab185e32c4599816db8df1c7b01b08b5cb7a15933215c9a237322abfbf
SHA512 8494b36651f1e36f8008de7bf6af3b378843d3e989206a5c3c17b7d1a5a33aa762153bcef642f66b8c1cd682b2eafb7102d129d77fcb4a47de7f724ececc7127

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\Flurl.dll

MD5 f8d1abe9d445441648b2049d040e6f75
SHA1 68f7a2e3580dfb2f8ac656c4b3d2fc96c86c193c
SHA256 e7b07773fcd2b98044f2571948e2d843d191f8751befde5ee450ad627b5a9fa0
SHA512 c9fd5f9f1842cbb2fcbcccbe51126566aa044524b67526aaa32ff3b9b6d4a28bd9ff6aea635eca00c717b26e13e8a43f74ebf9302c6657f7a2bdd8ffdc0ebcba

memory/3596-1236-0x0000021E23DE0000-0x0000021E23DF0000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 18dbe3fd1497fac024b2d4d30fad82ea
SHA1 398363c59b75ce05b6aa07beb47c7f553f49a07c
SHA256 b314a1bd8a48e6a7ae6b6ceb16c0db91d1ca4e8f927ee7d58895bf22e76b0e3a
SHA512 3c769e6938162528eba0254d7707728a6d87c42863442eac36cca8247525ed6801a5596a5d7e64e598597902db7070a6c8267b35187d251fcde9f716969f39de

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 46a900bba5eaf8c10bf6ba20050eec3d
SHA1 21e02d9db2be9cd92935479b6bee7311aea56995
SHA256 0a295b742f29aa72bc8ec1e3ab1cc26ed741d20c0f68dff54bcf0be95d7ba9cb
SHA512 83e96fe32068bc0bd6bf35c2a222ac1d3e98f5cc2008816affdfcda5a62c406430976ecd58e0c61284a7929bc79851de318f2e206f24a05ceb086371ceea61bb

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\libEGL.dll

MD5 7b88a00b5950d0c359fb697c2e7bac24
SHA1 87dfcee28b63743c8ca4181cce46a5cd13869d67
SHA256 14e61fedd7f88693f6abd35b356e68032c239822e170e6d7a504a2c6f3ce6fc5
SHA512 2c93106ed04ca6243090f681c8903f9031601b3bf788674a5f36b23d1d709841edf7a75aed994f144169adf653409736e0f178e1920c76a2069b3c69d2b193c3

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\964dae98-5bf8-42de-afe1-b239cf008216.tmp

MD5 a3521925004fbbbec5a0818595eadeb4
SHA1 f59ad7f16254402c91d2c83b3307f9d4ee0b1f86
SHA256 2361a312323d45991cef2ab16c8674c775e196e241c4b42ad0506c481b1b2022
SHA512 78aee5267af2084fe839d774b8b0fa0a55008652f039ced988d7c29f35a4ae924efe5384478a25d41d7255d5f76eac3608229ccbec4516c2a73cfc60a478b24e

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\FluentWPF.dll

MD5 908668ffde26ab371a2ef711206aa05d
SHA1 95b60c69c199edd937960d22b793f5e6143c00ac
SHA256 8e136ec981ed7d7abf0c8153db901fcd9e7a311a61e209d88a9ca2b51fc17838
SHA512 36c1ef092ee2ddd9640c6c74ab2d76bb61f62415892b9bcddf93772b604c4b45c9ef88834aecac76ef2f0fa38317f74b889cd26436ab0c6a998b803cdf7a023e

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\libegl.dll

MD5 cf30c0ee5611e233c339c59ef4811249
SHA1 1dbf6f128497b8417d650d7661c1e9fb1043d4e4
SHA256 29a8ae6d339b2b80cd41aaab1b05f9196996d9c0c23960231695bf17fe23163a
SHA512 832914f82086d3e324d692786dd6ab290c5390299091f3f6887e72f0f2510be8cf688783b6d3b3e259201ba2e6910599e335542a4232c5dae1064ade68671364

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\libGLESv2.dll

MD5 67b871a1c2b864e1fe60bcbc10824d61
SHA1 98c012d054d2a2703ae608f4836e40f17bfba60d
SHA256 cc3cae58e1f82eaa1e6d42387a5af467e195a170506bcf6888d50c16e080f7b1
SHA512 bdd511334e925744a9791c7bbd290f10ecc41f30df9183f5740feee13f086776493193fbdc7d1490e243ec4bc23354ab68967ca8b88ef8f119ae2d5aaeb97287

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\D3DCompiler_47.dll

MD5 1cd1fe7b1d60466843eb0feb664d47b5
SHA1 6ec8dbd14ff3876a821ec9dffc5b7d83d84bdaeb
SHA256 f43ea87c2fde781660b3454522573db67b04889d14968032075a66f140ce5d28
SHA512 081d1d7e655810497005423269f6b69c9a1863139b1e1f21e7298d8db5ed81e6b7d55909fa2eb14e3229eadc639e63c7423527f5862cd86140500414bdb5efe7

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\chromium.exe

MD5 9e973c1a8973e95ffce646261adb55ff
SHA1 2fc2f7d3a16cae2f24ba35bbe9dd420702ce27b2
SHA256 af91df851d4628723163a4eecafd81a7e43034f690a4a0197ee626ff029888c6
SHA512 ea552d5e2608e4209b32a307ec9f72e72de2318a5cd6a7969451fcfe4d8e1c5220cd958835d3499f0a8be2398003d393d9895ba243939e782e379a258ed6a145

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\libglesv2.dll

MD5 ea66cd74fddfd3f91b074db019f4d4d7
SHA1 d402fe24cc7c48244cd1795bb8ac9e8ffeb914ec
SHA256 7b254da6a9163a7f62c4f3c7b79a9bd6a1aefd00f423dcd5ca397eddf55d262d
SHA512 ae010e3160550e49ee310f5664119bfbe698e642679ad6f5079ef4fbea26ae4cd774083a2ee570f7f489741645c73b8f98a4283fbdff3ba8ab517e116fae582b

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome.dll

MD5 e6338145a726fa4c95452b633984698b
SHA1 1c32998930b04fa20304e201e1ace51f6f3e9c2a
SHA256 8696f33a5c0ffef2cde4484f97a0834cd0b7b8aff7f333d0a7ee7c103dbe1d24
SHA512 888b98ee4d8a6b859a972bea711e6dae9c2dac584f56ceefacb8cccb732e0663d3a1054e3a228eab96b7c8452690142cd4e9f1c87a429d93eb9fffdec18ee11c

C:\Users\Admin\AppData\Local\OneLaunch\5.27.0\chromium\118.1.0.0\chrome_elf.dll

MD5 610dfa442b3fc7f9a33a8763a17965c5
SHA1 1d509b1bfe71a6a3a4fe32e1e8b26b3341a7b3e9
SHA256 e10d236ccf37aff5d60fc9cd5ad8f2950d52cb67afce73f079f19e4abc932c8b
SHA512 aedc8a3acdac6e9d4e8cb5118914d009a6a6be127d6d354c9d928f2562e255372769a242edcdc9bb507a104dbf42fe529187070ba17b20a9b7a575e1c2c9e8f1

