Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
OneLaunch - PDF_o2u43.exe

Overview

General Information

Sample Name:OneLaunch - PDF_o2u43.exe
Analysis ID:1277230
MD5:2be3f4b1c3636088bb2b3558c1b73543
SHA1:31b9e4aa5f1225ecee8f46194e7f6699519dc77b
SHA256:268a240f2b137f210f9350bce7dc444529b3a7159c438aec112415f1fc1d649e
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates multiple autostart registry keys
Initial sample is a PE file and has a suspicious name
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the installation date of Windows
Stores files to the Windows start menu directory
Uses taskkill to terminate processes
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)
Abnormal high CPU Usage
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OneLaunch - PDF_o2u43.exe (PID: 244 cmdline: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe MD5: 2BE3F4B1C3636088BB2B3558C1B73543)
    • OneLaunch - PDF_o2u43.tmp (PID: 3896 cmdline: "C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp" /SL5="$15030E,2267655,893952,C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" MD5: 3F1B17D86DEF206837175C166777D695)
      • OneLaunch - PDF_o2u43.exe (PID: 6412 cmdline: "C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT MD5: 2BE3F4B1C3636088BB2B3558C1B73543)
        • OneLaunch - PDF_o2u43.tmp (PID: 5980 cmdline: "C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp" /SL5="$2102DA,2267655,893952,C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT MD5: 3F1B17D86DEF206837175C166777D695)
          • OneLaunch Setup_o2u43.exe (PID: 3036 cmdline: "C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 MD5: A7FD7BA743A0FF68CF3406CC969C4EC1)
            • OneLaunch Setup_o2u43.tmp (PID: 3672 cmdline: "C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp" /SL5="$203EE,98270015,893952,C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 MD5: 838F33E6BCC913B22B7FFBFCC2390804)
              • taskkill.exe (PID: 1668 cmdline: "C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe MD5: 07D18817187E87CFC6AB2A4670061AE0)
                • conhost.exe (PID: 3648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • taskkill.exe (PID: 1380 cmdline: "C:\Windows\System32\taskkill.exe" /f /im chromium.exe MD5: 07D18817187E87CFC6AB2A4670061AE0)
                • conhost.exe (PID: 4848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • taskkill.exe (PID: 4220 cmdline: "C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe MD5: 07D18817187E87CFC6AB2A4670061AE0)
                • conhost.exe (PID: 3048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 6040 cmdline: "schtasks" /Delete /TN "OneLaunchLaunchTask" /F MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 6408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 6112 cmdline: "schtasks" /Delete /TN "ChromiumLaunchTask" /F MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 4800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 6672 cmdline: "schtasks" /Delete /TN "OneLaunchUpdateTask" /F MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 5432 cmdline: "schtasks" /delete /tn OneLaunchLaunchTask /f MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 2468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 5684 cmdline: "schtasks" /delete /tn ChromiumLaunchTask /f MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • schtasks.exe (PID: 6740 cmdline: "schtasks" /delete /tn OneLaunchUpdateTask /f MD5: 003D681048A63B9862C299F30492CFDF)
                • conhost.exe (PID: 5412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
              • OneLaunch.exe (PID: 6916 cmdline: "C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunch.exe" /l /startedFrom=installer MD5: FCCC265765BBBD194C353DC5A5C791CF)
  • OneLaunch.exe (PID: 884 cmdline: "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe" /a=browser /startedFrom=desktopIcon MD5: FCCC265765BBBD194C353DC5A5C791CF)
  • OnelaunchShortcutProxy.exe (PID: 5400 cmdline: "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe" /a=pdf /startedFrom=profileIcon MD5: 17EFC2840E75C1152627931E792CD463)
  • OnelaunchShortcutProxy.exe (PID: 6880 cmdline: "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe" /a=pdf /startedFrom=profileIcon MD5: 17EFC2840E75C1152627931E792CD463)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: OneLaunch - PDF_o2u43.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}_is1
Source: unknownHTTPS traffic detected: 143.204.215.113:443 -> 192.168.2.2:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.13.224:443 -> 192.168.2.2:49845 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.13.224:443 -> 192.168.2.2:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.224:443 -> 192.168.2.2:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.189.27.247:443 -> 192.168.2.2:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.240.159:443 -> 192.168.2.2:49849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.189.27.247:443 -> 192.168.2.2:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 130.211.34.183:443 -> 192.168.2.2:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.68.170:443 -> 192.168.2.2:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.233.229.117:443 -> 192.168.2.2:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.241.51:443 -> 192.168.2.2:49854 version: TLS 1.2
Source: OneLaunch - PDF_o2u43.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: attribution.onelaunch.com
Source: unknownHTTPS traffic detected: 143.204.215.113:443 -> 192.168.2.2:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.13.224:443 -> 192.168.2.2:49845 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.13.224:443 -> 192.168.2.2:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.224:443 -> 192.168.2.2:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.189.27.247:443 -> 192.168.2.2:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.240.159:443 -> 192.168.2.2:49849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.189.27.247:443 -> 192.168.2.2:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 130.211.34.183:443 -> 192.168.2.2:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.68.170:443 -> 192.168.2.2:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.233.229.117:443 -> 192.168.2.2:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.241.51:443 -> 192.168.2.2:49854 version: TLS 1.2

System Summary

barindex
Source: initial sampleStatic PE information: Filename: OneLaunch - PDF_o2u43.exe
Source: OneLaunch - PDF_o2u43.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess Stats: CPU usage > 98%
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeFile read: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dll
Source: unknownProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp "C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp" /SL5="$15030E,2267655,893952,C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe"
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe "C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp "C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp" /SL5="$2102DA,2267655,893952,C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe "C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp "C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp" /SL5="$203EE,98270015,893952,C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im chromium.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp "C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp" /SL5="$15030E,2267655,893952,C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe"
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe "C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im chromium.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "OneLaunchLaunchTask" /F
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "ChromiumLaunchTask" /F
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "OneLaunchUpdateTask" /F
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn OneLaunchLaunchTask /f
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn ChromiumLaunchTask /f
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn OneLaunchUpdateTask /f
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunch.exe" /l /startedFrom=installer
Source: unknownProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe" /a=browser /startedFrom=desktopIcon
Source: unknownProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe" /a=pdf /startedFrom=profileIcon