C:\Users\Admin\AppData\Local\Temp\142EA13.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\142EC0B.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\data_1

MD5 08e6e8511aa1ac8bbb38b4400f05093d
SHA1 495dc26ad89f82dc85da94cfb60ef3446d72ef17
SHA256 96e136ae2522a4497f3eeae791e8d8e5fa8afaeb1296e661c6db2902acd6d032
SHA512 d23aa110100603662028f00d789e85abf21f14b774bf193f121964c23a5008690849c62444ca14641d403a1458fac45c0e93a7aa918775b1d3b8c3321eb4d8ab

C:\Users\Admin\AppData\Local\Temp\012a1e4d-3edd-4c65-879a-0a6541277af1.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\a908d41f-f50a-4029-b4f6-cdb59692d17c.tmp

MD5 fa11ca3df5f4a26fe7b9b62957839907
SHA1 cf74ffaee4e2873c82ae564cec30af2ae831f1e0
SHA256 0405e3bd0196d75329a3fac9a7e160b019462908ee70145d363d8722dd674bf0
SHA512 d879bcd533fb49b627d29a9f6b219e21aff33e3c50129a23ab21db861dc8271982141337012b867f494cb3c96381e2633293bded8499bc570d8974099dfe8159

C:\Users\Admin\AppData\Local\Temp\scoped_dir1600_1843518136\CRX_INSTALL\src\contentScript\globalInjector\index.js

MD5 fe07a602fcdc55732a567bceda208e17
SHA1 cded2eae412bfc40d31e8285e3fae7bbd995bb69
SHA256 d459db412275bd93229a3c44dd4acef7c5880b35fa50732f76114a2378fcb5e2
SHA512 a8b49dbb4dbc184332fa4dc1b03f7664a09939cfd472bbf772bf411c5ed1e01a251e628246484a2ab35144b3f97f25c8818304346a7b392108c33b4b3347fdef

C:\Users\Admin\AppData\Local\Temp\scoped_dir1600_1843518136\CRX_INSTALL\src\contentScript\globalStart\index.js

MD5 97c06edc57360ed9d8ced96ffb10c265
SHA1 00778a6df29f8c34f4b66472d9c9c905577c2613
SHA256 8eff34dd1eaeac24aeb9e385dd77a69eae9fb975400389ecce6b73a5385c2dd4
SHA512 b25dde0368501e7935e0d177009dbd5e91288bf648407a958d715f62e7df19fc67a60ca9597a3c938a0f3d12c10559b53f25c58e50d49db50145b9475d4e75df

C:\Users\Admin\AppData\Local\Temp\scoped_dir1600_1843518136\CRX_INSTALL\src\contentScript\slickdealsDealDetails\index.js

MD5 6f13fe2d9ad6c6dca797c4aaa7ea520c
SHA1 33abd608ce8c6687c0930776c4bdd252b6e03ce7
SHA256 120fcbc0bb7e09aee7f2dda95f2cde930c3379878c27fb96e0a21b92b1114b11
SHA512 9823a2321acd4cc37a6cae09e2b5817690efa1f923ef01220291194f5fa40fa615ebc384a9eecc9126fea2567750179e349ee21d14aaf423705ee5fd872cad92

C:\Users\Admin\AppData\Local\Temp\scoped_dir1600_1843518136\CRX_INSTALL\src\contentScript\slickdealsIdle\index.js

MD5 4df3facc60197e3c00afaa676a844367
SHA1 ccf1df4c665eba566276fc833da0d48490dfef8f
SHA256 ab2270fbfea2cc9a9e871abafa5d152003d460591cd96bed34c4b90666e1ed29
SHA512 87c5d67fc5bcb016b7f85523e3073cc963293632a152f93a8d61b9ca6ff6f851e22de9568de77eb2c8a90aae6d395530a2acddc99c353beb2d624512f0f0befb

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\devLog.fc48ebad.js

MD5 9db618256c16923d4be2d163196b028d
SHA1 adfa216df1a5e9eb88fdd755b335c393bf0fd7a0
SHA256 1e88e611c49a97f75e2a4c17a06448b4e7cced3f94139181c9641226a6c10b28
SHA512 ce184074527b8ce85181c045eb0af2787f5a5f66448d8ddf4a6db1a92a1cf1d8ad7b85883398d0eeeb8e79a2e3f51ef9b33286379de0308686a08dc6121489b7

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\index.34f6767b.css

MD5 b3adc2d7caf98dab1cb5c97d32e997dd
SHA1 9c6ab2cc15246f466990aa197c91fdedc4a0ab3b
SHA256 34f6767b1bab23a5550805b8f9be0b668ac87e003d2b79e759139b11154a763c
SHA512 d2bb80f295fa5c68e2f8775e749d2795e05c08fbaafa261690447c2a8a05c3868c939661f38fe43a3a2996d2f52a83f80b92207671ee431f30a77863bdf429e6

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\background\index.c3470784.js

MD5 1bcb87bfe1672dd9d5b6d2ec4bdd1440
SHA1 7af255523505b9e6c0cf373484127c4401861b1b
SHA256 e51b2907b1e86b1c58ade11475a6eb1ee1454f0c524cd8e6102ab5fc76d0b5c4
SHA512 0ef4fdcb8e038d75fe271bd60f57cc92dc1e00a4acec13bca416001ffd305561cf3ebc6ef0bfb3a9a2cc4946706e893b072bf9c0a66e1e3fce18813f26a72587

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\contentScript\global\index.3de956d6.js

MD5 7c0ac97a9e6fa4e0047467a073baf9a8
SHA1 6c074a4cc7eae4e360e7be9df271ec496ec486c2
SHA256 2567adf149a8bf70c083c6e10e79fe088de7da9bcb855882fffb8bda54987ac4
SHA512 9da4f8a7ee585865905f7dfa15ae9e20a39436fccc2bb4cec63e1ce0d2a2099ab7ce1e3c83da707c4800c0a83c5bacc7b0d189070acd93a649f70c10441922dd

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\contentScript\globalInjector\index.44abef34.js

MD5 621f84413426d85ef949dbc76823cb34
SHA1 73f05326fb64de58f03876c5457ec10a601c1f13
SHA256 5e542429604c5dcd7b1baad8a6f1a14daa13b47e4c4294673aac9a0309735e77
SHA512 7f0a5caa17b38dd3ed214b129329feb972290c962a06b433682a16e4b3b0d19a19d986d869b2f65b4a0273048906cd5917cd1ba88c5caef71ed76a79b3f5dc43

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\contentScript\globalStart\index.3fc83030.js

MD5 745f189cb113d2af0d8d6f33adf177e9
SHA1 b0066ed915549e99502ebf5f0a5a3cfd785e199c
SHA256 2fde09e7b5af6b339b43ae81258600eaf05ea3e04f9302697e0e3a80ace3bf95
SHA512 a8ea04967daa4f6cb7cb20759420de33918b272edf0b61447ec49d349271b544016026f9901d016d6a9c4b00cd5831c94e89a731d3e7118ad54142b5f6c78d09

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\contentScript\slickdealsDealDetails\index.cd578971.js

MD5 796daba6f5c5fe6bc6bea8427a2f7797
SHA1 3689e6e0f9e2cfec7f55877b964dc2d1d28edce5
SHA256 2f1644287c285981f2c23e3485751eb055985575423895aceaad863c8785809e
SHA512 a419011d0c70ae08d9164a6b0d20dfade5be4eed103f8a232a42050b0448b1a3e2f0bb43ff73e7e2c78dbfad61ace3587dcf0c66b877fcb054fe3c174fe995ed

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\contentScript\slickdealsIdle\index.0fe40f33.js

MD5 f2a10281e74ca8380dbe077a3157cd7b
SHA1 b4326d1fb0c711c40bc422ddaeed8652191fd94a
SHA256 c7723ea9a61486d63547d0c2dbf7f5bd3f54efa50a53925c448128e655783e90
SHA512 86622918c0b0c2f6ae26493d685c64fb8807c927b343cabcbc9346d4671c75e7333fe11c852a3078f344b48c76b897ed19fc2499c3ffe8a1ec20fe543e2ecf15

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\entries\frameProxy\frameProxy.5f41b151.js

MD5 e8b9caef3a7ed15ca605fe59b8f3d6b5
SHA1 1d1c941b895895d20467c3c1f2b53c33fe05eabc
SHA256 fec08bfdd30cfedbae9b32463877fd043dea187aaf4921f1e4663f610a286df0
SHA512 c8e2a5604883c098ab087ad7c0dc2e7aef1f07d785784ca720a0f45b62a94c00e2e35efd8523ddb9874398e8b3d8917f89a7de681b76779586e791705201155b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\src\popup\index.853e186b.js

MD5 61bf6c2a251c0e6628408a1665b72b52
SHA1 fcab26ae318c56285085e375d6bda6c36b871894
SHA256 203640d8c256c2a990f0538672d658ddecefc6a6a1dc030d4c8d36ffc135f4d1
SHA512 2656c7cbeee6b7d61954eee621de632f9de918911cd5cf0675ac4c443c8331eae12c5e675cfa31a2e79a4e2de06298c200157ba25b37262b57ae20d525f615d2

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\writeAReview.1ba92974.svg

MD5 facb7238d80eb7b026f7e88790194d44
SHA1 3fe76f30cfa2abc91a2673689181676b66af9faf
SHA256 1ba92974a7b7a1e3df9675e7e45d1a4aceeaa548276c2655c9fefd0855f2043f
SHA512 d81db0726030689b20ffb5ba8fbfa130b52c4a1343ca6ef24f89e75ed0d59036181fe1fdaf7768ab82d40b2688e87b912ec859981a5ebaee414e616002c6d95a

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\thumb-up.fd59857e.svg

MD5 52abe2bf7a62c7e7145a54ff8dd6def0
SHA1 96ab3bd37470d98cd9f665a98b37ef647abd16d3
SHA256 fd59857ebcec4a4745ee1d74bf8a2c9de2efbf05305120c4e46e3c9017aa5278
SHA512 0b46a11e65ed72566281dffdb87b860c72a9f4362f47909add7ccee89211bf1cd66ce30426f0b0de4e69e90ca8a0586fdc131be90aacacd8bb40388a175ca58d

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\thumb-down.0e59346e.svg

MD5 7df17ad149bbde5b1a9ece0d7d22a5bf
SHA1 0d188c1ebd3c4cf572b80c5937c15fe53bb83cd6
SHA256 0e59346ef07b1148158f35f11d04d588ce7c2a872be8aa9c4ddaeda7e1646812
SHA512 e2fc94290cff453ba976addbd390797a0b2b42de92b5b36c8d803aef36540988cf7b8c81dc516aba141303564b5a0c2353da7c0ed26c9f6845cbbcb274ee577f

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\surveyFeedback.63073746.svg

MD5 59efec482a37eb06cbe5ba0539a38500
SHA1 93f65f23b190f638084d9fd1e1dc2c203fa3fa13
SHA256 6307374648176d077b8c93b9f17c4179ae3487c2b28585a3aa10f9918c45efc5
SHA512 3a9819cf0260b5c21b25050223779f8ff7ed22223b515739ecf9df49dc723759ca57e1380fec75b32ad322be7320ab1afbe9fb447b913f7b13523e69629405cc

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\style.3f520dd4.css

MD5 3816984d480cb86722053c2a2237b4f8
SHA1 53a7b4c0cde388b926f14300d4ec9dbf2c108445
SHA256 3f520dd47ec8f642261b56d22fc8a98be494184ad8e702beaf04f1f97a80f4ff
SHA512 c600f6688a891387bfcd4c6526c3b9fa6585816dfd6f346c8a8724467c87db49b3dbf222eb167a6a85c646c1c3e3cdfe7420ce29c404dc53c7c4f3449723e277

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\slide2.afc4d2a0.png

MD5 8ed4aadcc07a8bbfac0d95f470545f5a
SHA1 e59428907d772f8e1b0362def0f997a6d4504691
SHA256 afc4d2a08d39b082fa65dea4c88bca1224ac1d3bf2c8f17fb365c50bc6cc6594
SHA512 f3e930b07bde910f56fa431b0852328e72e7020a6082e47190b6450dada57fd28500739f2a723472e8a28e3593e5fa67632f98cbf658e218ec05c1fde7991b69

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\slickdealsLogoMark.b9341466.svg

MD5 77756690ba3b7c34d2671dabfe4a0b57
SHA1 3423f57fa60dcc55bdbe0c875b94b83392b90d72
SHA256 b9341466c9919c3d70a9c6f262243d2d1e64f14e601d53da88c64d41c84fcae9
SHA512 575e9c3a055742ceb63097a0eaab7eabb782d5bf4b3239d50ae7a8cf09268b2f4703149a1a46bebbed19be62427a009db2ad6a8d86c143e08cb5296e896bff7e

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\slickdeals-full-logo-black.25e377ea.svg

MD5 5bfc6ae2895571c8f7e83c152c929f58
SHA1 3c46e35f6a3f670a6409dc4358e5f83890e012f9
SHA256 25e377eae2c4ab4f9a51d19ef6ac4b63d8c6d20874fa7e7074b2da982ccc76dd
SHA512 591d65d64589df6f4d276042e988871a34e7cb9d4eaf3bf808b5e1ae6b236753ce57705f2d8807a8f554ce3600116f8bdfdb99bae8353a5f904c487d21dbb986

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\searchContainerBackground.c79776ee.svg

MD5 395afc282dc1e76306ac14cecd79fa89
SHA1 923141ee07f083c060e2d3dc62b58e97f0785527
SHA256 c79776ee5e8e749e577b27dd2802ee6d3148f1b8080cc1dc977a3ee1725e22e1
SHA512 f958618b75099f7b86a60dfe3f8bb0ec3557cdf98142c17ef0de820e0b09568d89036bd95a9a6bf893a9299753325f439c2fa0477b3ed5f32249748974c589bd

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\scissors.707b3838.png

MD5 64603d6f30d28c77ff468375ce96f6eb
SHA1 9859c5327fdbbd09f82bc8d45f437a9d03ed9d07
SHA256 707b3838c294f70e8fbbbb682e14ea69408228d8a40c04378656bad159cbf9ab
SHA512 03b0c3753a1e808882726bc236a46299a701e2589a1901c2fcc55cd8c50776c04e359254733a43b8b483a51dfe3cfcaf7851168a7226687cdd6ec76c716dd567