Source: unknownProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe" /a=pdf /startedFrom=profileIcon
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe "C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp "C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp" /SL5="$203EE,98270015,893952,C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "OneLaunchLaunchTask" /F
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "ChromiumLaunchTask" /F
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "OneLaunchUpdateTask" /F
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn OneLaunchLaunchTask /f
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn ChromiumLaunchTask /f
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn OneLaunchUpdateTask /f
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunch.exe" /l /startedFrom=installer
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6408:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4800:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6408:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4800:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpMutant created: \Sessions\1\BaseNamedObjects\OneLaunch-cb1cdce6-58c9-4795-9741-708817229a71
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpMutant created: \Sessions\1\BaseNamedObjects\OneLaunchStub-079ced07-226c-450f-96dc-070610902423
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpMutant created: \Sessions\1\BaseNamedObjects\OneLaunchSetup-6379f971-cfb9-4f8c-8a26-f1bf395fb5bf
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2468:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2468:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Programs
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp
Source: classification engineClassification label: mal52.winEXE@42/481@11/57
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpWindow found: window name: TMainForm
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: OneLaunch - PDF_o2u43.exeStatic file information: File size 3144960 > 1048576
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}_is1
Source: OneLaunch - PDF_o2u43.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: OneLaunch - PDF_o2u43.exeStatic PE information: section name: .didata
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.SketchControls.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Toolkit.Uwp.Notifications.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ComponentModel.Annotations.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GBNDQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-4MSG8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-B724L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\is-NH537.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-26ALA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_proxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-86LE0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\softokn3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-93MUC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-VBHJV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-private-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-AJNVB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-P7EMK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Numerics.Vectors.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-73F3V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Win32.TaskScheduler.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\HtmlAgilityPack.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-BMPBK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-SH33E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I8NMG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9DUCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-C3PCB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L21A5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunchtray.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\is-A42OT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I3516.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-DLUVT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-66UCL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BGQN6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V83LA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ServiceWire.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SUJS5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Hardcodet.NotifyIcon.Wpf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8CJTF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT3OQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-Q0AIG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E88FH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-QRK67.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-process-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Runtime.CompilerServices.Unsafe.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT9J8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H0FH7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-LOTHN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SO8TG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-multibyte-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Container.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\FluentWPF.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-G6V2E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BDCIP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Memory.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\is-0QQ7S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-LQSIJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Win32Library.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\CommunityToolkit.Mvvm.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SRKTN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-C5QVO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-08NPU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Threading.Tasks.Extensions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8DSG3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-memory-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\is-0MHIO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-96CE2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-FE1MG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\d3dcompiler_47.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8C2P1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libGLESv2.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-RDB1Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HJESO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-interlocked-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5T2R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E19CP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-021CV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H9CN7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NR3S1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-5N54K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.EF6.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HNQ9P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-L6KCJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x86.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-IRFSI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-debug-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\WpfAnimatedGif.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JG27T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-0TR52.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ValueTuple.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NC3S3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\K4os.Compression.LZ4.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-sysinfo-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LBCH1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-33IUI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-profile-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8SO29.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EOAK8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8Q2OH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-conio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\freebl3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.SDK.Expression.Blend.