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\renderContent.f6e675db.js

MD5 a192f4fe97074c38501a480d8b7a3534
SHA1 9d9169a8603ce308ed3984ea49a9d44a114f89be
SHA256 acd8c5b9d0ccdb296b5d48e206e2f720d119cb1c107309b4c8b32fd8ef9f3abe
SHA512 302c87f4e93b59123020df65d56242c2f31347fd75fc1ca26f9b6fd082c716b02bdaab42904ec16c48c3914e996a1d1387ff52bdb9718e5faa613e3973b5556b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\popupInitializer.ee567670.js

MD5 68f1d1b16ed68737147103e509a2e4f5
SHA1 1a5880149ee4c86f2cd43b1d07d170b1c9476eda
SHA256 eb2ead8ce52358f547bdbd4f737f27cdea65078b9d8746a0f73eb3596a765af2
SHA512 775084ff48e7d6ed71ac0e793a2b932f99685fc615664b2b0ecf56f621d1fc70362d09da15f445dc033cea973d7b0447a79a73f969c43bc95ffd568e45f1fe03

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\modulepreload-polyfill.c7c6310f.js

MD5 9612320d63c93d6eb93f943f24c9bb4b
SHA1 68280a89b02c05e43996375e9880515b3534e3a4
SHA256 c4e53150ec88158c346b94ebf154881be149ed4013a9b5bbc4b5f7a504401fae
SHA512 5b698c3d5360fe879b6db137361415db81b61899b941cc87a14892ace1956e5e841c08e5872ba9c57a657b08edf073147ff023d29b43866d00298533abf46742

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\merchantCards.42882af6.png

MD5 6d7553bc59048ed3b7a654cf937fbc81
SHA1 720785720121af9334a07bfda30e6d0bb4d509a9
SHA256 42882af60cd2d4987ab8226e1bbd39a4c5f7efb713dd6d72ab0406fe648badfd
SHA512 782990196583b89c6ba756e2da9943a92ced5d8b09bd1accf7e880c6b551dbb24cad017f60ad8d5b7eac6a4db565d7ebe0c2d3fec7c2169c4fe2df723cdcac80

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\loyaltyOfferService.4f4dbe5f.js

MD5 e4a9f2b0e51084e81ca6c0b658277ee5
SHA1 45a86f5b7741339efde55e55c9765c6e9b65525f
SHA256 18c195435be4e22778f0f1c52f5a63f926d12a9d6b8c8323e10ebb299f275f07
SHA512 f734589bd7b6a0d0249fcc33b8f905ab1ee48ca1ceca6aa1ae79292f0b538e815455b7a4617186194ae079aa2531f98db470f3f0e23cdeddb419bc86c6531ba9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\index.b3c97f2b.css

MD5 1abfa7da15f6c808d5f538078e78d7b4
SHA1 d20164b4620ae3f8e040fd02ff4536f41d7e63ef
SHA256 b3c97f2b4cfc637908e35c8c4b4ae80f5b17941cab3f2c3800703c3349afeb5b
SHA512 ff7f1d3d715dca165411c2b8b09f6cf616ee0f31607244dc8c2069eb9df79d65f667e9b7b32112d4937f973f28b96db3217d866b9feee543bf43c28982ff32bb

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\index.52a55b27.css

MD5 322407924db50dcdb8c7442f27079a7e
SHA1 996fe6e1d69ca585d17b8e4676971ef3d79b071a
SHA256 52a55b2718c5960f4a29d8098b9b67a5420f0d8c401b1653871c0346121a9ec0
SHA512 53b0dc66e7d3184b5dee2040f27cffaaf09354c59835227398552bad894755fc5c82c958f94df9d4146c1275fa07282e8d8a5830b2a39dcc441829bd3282e64d

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\index.0a1d9bc1.js

MD5 a9881409aa51da613775f3413ff5165c
SHA1 6f6f016a330bc9c152839f839aa2b785ab44e01d
SHA256 4f291e9a648c109b78669cd878f8e6b5e32333b10a3d73a7c19df2ff8e03fccb
SHA512 58b035189bb35f6819343cab6e28d23155e90fb47eed930d158fb43398c47348f9062bb92e0a6681e3983849ea2c485385f21f63dfc7e5e97f46657fc3cc6798

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\frameProxy.2bd3a20d.css

MD5 8bfcb9c52e535df5aee77b43002a6eaa
SHA1 feeec6e2fb2513bfed092e06aff496570ff1d528
SHA256 2bd3a20d11fe4e43e797b935934b5263848fba35d1c846ec7da72c669b3dde39
SHA512 046c0e805ea193074394da1f57cf3c9ba6bfd6c97de280fda9d20dd965f01365814de2c1f0279d6479c0c1f922de3520c7ae39463699e96e510012a17bef9bb4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\fallingCoinsIntoTheBox.f56364db.svg

MD5 9b5819431a8cc3fb3f2ce4eda99e6f91
SHA1 3f6b1c8a5f93fdfcdc6421d5e56f42f60442e8d6
SHA256 f56364dbc2f6bec4fe4414db497a53f92db3d22cde01ee3fb6ef2bbd53821cb0
SHA512 9a1b217544741bff8486ef4bf3be0feb59fe847b5356186d0a8e99070a595eac797bf2e2fdc8977a3932373de7e015e9906d8d27484b6518926d0668af402cbd

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\ExtensionWindow.f4ea2052.css

MD5 4435a64c8f61c9afb24d74143c300571
SHA1 85f6d6f276a8c424757d0b6c4cf21607909d6fc5
SHA256 f4ea20524a0ded94fd090a55ad8ec5d625a54bec9722c27a38766a5d61d3c9dd
SHA512 7fec5d8dd9711dfc1ed14d1e0587ce578bc9d563ff12fbc03e57c20f713563c505f4ba2451d5510b1deb7c2cead8386f397443b96ae0f0197d14ea46cb8f70a4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\ExtensionWindow.cd04b84f.js

MD5 1d5b9214149a9dd0d74ef479d2f751ca
SHA1 04a511fcddfaa11de5e89e3fdbda588fd4860e9a
SHA256 8158334cf59a29e36cae8bdca82646a616b45ab987d0e1f599b079f5cbfa8c47
SHA512 ffa34af3d4d23e1e3935b0e7d82f7a7a0c495cbf157fb347b4d9ac9d32cfc5eb3d0764c7ce32a24aa7fd14fba070f7433de2b344e83ecb05dfbe5b4d26031890

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\dollarStackWithCoins.bd631543.svg

MD5 9d4f3a1e11e34cfa906d1311263514e8
SHA1 24e2c58ca7f4f5fc84f67521e35fbdc4d904da46
SHA256 bd6315432508a76e791489bda6d54875d8c10f06762538082570865572c20e53
SHA512 ac2bf8b24d1688bc9c81a5d720291f905179f117114187760095090471a71c2e7ef41e216c3a486ba6abe2a62c0f44177af5f8b741dd42996d2b641deeea5fb6

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\dollarsStacked.83e74392.svg