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.SqlServer.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\is-IINF9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vk_swiftshader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-1R37E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-TR2G3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9RP90.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-handle-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.Common.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-DLRJC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NNOMN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-errorhandling-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processenvironment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-N9N7S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6A0RM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7MB3R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-VBBJS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Encodings.Web.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Abstractions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-GC1LU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-util-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RJOVU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Buffers.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\is-31HED.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-7BMPT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7G1NH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TGJKC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-QU4TH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3MMCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3FRAH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RO1HB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\nss3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.Linq.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-JRD24.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-26Q8I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LL480.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Windows.Interactivity.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-PVV4K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libEGL.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\CachedImage.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-FNF91.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-35N6U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6EHKG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EEEVC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\Win32Library.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.Interactivity.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Effects.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\mozglue.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Flurl.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-MS7FA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-libraryloader-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-AH09Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HUR10.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-N3A4L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vulkan-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-IQ7KL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TNUB9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-TS9G9.tmpJump to dropped file
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeFile created: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Drawing.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-MFAS8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5BQF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_elf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L0DNC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Controls.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-namedpipe-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Bcl.AsyncInterfaces.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\is-LARV3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Interactions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-KRUH3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-CPEM2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JPG98.tmpJump to dropped file

Boot Survival

barindex
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunch
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunchChromium
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\System32\schtasks.exe "schtasks" /Delete /TN "OneLaunchLaunchTask" /F
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneLaunch
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneLaunch\OneLaunch.lnk
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunch.lnk
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchChromium.lnk
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchUpdater.lnk
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunch
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunch
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunchChromium
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneLaunchChromium
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp TID: 3912Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp TID: 3912Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp TID: 4324Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp TID: 6376Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp TID: 6612Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp TID: 1196Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp TID: 1196Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.SketchControls.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Toolkit.Uwp.Notifications.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ComponentModel.Annotations.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GBNDQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-4MSG8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-B724L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\is-NH537.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-26ALA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_proxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-86LE0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\softokn3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-93MUC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-VBHJV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-private-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-AJNVB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-P7EMK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Numerics.Vectors.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-73F3V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Win32.TaskScheduler.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\HtmlAgilityPack.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-BMPBK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-SH33E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9DUCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I8NMG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-C3PCB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L21A5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunchtray.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\is-A42OT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I3516.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-DLUVT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-66UCL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BGQN6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V83LA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ServiceWire.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SUJS5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Hardcodet.NotifyIcon.Wpf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8CJTF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT3OQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-Q0AIG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E88FH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-QRK67.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-process-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Runtime.CompilerServices.Unsafe.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT9J8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H0FH7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-LOTHN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SO8TG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-multibyte-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Container.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\FluentWPF.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-G6V2E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BDCIP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Memory.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\is-0QQ7S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-LQSIJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\CommunityToolkit.Mvvm.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SRKTN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-C5QVO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-08NPU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Threading.Tasks.Extensions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8DSG3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-memory-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-96CE2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\d3dcompiler_47.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8C2P1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libGLESv2.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-RDB1Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HJESO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-interlocked-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5T2R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E19CP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-021CV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H9CN7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NR3S1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-5N54K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.EF6.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HNQ9P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-L6KCJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x86.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-IRFSI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-debug-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\WpfAnimatedGif.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-0TR52.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ValueTuple.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JG27T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NC3S3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\K4os.Compression.LZ4.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-sysinfo-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LBCH1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-33IUI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-profile-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8SO29.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EOAK8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8Q2OH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-conio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\freebl3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.SDK.Expression.Blend.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.SqlServer.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\is-IINF9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vk_swiftshader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-1R37E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-TR2G3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-handle-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9RP90.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.Common.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-DLRJC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NNOMN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-errorhandling-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processenvironment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6A0RM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7MB3R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-VBBJS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Encodings.Web.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Abstractions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-GC1LU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-util-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RJOVU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Buffers.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\is-31HED.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-7BMPT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7G1NH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TGJKC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-QU4TH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3MMCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3FRAH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\nss3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RO1HB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.Linq.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-JRD24.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-26Q8I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LL480.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Windows.Interactivity.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-PVV4K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libEGL.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\CachedImage.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-FNF91.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-35N6U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6EHKG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EEEVC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.Interactivity.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Effects.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\mozglue.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Flurl.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-libraryloader-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-MS7FA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-AH09Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HUR10.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-N3A4L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vulkan-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-IQ7KL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TNUB9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-TS9G9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Drawing.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-MFAS8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5BQF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_elf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L0DNC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Controls.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-namedpipe-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Bcl.AsyncInterfaces.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\is-LARV3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Interactions.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-KRUH3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-CPEM2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JPG98.tmpJump to dropped file
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpMemory allocated: page read and write | page guard
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe "c:\users\user\desktop\onelaunch - pdf_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioijjb250cm9siiwizw5jb2rlzf9zcgxpdhmioiiwmdaifq== /launcher /verysilent
Source: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp "c:\users\user\appdata\local\temp\is-7mkbh.tmp\onelaunch - pdf_o2u43.tmp" /sl5="$2102da,2267655,893952,c:\users\user\desktop\onelaunch - pdf_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioijjb250cm9siiwizw5jb2rlzf9zcgxpdhmioiiwmdaifq== /launcher /verysilent
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe "c:\users\user\appdata\local\temp\onelaunch setup_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioij2yxjpyxrpb24ilcjlbmnvzgvkx3nwbgl0cyi6ijawmcj9
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp "c:\users\user\appdata\local\temp\is-p4css.tmp\onelaunch setup_o2u43.tmp" /sl5="$203ee,98270015,893952,c:\users\user\appdata\local\temp\onelaunch setup_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioij2yxjpyxrpb24ilcjlbmnvzgvkx3nwbgl0cyi6ijawmcj9