MD5 50621ff1ee3106130ed15f28ec242322
SHA1 2aa1ee5cd1084bbefa0fbb448830a6468d40969c
SHA256 83e7439276d37e7e68611884b2590dea849d1b195fc7569f470c3dcda43449ad
SHA512 2ff5d5c25400546136b96bc4c5cbd4da6069c1f6b7871c512c56d1b515c0c7b6fc5cff25c5c2152b01408e44cf23321e86c00702b16df667cf4dfbe087d14380

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\dollarsStack.dafe0f0b.svg

MD5 36b955b780b61a30c318ab31b35f75d0
SHA1 e88b1011afd31ed35e6f7c02b8d8a200e04f66f4
SHA256 dafe0f0b9a79cbeeba8beadb805bc8b41d23fe875c25581ba5dc849755e71cad
SHA512 5fac297e251a7410add6edce54dfd3175b11c9f0844c062ffc6f625efae09d14852f32095522f44f7bf90aac69a95f5fc9b139499c6b96fcb75de12c3b4e1671

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\directToMerchantOnboardingService.4d58e5e4.js

MD5 0e394aa21637d49b1ef3fa330b3c6824
SHA1 e1036eacebee448e5a54193626a4a6b74e23bf40
SHA256 71041e19472c9d5cd9e914d2d613eaf281bb1ac660b3f5ecd20ca8f97f005ba3
SHA512 e207b43120e24de398e7878abe3d2d8a947fcf9590cc8b223f1c16abb85339bdb9af7a08fb39761b3f796a65be913623aef1afe2ed6196d49e8adc528230c084

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\cart.8fe168e0.png

MD5 3b120044414b54d629109937a711f752
SHA1 c8db04ad84b79339721bee2629bdb4cd9d337639
SHA256 8fe168e0f3e4c5fa8aec94dec7135164747f27a2b189ff6600b9656f5916c776
SHA512 3dca5194885ac52323a80734740c08d274c8a2189e3646d113bcfeae3238fea36649eda26be9e0da081509e7a208d232286abfaccdcdd02764e20dadc6fcb031

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\store.690f310f.svg

MD5 d5dfe5684d75c4dd805ee7f4847d88e7
SHA1 4dc43e61f7e991f7efc1339f0b605dd9f80003e4
SHA256 690f310fd7750a94b95ab6a52614a1cb6745fba311378d7bb0d2bf662dd05786
SHA512 483bca72dc539bbcab6f6f02366e9163a9ae9f21d559580b88019031a6ea383a5e9309449622f4d01dc24cbab2a76fab590d9aec26534aed85f2bca97cb29a3d

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\arrow-right.614872e0.svg

MD5 1520255169de60309ec3070536e45464
SHA1 b67ca2f5dfb7ba66848a6ac2cab36a15478d2d7f
SHA256 614872e0c57cd04e1ea327d773aca51a75dccc0660c52d8ecde6c96ab3caee4d
SHA512 80e8067ef51a5d8ddadc5e9d2af6166d561843e209b5b67180837f3e0d403ca74aa3b854b61fba87b3965aa634d6bd904d513e13c0759517a8ad55ebcd8b2aa4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\animatedCoupon.e0bb59cd.gif

MD5 acea1d889f5ca672845bee48aa881dc7
SHA1 d25aac1be33a0852f04b4d8e3f0cda0a84da5887
SHA256 e0bb59cd68251bddfe7c3c512a973d8613f9eb35d9549281a555a16bbe47327a
SHA512 16d47e8cf0caa051dbcf8cd9f602722064b383c7bf5db7290028d12429ec02b3f80820898c786d1c18f5e461862fbd95c2f0fb6ea7ad2ce0e11584e31798fba9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\monochrome\38.png

MD5 6963ca5b2b2d542066627aba5a524ba1
SHA1 ba505166df7dbd99eca91b369fee3ebcafe27e61
SHA256 c214904497572f7d19b1a9745d8e90a398098a86a8116c4db7f6bb430cd0da21
SHA512 3207e96f545477fa9106c212d96646921bd3505851e1323f4c283ea0ed964e961beb2dc04f920b76270326964cee8391ccac2d8b23f5c94762b719c0958a7131

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\monochrome\32.png

MD5 2f3fcb68a97b28572ea5a6f6036e9d2d
SHA1 1f40c0e5ca228895f5251b318840089390a92109
SHA256 95477dfa9523aeeb6c54b99e05b2e77aebd169707ff4870d7a88312c3c9db472
SHA512 28ee5356d0b08749d4ed5df9d2baac0bff7570f6a4f3ccf117481879a549cd63cd33d9371ca769e79c00fe2f050bd027fb1df71502916f55dbb90315603e4b13

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\monochrome\19.png

MD5 ac164fe8d95aab9ef6c9aaf862e8f2d6
SHA1 dd8fa00ec5ff4caccd74329b5d61b313974d8167
SHA256 28a2d5edc6fd51c7274b75b465649f15316bfd3f5e47fe955de262a93ca1dd86
SHA512 2de6700a9e68dd7bc386d1c15ebcc3624b6e32d3dc16d624b87b6e0664ada8c330f6eab5cfd3307bbd0f8d32255ee5734d14e48164cc9b8014a422bbc8ef1255

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\monochrome\16.png

MD5 e9bd81b06e20c5d05aeac790c732f77d
SHA1 cdb7484d2f7c4a4ce354c3a42e5356a5124157d6
SHA256 b9c0d50fa39d97ae1d26d89f20c6da8309e0ad060c89c5a9c600c12213a54449
SHA512 1dad56a3c56170e5d2c7b3d688be6b6f8e498951578c54a68a00f3aedeaf5dc047573443391397221c9f0cd662909eb189543303bf6ba998f76750a61ff14753

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\96.png

MD5 0a114255de7f314a0fbda58fb9c2fd58
SHA1 fa075f0343757be0c3563309ec6a0f9255e09e95
SHA256 bcb44fac4812eb4fd0390419aafb286441583fb4df3015418de3d446637f4332
SHA512 a75e8e33435710213858740cfdb37defd5e5ea6a4eb44d24d87f6159c6e917681515dc241863fe1be1fc32ec06ebf9e14a85c028fd99e88e00760c2ae896e48c

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\64.png

MD5 3067b6fdf5be2a35bfe7d8146b6317eb
SHA1 c35a2913992679d645f86fd723020cbd438fb6af
SHA256 6a296311141ba71a20deb16a3d9acdd5ec973befcc3b686e6732501042e58d4c
SHA512 4eb5544001c991102015035e121fa06dcc01fe55e8111596354bece40bd841e54871623f1a26bdb0a6505527d4dcca62f0aae68d710bff47ab9fc3319dc52a16

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\512.png

MD5 456ab56a81207d9ce783066b7245067e
SHA1 65a0fd9accd620207c249c328a46e57275178a4c
SHA256 e9d76debedd378db37e55f85cccbc4f785480eb7344659ca1fa583e4ca635230
SHA512 63df167261dea64cdf154202835a184160c1e66205e46e8ce61e7d648c5a191e0a1db4d1c3bb12ea1294bab5d81dde5cbac21b25382561d1ae0866a8a5ecaa49