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe "c:\users\user\desktop\onelaunch - pdf_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioijjb250cm9siiwizw5jb2rlzf9zcgxpdhmioiiwmdaifq== /launcher /verysilent
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe "c:\users\user\appdata\local\temp\onelaunch setup_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioij2yxjpyxrpb24ilcjlbmnvzgvkx3nwbgl0cyi6ijawmcj9
Source: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp "c:\users\user\appdata\local\temp\is-p4css.tmp\onelaunch setup_o2u43.tmp" /sl5="$203ee,98270015,893952,c:\users\user\appdata\local\temp\onelaunch setup_o2u43.exe" /pdata=eyjwcm9mawxlijoicgrmiiwiy2hhbm5lbci6imntlwrpc3bsyxkilcjvawqioiixmdmilcj0exblijoidmlld3bkziisinvhijoizwrnzsisimvmvglkijoizji2ymy2mta3mme4nguwmjkzmdhloty0owrmnznlzjmilcjny2xpzci6ikvbswfjuw9iq2hnswc5u20ynhvlz0fnvkrvv0zdadjjvefzmkvbrvlbu0fbrwdjymfqrf9cd0uilcjkaxn0aw5jdf9pzci6imu3mwvlnzzmltcwymutngjhos1izgi0ltg1nzcwzdnlmjuynyisimfmzmlkijoimtaymyisimvmvglkcyi6imyynmjmnjewnzjhodrlmdi5mza4ztk2ndlkzjczzwyziiwibgfuzyi6imzyiiwid2hpdgvsywjlbci6inbkziisinryywnraw5nx2lkijoimtaziiwiaw5zdgfsbf90aw1lijoxnjg5otixmdc1lcjkzwzhdwx0x2jyb3dzzxiioijdahjvbwvive1miiwiaw5pdgluywxfdmvyc2lvbii6ijuumtkums4wiiwicgfja2fnzwrfynjvd3nlcii6ik5vbmuilcjzcgxpdci6imiilcjvbf9wbhvzx3yyijpmywxzzswibm9fc3bsaxqiomzhbhnllcjzcgxpddiioijiiiwic2vydmvyx3npzgvfc3bsaxrfmjnfmdzfcm91bmrlzf9zzwfyy2hiyxiioij2yxjpyxrpb24ilcjzcgxpdf8yml8xml9tb3jlx2vkdwnhdglvbmfsx21pbmlwcm9tchrzijoiy29udhjvbcisinnwbgl0xzizxza2x29tbmlib3hfy2xlyw5fc2vhcmnox3n1z2dlc3rpb24ioij2yxjpyxrpb24ilcjlbmnvzgvkx3nwbgl0cyi6ijawmcj9
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im chromium.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe "C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJjb250cm9sIiwiZW5jb2RlZF9zcGxpdHMiOiIwMDAifQ== /LAUNCHER /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunch.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im chromium.exe
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im onelaunchtray.exe
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpProcess created: C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe "C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe" /PDATA=eyJwcm9maWxlIjoicGRmIiwiY2hhbm5lbCI6ImNtLWRpc3BsYXkiLCJvaWQiOiIxMDMiLCJ0eXBlIjoidmlld3BkZiIsInVhIjoiZWRnZSIsImVmVGlkIjoiZjI2YmY2MTA3MmE4NGUwMjkzMDhlOTY0OWRmNzNlZjMiLCJnY2xpZCI6IkVBSWFJUW9iQ2hNSWc5U20yNHVlZ0FNVkRvV0ZDaDJjVEFZMkVBRVlBU0FBRWdJYmFQRF9Cd0UiLCJkaXN0aW5jdF9pZCI6ImU3MWVlNzZmLTcwYmUtNGJhOS1iZGI0LTg1NzcwZDNlMjUyNyIsImFmZmlkIjoiMTAyMyIsImVmVGlkcyI6ImYyNmJmNjEwNzJhODRlMDI5MzA4ZTk2NDlkZjczZWYzIiwibGFuZyI6ImZyIiwid2hpdGVsYWJlbCI6InBkZiIsInRyYWNraW5nX2lkIjoiMTAzIiwiaW5zdGFsbF90aW1lIjoxNjg5OTIxMDc1LCJkZWZhdWx0X2Jyb3dzZXIiOiJDaHJvbWVIVE1MIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMTkuMS4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImIiLCJvbF9wbHVzX3YyIjpmYWxzZSwibm9fc3BsaXQiOmZhbHNlLCJzcGxpdDIiOiJiIiwic2VydmVyX3NpZGVfc3BsaXRfMjNfMDZfcm91bmRlZF9zZWFyY2hiYXIiOiJ2YXJpYXRpb24iLCJzcGxpdF8yMl8xMl9tb3JlX2VkdWNhdGlvbmFsX21pbmlwcm9tcHRzIjoiY29udHJvbCIsInNwbGl0XzIzXzA2X29tbmlib3hfY2xlYW5fc2VhcmNoX3N1Z2dlc3Rpb24iOiJ2YXJpYXRpb24iLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpProcess created: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe "C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunch.exe" /l /startedFrom=installer
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\Win32Library.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\onelaunch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\min-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\pdf.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\exit-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\button-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\Win32Library.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\exit-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\min-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\onelaunch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\pdf.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\button-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\checkmark-10-light.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exeQueries volume information: C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDate
Source: C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Command and Scripting Interpreter		1
Scheduled Task/Job		11
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory2
System Owner/User Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Scheduled Task/Job		111
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		11
Disable or Modify Tools		Security Account Manager1
Remote System Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)111
Registry Run Keys / Startup Folder		11
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets32
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
OneLaunch - PDF_o2u43.exe0%ReversingLabs
OneLaunch - PDF_o2u43.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.Common.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x64.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x86.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\CachedImage.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\CommunityToolkit.Mvvm.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.SqlServer.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\FluentWPF.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Flurl.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Hardcodet.NotifyIcon.Wpf.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\HtmlAgilityPack.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\K4os.Compression.LZ4.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Bcl.AsyncInterfaces.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Controls.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Drawing.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Effects.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-021CV.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8SO29.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-C3PCB.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EEEVC.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GBNDQ.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HNQ9P.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LL480.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT3OQ.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\is-0MHIO.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\OneLaunch Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\ServiceWire.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Buffers.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ComponentModel.Annotations.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.EF6.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.Linq.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Memory.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Numerics.Vectors.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Runtime.CompilerServices.Unsafe.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Encodings.Web.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Json.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Threading.Tasks.Extensions.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ValueTuple.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Windows.Interactivity.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Abstractions.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Container.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\Win32Library.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\WpfAnimatedGif.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_proxy.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium.exe (copy)5%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\d3dcompiler_47.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TGJKC.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\is-0QQ7S.tmp0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-debug-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-errorhandling-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-2-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l2-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-handle-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-heap-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-interlocked-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-libraryloader-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-localization-l1-2-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-memory-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-namedpipe-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processenvironment-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-0.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-1.dll (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