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\48.png

MD5 16a0c147bb8332c8a4edf48ea1dc2899
SHA1 5a340cbd9180d473ad47a865acfbfddfa4040666
SHA256 0279d83c87a77ef86ab0b74a5604f2d432f9d12ed65b4cbaf188e394141e2287
SHA512 d54d19d07283f74f519d5670b953294a23720d23bbd35eb52424765ea31ed9c5c3b89df2116aa38a7e611863f3fdff80e302bb80a2536cd0f9e8ccdea4f946b0

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\[email protected]

MD5 7beed8a89679cac286b388c5e9a61f2f
SHA1 42871f58ddc8647bb0446f637ef624210e7a529a
SHA256 223131bbd78202ee1a0b448b70b03b95d5e58de2b2a201a5d5c3134c85ae5513
SHA512 9bbc6fe8de4765beed4679e14e17c0259e3ef28e45b5420ab58032fe03fca7355e30bd19107e45dfcdb52fea65d47368e57045a43d8f255d585904ae30d33049

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\coinsFalling.53e975ee.svg

MD5 32c1258a116c0c2d9474c5189d23c4ee
SHA1 b8e7814b773786faeb4071f75ed539d55bcbd891
SHA256 53e975ee90871cb354b5f9d388505f7dbdf5f57d279956caef9a05f04e566874
SHA512 bf3103ea1667178c390ddee5c82dcb99a90d344fe729b32f3a4772d247cf5deb9e7e9636fa5d0e90094c974adc38743c0cbe259f1df18617a2c5513c0c1c750b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\close.0f2bda35.js

MD5 502ebbaa12e936bc95c4d036f28a02e5
SHA1 e58888c7a26065109ea7fea9844a075ecf3044bc
SHA256 ffde759cb7d17e47ee8535820ee87dc1685bf82e15d67548d0e2290d8df010fd
SHA512 008c4344e14d78bc30c162ab17dfa69db88308c790fdf5fc40737497ff8f9aa799f4461fe1de058cd13e13a1890dd32433a6f6bd71368049d4c6045ea28d8292

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\checkCircleSolid.965cab45.svg

MD5 c19b5456e3baecf4f7505705a8545817
SHA1 341b725bd5fde9d9bc5d091be963d6cd45b15246
SHA256 965cab45a36fda7457d233caa6a07fd6fc3a1247a96ec1889cfb9e468860b1d0
SHA512 ec06991fd6603c036c0e45515525dbbf6dc5b903a4a1335a6b9eb425db6a5459af00624fee205f97ce5ab63d425b9cb4aa3a477c052e86465ece80ecdc6d6ee2

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\cashbackRewards.e3f540bc.svg

MD5 312c476e7556ed8539c0e19b487b6b48
SHA1 e510b2596ac771ddb36da9c8e0c0ea9629e129bd
SHA256 e3f540bcf98134a0d576f5f48673cf65eaaba5f7bd963308a598facdbadc1e32
SHA512 e4b194070c2ae22a309187af62bbea35fe6479980ee8aa5765d38bd3cdb3910dc48cb696caa1dadfb8fd020589b43f8791b7052a4df85baa6eccc15a037ff759

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\assets\arrow-right3.365d73a9.svg

MD5 9d61eb87a6f4ee97f30129b57acac3af
SHA1 3e29c88782f35acd1ffaf644061c74697cdf8713
SHA256 365d73a98d51b07d97d39131b3b7504717f5d162abf5db768342767b179df94e
SHA512 22a5acd344c8878ef8c355e8a84d040adfd113d7e2f61eaeae1ea2cbc4b8c5782ff4580c4df756c05d49768800c5cfcb3f7b56ff0cf6b75888d8807825d14d56

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\38.png

MD5 c293039207c726e8dbef0573c555a7aa
SHA1 477494d9f5806772d88055f2e5de66ca5a6e002c
SHA256 64f92d2995941adc86691fa92b8393d31d009cadb9d8ce3f625012d6608239dc
SHA512 0b09ab12b7e72a45f2aa9bde58528ef7cb43dfdb5b93c519c5eb7e48def7fffb6eb9f192bf6b732e0e6ca0383b0e2b3f7617ea622290b9d31d7d126500eadcfe

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\32.png

MD5 8b15174b525809349b2dbf3c94868de8
SHA1 0440586b9c9e79c9d747720f77f65dc262b334e4
SHA256 90acec76dc5819b26e042c39d5bc676df7e6edbe3d8fb2d316957bfcb306e026
SHA512 f4dcbdbe0657c25a88b8a67d4159aab919537900ef3be3870244e031fd3ef59987165fb7ae0d566047763c27630e0dfe61d3608b6ded0216f0629f345bda5895

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\256.png

MD5 82909e4e44d03eacee32c4b48b8cc33c
SHA1 12d08dcb73288dd5fde5e1c0c7a5c1ab38e3cc69
SHA256 3a1c3271bffbc47274957d1a69d5c9173116ba09c9b23c49cacea74a443740fb
SHA512 5808eb97cc273973acfd6ce03f6c8ce15c1a76a151ac9227483d593d77d76a926b4bce62b5c9d418413bffeca6d78bc2d745e9bbf2c000d110e736da44473845

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\19.png

MD5 0b8f18a16604fda757ec7a3a832a7dd0
SHA1 600a3306bb45c07c85120cb112ef29692f9a9b35
SHA256 23f928e03099819d19eb933c4e0afbf1e93b12489402a22af2c7b417c11a26f6
SHA512 dfa4b25a532beed330962626910b9a4c54cef73edd9017367d73ece6dd5e7acb52924b08e2d73c3a378d5d40d2bfc83076a956393ae042b1a0ddbc87dd1a60a9

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\16.png

MD5 f7964407d8460444ac479a39866b8291
SHA1 1f07f558e639f507ef5c0a3d15c5567f43ce09e7
SHA256 1206d28eb2995f94cfdc64db6837704999b16a68536b097bdc2a7b2c6ec27f26
SHA512 b063f81ee01787bf27b7ce3078d0d620e2ba52dbfdfbd43ed9929722ce7e27abca3df63370b9778d5d1ee5400b7d83b1cbcacc8369dcc329bfcd17cef82bee82

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\icons\128.png

MD5 f97af773ada667ea502af978a4e09caa
SHA1 255543d25ee7ef8d81e6eff5d1479e3a3c79eb24
SHA256 7d8f71cb862b548f94b77c52a2ce93d5b69fe353d9366581b13247b4d7d72922
SHA512 98a44af2e0c005df6c9dab9cccc6b5f746de21452d0aa605d88f6997641fad8792ffd61b5697830465d5a241e642bd9a44517c08a81e42556858824ff49a9399

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\src\contentScript\global\index.js

MD5 bdd15e1b6c881a285d940e7666bd55f8
SHA1 65be02986526cfe30c7c22f169b95f5a5b50b503
SHA256 8e1b2a501459c11ede2ff2c6accf0b4698d68d3f592a2222d164b402d995b04a
SHA512 efe4e7c0795c84eae25e20b7f9666ff98ae9961f556b17484375da79b27a2559b5dda53ea6b7f09a981501edfe210ecc544d6cff7aa585e371f22e124b034807

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\src\contentScript\slickdealsWorldStart\index.js