release-cdn.onelaunch.com1%VirustotalBrowse
attribution.onelaunch.com0%VirustotalBrowse
update.onelaunch.com1%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
release-cdn.onelaunch.com
172.67.68.170
truefalseunknown
d21svlzzkrxvnh.cloudfront.net
143.204.215.113
truefalse
    		high
    update.onelaunch.com
    		104.26.13.224
    		truefalseunknown
    api-v3_0.us-west-2.prod.aws.keen.io
    		54.189.27.247
    		truefalse
      		high
      api.mixpanel.com
      		107.178.240.159
      		truefalse
        		high
        attribution.onelaunch.com
        		unknown
        		unknownfalseunknown
        api.keen.io
        		unknown
        		unknownfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          143.204.215.113
          		d21svlzzkrxvnh.cloudfront.netUnited States
          		16509AMAZON-02USfalse
          104.26.12.224
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          54.189.27.247
          		api-v3_0.us-west-2.prod.aws.keen.ioUnited States
          		16509AMAZON-02USfalse
          172.67.68.170
          		release-cdn.onelaunch.comUnited States
          		13335CLOUDFLARENETUSfalse
          35.186.241.51
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          44.236.122.28
          		unknownUnited States
          		16509AMAZON-02USfalse
          35.190.25.25
          		unknownUnited States
          		15169GOOGLEUSfalse
          107.178.240.159
          		api.mixpanel.comUnited States
          		15169GOOGLEUSfalse
          130.211.34.183
          		unknownUnited States
          		15169GOOGLEUSfalse
          44.233.229.117
          		unknownUnited States
          		16509AMAZON-02USfalse
          104.26.13.224
          		update.onelaunch.comUnited States
          		13335CLOUDFLARENETUSfalse

          General Information

          Joe Sandbox Version:38.0.0 Beryl
          Analysis ID:1277230
          Start date and time:2023-07-21 08:30:42 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
          Number of analysed new started processes analysed:29
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample file name:OneLaunch - PDF_o2u43.exe
          Detection:MAL
          Classification:mal52.winEXE@42/481@11/57
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Exclude process from analysis (whitelisted): SIHClient.exe
          • Excluded domains from analysis (whitelisted): login.live.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Skipping network analysis since amount of network traffic is too extensive
          • Timeout during stream target processing, analysis might miss dynamic analysis data
          • VT rate limit hit for: C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\Win32Library.dll

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OneLaunch - PDF_o2u43.tmp.log

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):725
          Entropy (8bit):5.353523928901464
          Encrypted:false
          SSDEEP:
          MD5:7136F15AC630812A39EDF71AEE67A8C2
          SHA1:4ACCD779D7A47D9017335CA842AED1377743F22C
          SHA-256:5539B56C4E874F0D8610996249CE488F5AC9CF9A3D6C211AEACE9ADACF9060D9
          SHA-512:E3A52A8579F15D59173E2EDBC207880F6CD8CEF40B9771F71BE59467F6BBF87EEC841995FB42E3B68F950680152FFCE474D93B4A96366E642DDD810523BEF46B
          Malicious:false
          Reputation:low
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9340a40c55ba464d0af1399814a708eb\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d47bd74620ae94be7f47fd2afefcbe5b\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\b14594163a840eefc569ad9808899349\System.Net.Http.ni.dll",0..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.Common.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):69632
          Entropy (8bit):5.615393344135058
          Encrypted:false
          SSDEEP:
          MD5:23F50D3AB1CDDF179A2CC7048E419238
          SHA1:A4068C2A31982DF220D61ED8AEC78B3D76164528
          SHA-256:EC39C32EBEFD078B43DC17D0A7E760CBEB6770FB50262A72056FEE5B7A352A36
          SHA-512:62AF3171C41261A679E61A251AB04D7AABC03355982F5CF62B92FAB115A54C684688C4E46A3BF80B6EFEF14C4B828388082167390D9E7A7C95F11E6A04A96E16
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.^..........." ..0..............$... ...@....... ..............................b.....`..................................$..O....@.......................`.......#..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H.......T6..............$....%..$#......................................r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......( .....("......($...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.Common.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):21408
          Entropy (8bit):5.560926677970511
          Encrypted:false
          SSDEEP:
          MD5:7DEE66E231173A28F04C8E9D1607A444
          SHA1:82ED71216A2BD9CDB31C734873A9F23C925A9FB3
          SHA-256:2F3C52409A7267ED010EBEE38935FDA8F9FDD268F7DF98E28BB0B57D1AC20E0A
          SHA-512:297618E8A405C4B5046A38BAA28C4005C0839D8E69061A0137BF784086D79F1CC1B0F0CDD9316228132E070BC546AF38655DE82DAC20895567ABA7420018C4CD
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...p...#Pdb........\&..#~..H'......#Strings....T'......#US.X'.. ...#GUID...x'..(,..#Blob...p^.....N.......l.u.....W_..........8...c...Y...D...G.......;................................................................./.........e...D..........."...{.......................M...Y...........$...0...........~.......H...T...........;...G...........................1...=...........................?...L...........Y...f...........g...t...........n...{...........?...L...........?...L...........3...@...................t...............H...U...................U...b........... ...-...................o...|...........@...M...................r...............+...8...................Z...g...................X...e.........../...<...........$!..4!..u!...!...!...!...!..."..9"..F"..s"..."..."..."...#...#..M#..Z#...#...#...#...#...$..!$..U$..b$...$...$...$...$...%..*%..]%..j%...%...%...%...%../&..<&..q&..~&...&...&...&...&..;'..H'..}'...'...'...'...(...(..P(..](...(...(...(...(..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x64.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):315392
          Entropy (8bit):6.043039851362046
          Encrypted:false
          SSDEEP:
          MD5:6AD93A18D6D5770EBDF24D1F8FBA5716
          SHA1:1DE70A4B7F7D022BA8E1D7BC5D3FDCB13288FA2A
          SHA-256:DA7D5FF1127949C363DD16B66E500AD050136A0B559B243F49FE466A5255AE4B
          SHA-512:0AE6558C26EEA98D6FAF9AA3B52C4177AB009D82DDBCE3ADD05A24FCBDD206230726C3CDC30403DEC20BF0EA5C47EFA1DEF2A3AB5D2548F33187065EE191A082
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......,..h..h..h..a.D.l.....j..v.D.j.....o.....i.....q..3..i..3..i..3..c..h.. .....y....(.i..h.@.i.....i..Richh..........................PE..d......].........." .....@..........^:....................................... .......o....`.................................................p........`..p....P.......................}..T............................}...............`..............`d..H............text...8,.......................... ..`.nep.... ....@.......2.............. ..`.rdata..2....`.......D..............@..@.data...x....0......................@....pdata.......P....... ..............@..@.rsrc...p....`.......$..............@..@.reloc..............................@..B........................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\AlphaVSS.x86.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):271872
          Entropy (8bit):6.16006367264181
          Encrypted:false
          SSDEEP:
          MD5:42407AE5583D0BE457E274645326A614
          SHA1:BA2AE656F054D2572B7F19B16C07CE0AC589FD75
          SHA-256:A629E8715883FD36AA6687F2D80D436B8BD84448BB3A0A5F1EF3DF0050D89E17