MD5 4ccc13ba0eaa600938bcaf8d673134e2
SHA1 2d34a38435f2f014f99b345cbe7e7fa568a28d17
SHA256 fd2de0e6a6d5c30d33b0778ab1aab323b56f40cf788f298d03477e693694a189
SHA512 26a2adf768c410dd88f75597be01a77e95583fab142f433d7d66030bc8b46efbbf07075dbd10eeb599fa1c03a4ee7b8aafd9c41166192134a439b6a68f82ac9b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\src\entries\frameProxy\frameProxy.html

MD5 9ecdb701ed360f151638478c8256656b
SHA1 b31f39a7af6c15bf822a83c959b7c53db1039dc2
SHA256 d36093695f76115def1c72c8e569400f55f87f09d7718c72b9d3dc78745a2a16
SHA512 8eb9157e692550232e7310a2fbeadf94f2e619b0c623bf2d1f2b63abb6158d05f990139784921a368d110f9327d6ce1f7798ec6e30f2cc83dc3014e5fe44090b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\src\popup\index.html

MD5 6cce91f7525eefe2d89e87305debc5dd
SHA1 fd6855bbf31e334114fb1c3a78344ad1d70440c1
SHA256 e28d1c63fcc4a6199203f763dd59912a47b0100fd54c24c7548c9ae31d97bd74
SHA512 2ce6395677de80071a1026ef1c6927d1db58f420c4a444a4b2a1caffe14780bf757fe60e984c1919ee407cadeb29266430267611fa48ab6f4d26e70da97c4b29

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\serviceWorker.js

MD5 02bc07d152eacaffe4a31e667d9fbd0e
SHA1 f22c58599db466522eb70606fd9187bd59cd6b01
SHA256 85c8d0928c6ba30ea4ee87f5f39e001876acab70acd155e16d088f3a56878e97
SHA512 0eea4cde4b673a42926e6601741205637869593d3ed9dc65b3f6a40f2ac61c3b9391cd7b0f75036a1e091eee4a3ed0c73e2cd2f9cffd2ba973c76a92c880842a

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Extensions\Temp\scoped_dir1600_314114602\CRX_INSTALL\manifest.json

MD5 bd71d16d73d457de9c55312b53458b5b
SHA1 c99af7188e136fdc6fc59144e77ff21df0cc8d0c
SHA256 7189850ed2f8e830153634e7fc936d5ab3f0eed9a5d1408c57ee750d07f4829d
SHA512 a4bba3c470c7306035fc2c14352fb37a6a9dd80bb0b11c9a936bf9c4bfe6317270512f7626d3ee480e4f9f4ad272b6c4a58845fb792b0cd714eaecb8ab3b3ccb

C:\Users\Admin\AppData\Local\Temp\scoped_dir1600_1843518136\CRX_INSTALL\assets\src\contentScript\slickdealsStart\index.a0908cfc.js

MD5 19cc33d58ec9e3d42825a814b8d9063b
SHA1 bce43d7ab37440ebb87f9822f2f7ca77aaa79b6b
SHA256 dc57439f8f8747f3b55ce505ed1937e915b9011c697b0bc29b0b2848fb4b0df5
SHA512 b278f43bbb7d0eea8dc982d157bea877d43b0d57231ff2cd146696e072392ae6c4a6bb9c6bfb46545af74c8cc73c1fa572a0abb704e6aac9c06722f40c6b9a07

memory/3608-2359-0x0000000000400000-0x000000000070A000-memory.dmp

memory/1816-2393-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State

MD5 5ab6e9200ebfaf4dd94031b111dde282
SHA1 b8165f888a8fa861bda0b5e499e76c062a0f3a24
SHA256 df00130b3821c0710de9b8e9958ec9482affa6ebac6fde419beb947e2ceab895
SHA512 90bdecbee619aac90f58bdae6217eb2ba57f1ac3743ac619fe05d0dbb92bde1a45445633212283b6e85b1c97353c4e9dac8373ec8adc702dec99d81b1a7792d4

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 614f35489ff0b03495a543e0eb061d3b
SHA1 acfd83510e7a24918896e110445725d9a8b27aad
SHA256 ced29b65c2fe197fabeb9013a0c85234a27d6c55f90f9a97860d3ad4f972e6b8
SHA512 d1fd8911906369ff3e4bfc86352d517e4e059bcf89b5dae396fcbb30b6dc062659f76f64a18686d5f42291914a5317aaec985a8a65b25062742b07149592bbfe

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences~RFe580e82.TMP

MD5 a94796faeabe1818f5551c5c5f10dcc1
SHA1 d1358312b6bcde7438af40bd9d11f285c75cd82c
SHA256 b6ec0b0d48b7f3a3b50b7989c183ef1b201383d5f18b4222d1f55195d701c1a6
SHA512 0a58c178f2dcd3dba01aad4bf9b716c6ede57d70b05cb9102ea8621d44666cbc379a8fe56bc441720b85fc4741412bd4cda0f351e6ffd075fc2a6e913cd7a3a2

memory/2088-2460-0x0000000000400000-0x000000000070A000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Local State~RFe580e53.TMP

MD5 9b370576e6d3e93785c448aefb590527
SHA1 dcedea1326855d0c30116520c25c355c4b3d33de
SHA256 6be63ae08f0ba258adf5d2f2787a9bebfee3da91d8dd988eb9597a934d333ed5
SHA512 f32a941dd71a9c4ef5563862f253d54840f74edb1f7fbab5b6eb1386fabd258bd14c41b6ea8c3c527d9f2004f7fa8ebbbf310498d50467b1fa06040045d0e052

memory/3112-2473-0x0000000000400000-0x00000000004E8000-memory.dmp

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_000001

MD5 d94d8fe8c254a917a80d18397902be37
SHA1 9a2e2eacd45d67f1beb023d1dd07cb8216cca10c
SHA256 c624c4a8624fbb03294f43ca233c2903667c731d87bf587c0b5a7f63c7061986
SHA512 a55143bbf926e5ae17d9b8dec0a94f0bb4fbf2040fba20174d7ffba89cb560527a4ef97736031f942f89abbfac584aa713d161c1770a86cbd6c478381c3970eb

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_000003

MD5 e9a8ae9895d7d9e3dbe52d4fa0d2366f
SHA1 3b071c10347d0524121169ff18f87dec0cb6c9dc
SHA256 8daf63b0a24bfedb691e8b247ba3ca6280bbf07c7446678caff098fa4bdff558
SHA512 5045316eceea774c25a67188e8aab3959b893d66bb6067f836a5084fff6d7feae97e6c70a92241e1bfcef95c16922c6277f48c8d0be41f892afafc8982e5d599

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_000005

MD5 4ca3f74486c48b4478c2ca1deed8decf
SHA1 833cc16edc4e8d21b8a51740115149737234e226
SHA256 6aaa4002ea7c9782d3ef6440f22034dc9ca96aa7646da4dd4ce2192c1cb88454
SHA512 5130589404ba292efba9e8a754cc966577f3e3c957b5de6697e474835723b4fc8eb5468733e231f96761d8e196f602629a4a82a681d71f417ed9b89509edbf80

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Cache\Cache_Data\f_00000c

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4ef8ee68c140f5df08dbca3cd2920544
SHA1 8ca032a74ca004f9d3e7c04a98eda5cb58da8d11
SHA256 942e0f0011e860e54b28cc92885eb8600e0db496fd2bc8c44c024855f9fbd882
SHA512 481278a50b3c0dcdba01c58dbcd814211ec042ba3f2a8fc5445d83431b524d5515eb4ac824fc248b6ba79671f6e95c278f774dbafe355a88bcff2d3bca7922fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79cd37584840a69387ac62882029ba41
SHA1 31b953e29ec377a9738b312ff882da77777d1721
SHA256 cad473a0c1e784d35db290c5397a90298de614e3b31e0739a5cd1c714a14aab6
SHA512 ecfc6d706c758806438f956dd36a7e7ff69608cea58cc50e14040561be1630028ab3a24c7131173be780a4b79be6a6c24840b382f50abd2062141d475b31452f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 edcd1d30161deae501d59a6586cf97c3
SHA1 d3e62f3aca4582655635992ead293e573e6106ea
SHA256 e60206cff3aa547976ffbe29dd2202d8b3bb7b8c5933fc691cb924f29ce01cba
SHA512 9825fed9f8553058f76377c51ecf093570e78483a1efb78e2daceb57fd68e862c07ab63e78468cedb04cb5c42a296a0ae72a9510f06c3040d62cdf3eabc03b57

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences

MD5 9beb67615211b54a8396d32d40f29ecf
SHA1 3ac6913d9c0c7ae0438dea345623d638bdc1bad5
SHA256 12aee6ed27cb11ed4117952d1935827096880537abbd1480fc9218700cd9ba34
SHA512 8c0d9e904d1f7e9d63fc85c4e74e8a980e85b793ba28f617ddc7c585f5067588202bb5cb0613351758a2dd8b5c28312c0ecef6aaddd462c53a533e19483efb02

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Secure Preferences~RFe583a64.TMP

MD5 9f8bb8b18d981de68e6ed552000e276b
SHA1 3ad3d646143cc32ac5a30fc3b154d59ac03e57ff
SHA256 2cbfe4204dcc76d1061639d59f22df305eca8f8f08137932af2dfd44fb5ddc6f
SHA512 6f2c655d142d86ba421e3e6a8b38ef823a911c2366cc47efa96c93b7167ad07b77eddaf4004e2057c61f331309d51fd1b72dbc6d307a8ae2ab830860f71c8228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 72d50b00027a7fd1b523149a8e9e8ac6
SHA1 d85d1534743fe0099cc807a923f72029c8f7b6da
SHA256 c1e1f56c768e41aefa767a153213c385ca49c9e95d23451bbfc8e7a88b1b93e5
SHA512 e802a5e9b5b4795e616a3d24a7dd3e14a5db0bb2ccb24d7c49a965cacc3ddb58ffb6ff99bd58b3879b01c2437510a6c79ac663f42770d856590d046cb3f9cb8b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 af28610c348dc1b8f3ccc6f8a196aad6
SHA1 8670709e73c5a6cfaea38ad56b19c1aacf0a686e
SHA256 25dd2866186952301ffbf20284e360b564e8a74d22dbf8ff087c1b3cb6eed2d5
SHA512 a5364f0d381a6ac1656b1a9f6c17696682276554ee8270000c2db3f989e3c8f16fc85f01c797b5cd41b17c840e502839ca679c0843ef11a6acd8747d465e20c8

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5856f5.TMP

MD5 1874d062e610c0008326110c9cccd39e
SHA1 6b4ddc838ebcf3f5a53d28bca38edee9bf3ea372
SHA256 a0d3399242a175fa255a8f2958e44accd62fbe52d1afedefbb365a60c41df620
SHA512 c9d231486cee716aa5e904832fda6ff6e4013a3fd8e3a4199e45fa2579f4488a7b0bb7a7b16d6962b4c7e8cd9b37c340217abed0b82c376fcc1e1b4113c78fd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba74587c254c42ea9949f2c1c1216aba
SHA1 c328e01304014e83236e50f0072461646cbbc910
SHA256 1729db7f4f150ab13159b7eeab0365e22720fcda0816dd8b63cba72fdf9095ac
SHA512 201381e3242e852d070834dff9e7b0583d5af35469829434e6ea911317acd194d926e19e54d7c6c15a3febaf8dab5b41042076ef935fdf12c7e07b11f39a505d

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f0fd6a99a6d9488629e1037a45d01ae0
SHA1 faac98f861194351904962caf8f2ba2437e36d88
SHA256 5f3ef7fdd4976d44d5df52ed8b350028a2ceb100ff85b9bedf61689258a25e60
SHA512 9cd1f45a1ddfa4711fce7f9c1ee8cf498f63756bb423f339b25cef1a728d23093fd8f556706042bd16c672b67c98a4476f970b27ee69d2ed83b3ab66cc44dbb3

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Preferences

MD5 5e94e91ac0fa6ada211f0c44c18f9174
SHA1 0d9aa7d3644f855273920f6e261df681f8e73482
SHA256 3c707770af691ebffe05341cc2d72aaa79522899b0d6e99218eddf4c2dbfd4df
SHA512 cdd86260b7a33bb2440e03e54f32cee502bd6e8da7065ed58c2155f53e5e1429e522133fd2758d6bea98b8e488a52867123b6aa43c8604a985691899e2041352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cda45c0ed3818ddc229d465b4e30d1e
SHA1 c4f8d019205132ab92743d7a7cef0f6c45e8164d
SHA256 fc73f2fa6f0e8c877e052cac65fa0727663299f0bbe78f743b80ba0fc1febbb7
SHA512 48b346b4929934dbc22857c4e9a4ddb82e3a81d379c3a352dfe012e5e1af0f00965abcbc929110f35875350163ea05047b796b352bc619d6613cee7f89d926f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a42c6f833565371c2cdbbe5a8712767b
SHA1 6f5e8cc07014d11ccd0ae21e0251b65410cfdbba
SHA256 468ea070d8cdc91681387339d1f01457a25cf8ed32e4ece81b0e3a8977977907
SHA512 6b1817accc80f4dcc4b3ebce691fc533e310a453869c892063b7625e7c50f23daeaf4abdbc31200f307ec9ff5f9a592f11d2e5c5f51afc9132b258f6147f3f81

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State~RFe5906fb.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\OneLaunch\User Data\Default\Network\Network Persistent State

MD5 ff2421494c6f43f731e8ec530e171903
SHA1 ae39b63bae9971025af197a4e5b1eaf057a46659
SHA256 da5313ab44bc3cc5ff9d40dc7ab57017fb6442604da784a929f6fa2cfd31c141
SHA512 724de64aa08f77cacab25144ea228ca588d4a7437b80766e5652f3aea84d08f549d7b033a7db2bdfaf34a8a14140ea59b768ec6eed0725bcdeb49ac0538a11e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3cb2f6a09950eaf232e899d3304946cf
SHA1 6fc56880e2ca44a57a9f23472296d4c057c7c4bf
SHA256 895bd1f6f40ace97b32ae98039ba8fe299f5979de2306fa7ec4c1dca20176cda
SHA512 8a12d2a43db4eb6dcd72709931806f8d9e88f50e94da9c60a10fb76ffa701cfa0043c3bebe18f3068d65f26f7a17a882059e497bf796fd13843d521b5af56666