          SHA-512:36E70B5C220A87F3D1772406F88B73773B8B2AC2B847D4A43D3495E3C6926F62F4B4D0A632024707D51617997BBF9EFC4D01DB3467C945E93749910C48174E41
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../.../.../...WI../...B.../...}I../...B.../...B.../...B.../..G.../..G.../..G.../.../../..RA.../..RA%../.../M../..RA.../..Rich./..................PE..L......]...........!.................:.......@...............................P......')....@..................................o..........p....................@.......Y..T...........................hZ..@............@..@...........0B..H............text...H,.......................... ..`.rdata..N8...@...:...2..............@..@.data................l..............@....rsrc...p............t..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\CachedImage.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):14848
          Entropy (8bit):5.2295619785616685
          Encrypted:false
          SSDEEP:
          MD5:5A3B2E7A75AAF4D0792DF6560F93F09D
          SHA1:A4597CADAAD94DAF4DD5FED254FC6FD38734383F
          SHA-256:C822B671873E3F1F54D81ED21B8C1E89786FB7D32F6670F02F2C26DE948B417D
          SHA-512:CC2A31C89B0AAC6AFE906011E07831EBDA51563BF2A7FAEE74996D6CA91AD73C20D6068C49DADA5B2AEC4B8BDA56077BA09436531FE9209B89C626F087448803
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C0W`...........!.....0..........~O... ...`....... ....................................`.................................,O..O....`..(............................M............................................... ............... ..H............text..../... ...0.................. ..`.rsrc...(....`.......2..............@..@.reloc...............8..............@..B................`O......H........-... ..........(-...............................................0..P.......s.........#.......@(.......(..........r...p..(....(....o....(....(......(......*.0..........~.....+..*.......*...0..........~.....+..*.......*...0.............{..........YE........%...%....................... ...+#8r...8....8r...8m...8h...8c...8^...+..(....(........-..(....(....&...{....s....}.....s....}....s.....+.+...{....o .....(!....o"...o#.....{.....($...r...pr#..po%...o&...o'...&.((.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):190464
          Entropy (8bit):6.398032485167328
          Encrypted:false
          SSDEEP:
          MD5:DF108329D58C4FCAE97721748B849074
          SHA1:41D62BA879A81542EFFCAB481B8710FC09D812BC
          SHA-256:59DED2ADAF3E0BABE214EBE3228D76C45BEC2B514884107A1C2D292310FF840D
          SHA-512:1A79A2BA18988A8A1D75570A287B5D97C98B0EBAA233C19A7CACD3DCA25703E11B67DA8BF2F7B0C9BE009D58F08C935A21FC6EBCD1E0AC9AA7F4254476DDC3F8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^)... ...@....@.. .......................@............`..................................)..O....@.. .................... ......,(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ....@......................@..@.reloc....... ......................@..B................?)......H........ ...............................................................0..E.......r...p(.....(....,.*(....(...+.r...p...o.....Yo....(.....(.....(....&*..(....*...BSJB............v4.0.30319......l...L...#~......8...#Strings............#US.........#GUID.......h...#Blob...........G..........3............................................................ ...........q.f...........;.....;.....;...t.;...@.;...Y.;.....;.....y...c.y...........*.....(...........*...L.T.....(.....*.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe.config (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):879
          Entropy (8bit):5.055956812689988
          Encrypted:false
          SSDEEP:
          MD5:5BF2E0B334C3611D044EEA08DD3E542A
          SHA1:E2AA77E4370EADE9A3DD9BF17137EFA2BDCA63B6
          SHA-256:662BB1F3943A716FDEDFB114EA10E07464F53B6CAA693FBC43D43959FB2F8258
          SHA-512:D1EFCB35CF9EB25F5F35DCD69B954E3BBF7C86731C43934BE26C0C9503FFA18694C42F250E1EB8BD2279D4043A2420F99B27EF5C1BE16D411E7C5228383EECF6
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.4" newVersion="6.0.0.4" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*43 bytes
          Category:dropped
          Size (bytes):22016
          Entropy (8bit):2.2430166078867972
          Encrypted:false
          SSDEEP:
          MD5:94250C0661CC533E66BA7F4FC570BD41
          SHA1:C3BE8FCE289C738B0CCA91FE534A3E06949D9DD1
          SHA-256:7DD3FE4AFB0EBD7D55B2B08DD34FD5ADEAE614A57998C3BF3AC7191A6A285E34
          SHA-512:D44701F09A6D018CC8137F2610C9EBE271C1EA79CCBEC79CF94086C0D3D58D6C8A36C97F8779028AA1B18E5059481949569C9773ECBAD01DFD4ECF5223CCADD8
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........+...........(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\CommunityToolkit.Mvvm.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):112824
          Entropy (8bit):6.291685904827249
          Encrypted:false
          SSDEEP:
          MD5:84B2D19FB23993251130999CD42563B8
          SHA1:A169BE412A7CF67FE190A6D484BB54DF6ECDAB75
          SHA-256:11B1ADD1DB058D3760F52512E0CA911AF726D7C049F25178446B6BD33D4EECD2
          SHA-512:57A6AB3D3597CF3EDF02D8A933ED82311BC5ABF91361E2019D809093007470BD82F32DF0EE10C39112BDB81FE447000F081B0022518C01CA71D81CCA29F581EB
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ..............................G?....`.................................a...O........................*..............T............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................{9...*..{:...*V.(;.....}9.....}:...*...0..A........u#.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*.*. ..1 )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*...0..b........r...p......%..{9......%q&....&...-.&.+...&...oB....%..{:......%q'....'...-.&.+...'...oB....(C...*..{D...*..{E...*V.(;.....}D.....}E...*.0..A........u(.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...*.*.*. ...[ )UU.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\CommunityToolkit.Mvvm.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):43124
          Entropy (8bit):5.922249446045487
          Encrypted:false
          SSDEEP:
          MD5:7397A616FD0C39B2B17341D964EFBFDE
          SHA1:04B4E5B642FDBFE69882B3A2759B0DFF5A69F4A5
          SHA-256:40C8D2C24923EF6C7DE1B1A08D293093F86318D587D5CD036D6313DE99A8218E
          SHA-512:80679DB06D80893F0EF00C430C5B3DC34546FD0A4FD34EE19890B7E0FD3588F4FF6EAFCAEDBBE11FB05B11CDA28512882A6C22DD47329481DB148F82B3829814
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb........46..#~..<7......#Strings.....:......#US..:......#GUID...`;...m..#Blob......F..qE.IN...b.........W.+............y.......=.......p.......;...............b...........0...S...|...)...................%.......y...*...........................P...=...................&...U...^...=...H...................&.../...y...................&...}...............8...C...................(...3...........................`...k..................."...+...w.......................C...L...........................Z...c...................'...2...g...r...................,...7...h...q...................)...2...o...z...................L...[...........................a...n...........*...9....................... ...I...T...................5...@...{.......................P...[..................."...+...g...p...................@...M.......................%...Z...g...................>...K...................>...K...............................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.SqlServer.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):591752
          Entropy (8bit):6.069668321990478
          Encrypted:false
          SSDEEP:
          MD5:AF1646B1C2227AB206D855BD068535CF
          SHA1:3CD982AD2FB00A50151D7F416E4B05F79528496E
          SHA-256:A960DD4D2F0F37B3C09FFB9567C32426B8791310D7EB935C04C819C3D46BD49E
          SHA-512:04EB6B5EC3A1655AE2FC661F6F9053F7743A2C624C4E8B0E1E6660FCB135A847ADDA27919AE8F38987E370E0114BD5CE45E01F1C894019A864A22CAE3D24AF0A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q~@..........." ..0.............r.... ........... .......................@............`.....................................O.......t................#... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B................R.......H.......l...x...............]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\EntityFramework.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):4991352
          Entropy (8bit):6.097816081905885
          Encrypted:false
          SSDEEP:
          MD5:FFDCF232D0BB2FFF78721FB347641A76
          SHA1:54C76A2FA61E6DF1AE4C9DF65435A38482C2CB71
          SHA-256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
          SHA-512:89DF103556CFBD955283BEE551576134F9A7B0D121E12CF6DF4E9F4028075B2C4FF9D22886CFD21B10D0A0D6E640DB784B74D42EBAC4A45CCB9CE9C725A1FDF1
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L.....<hL...`...................................K.O.... L.$.............L.x#...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\FluentWPF.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):228352
          Entropy (8bit):7.077870553774561
          Encrypted:false
          SSDEEP:
          MD5:908668FFDE26AB371A2EF711206AA05D
          SHA1:95B60C69C199EDD937960D22B793F5E6143C00AC
          SHA-256:8E136EC981ED7D7ABF0C8153DB901FCD9E7A311A61E209D88A9CA2B51FC17838
          SHA-512:36C1EF092EE2DDD9640C6C74AB2D76BB61F62415892B9BCDDF93772B604C4B45C9EF88834AECAC76EF2F0FA38317F74B889CD26436AB0C6A998B803CDF7A023E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E............." ..0..t............... ........... ....................................`.....................................O......................................T............................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............z..............@..B.......................H........p.............d$..pl............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....}.....#....Q..?}.....(....*..(....}.....#....Q..?}.....(......(....*..0............r...(....o....ur...o....u.....s<...%.(....o0...%.(....o4...%.(....o8...%~....s....%.(....o....(....&%~....s....%.o....(....&%~....r...ps ...%.o....(....&%~!...r...ps ...%.o....(....&s"...%.o#...%.o$...%.o%...%.o&...*...0...........~....%-.&~.........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Flurl.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):38400
          Entropy (8bit):5.705588275571222
          Encrypted:false
          SSDEEP:
          MD5:F8D1ABE9D445441648B2049D040E6F75
          SHA1:68F7A2E3580DFB2F8AC656C4B3D2FC96C86C193C
          SHA-256:E7B07773FCD2B98044F2571948E2D843D191F8751BEFDE5EE450AD627B5A9FA0
          SHA-512:C9FD5F9F1842CBB2FCBCCCBE51126566AA044524B67526AAA32FF3B9B6D4A28BD9FF6AEA635ECA00C717B26E13E8A43F74EBF9302C6657F7A2BDD8FFDC0EBCBA
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................................`.....................................O.......,..............................T............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B.......................H.......dL...\............................................................{"...*..{#...*V.($.....}".....}#...*...0..A........u........4.,/(%....{"....{"...o&...,.('....{#....{#...o(...*.*.*. ?Y.. )UU.Z(%....{"...o)...X )UU.Z('....{#...o*...X*...0..b........r...p......%..{"......%q.........-.&.+.......o+....%..{#......%q.........-.&.+.......o+....(,...*..{-...*..{....*V.($.....}-.....}....*.0..A........u........4.,/(%....{-....{-...o&...,.('....{.....{....o(...*.*.*. (... )UU.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Flurl.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):46534
          Entropy (8bit):4.5237968644695234
          Encrypted:false
          SSDEEP:
          MD5:E07B94CCFA4A5C0239E9F807E5B60E49
          SHA1:6731B604C1A6D6D87FD472A20431B05932542A7B
          SHA-256:B0B6FB923037C278386660F558167CB37E8BD4B478493FA695D587A7ABDE1501
          SHA-512:8D6C4AA8A67E357EA326F828705F46C67C7E56B25F67BE03F9181AD8FDC1B510A11EC4F2DDFCA791FF795D87BDD0747EED2517A9946E203EFE6B074E292621C3
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Flurl</name>.. </assembly>.. <members>.. <member name="T:Flurl.GeneratedExtensions">.. <summary>.. Fluent URL-building extension methods on String and Uri... </summary>.. </member>.. <member name="M:Flurl.GeneratedExtensions.AppendPathSegment(System.String,System.Object,System.Boolean)">.. <summary>.. Creates a new Url object from the string and appends a segment to the URL path, ensuring there is one and only one '/' character as a separator... </summary>.. <param name="url">This URL.</param>.. <param name="segment">The segment to append</param>.. <param name="fullyEncode">If true, URL-encodes reserved characters such as '/', '+', and '%'. Otherwise, only encodes strictly illegal characters (including '%' but only when not followed by 2 hex characters).</param>.. <returns>A new Flurl.Url obj

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Hardcodet.NotifyIcon.Wpf.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):97280
          Entropy (8bit):7.262966564836649
          Encrypted:false
          SSDEEP:
          MD5:5FEA5381909FCCA75ED4E79B058E512A
          SHA1:1D619F03449EAF4405008A97DDF05B313EEDD21F
          SHA-256:9C5A27AB185E32C4599816DB8DF1C7B01B08B5CB7A15933215C9A237322ABFBF
          SHA-512:8494B36651F1E36F8008DE7BF6AF3B378843D3E989206A5C3C17B7D1A5A33AA762153BCEF642F66B8C1CD682B2EAFB7102D129D77FCB4A47DE7F724ECECC7127
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.g..........." ..0..p.............. ........... ...............................P....`.....................................O.......................................p............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........O..|w..................,.......................................V!.)1......s.........*...0..$........u......,...o....*.u......,...o....*.0..&........u......,....o ...*.u......,....o!...*...0..&........u......,....o"...*.u......,....o#...*B.(Y...-.(....*.*..{!...*"..}!...*>.{....o.......*.0..9........(*.....($.....(......,..o%...-..,..o&...-..,..o%...*.*.*....0...........s'...}.....((....(....-..s....+.(....}......{....o....(....}.....(!....{...........s)...o.....{....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Hardcodet.NotifyIcon.Wpf.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):130362
          Entropy (8bit):4.60579511535411
          Encrypted:false
          SSDEEP:
          MD5:92ACD7769E2EDA756AFB18746CA7F875
          SHA1:801DE8CCB30816A499EEB307B2077614C54FEB2C
          SHA-256:CFD36E262B2F28FC37088965CDC82E58F2D18CBF469242451B1CE7811929AA62
          SHA-512:A96D6249A5B6C23381012E88AA6DB5390FD180FE03E8F3D45C1AC17292EB2CC7135244A6AF474BFC63253A258F622739FF4203A3E0E020D2090077A425B52F6B
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Hardcodet.NotifyIcon.Wpf</name>.. </assembly>.. <members>.. <member name="T:Hardcodet.Wpf.TaskbarNotification.BalloonIcon">.. <summary>.. Supported icons for the tray's balloon messages... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.None">.. <summary>.. The balloon message is displayed without an icon... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Info">.. <summary>.. An information is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Warning">.. <summary>.. A warning is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Error">.. <summ

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\HtmlAgilityPack.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):168960
          Entropy (8bit):5.620929228626378
          Encrypted:false
          SSDEEP:
          MD5:F972912B04C7FD13B755D957B366EB3F
          SHA1:036DD1B06F203B0C3FB5CACD9A27A0D6F7867A40
          SHA-256:0EFEC3F0771E6BEA1DEC573EF8C1AAFD24B0F8BD2D00DC6674E311306639050F
          SHA-512:8DDAFE4C60857F28AEBE43CA43638216F6BE138F156B01C17DB89CBF17B14E6ACDCD29921FB108EAEE5605A494F0EEA598D3CF79DBDCD4213DE59627E9C3EF95
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W..b.........." ..0.................. ........... ..............................?.....`....................................O.................................................................................... ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........=..Le..................$.........................................{....*"..}....*....0..#...........i...+...Y.....(.......X...0..f*..0..>..........o0......+*..Y...o1...% ...._...c..(.......(.......X...0..f*&...(....*.0..:........ ...._....c.....{....(....}.......{....(....}.....{....f*R~......a ...._...da*..(2...*n .........%.....(3........*:.(4.....}....*..{....*V..}.....(2.....}....*..{....*"..}....*..{....*..{....*..{....*....0..3..........|....(5...,..|....(6....+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\HtmlAgilityPack.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*623 bytes
          Category:dropped
          Size (bytes):318976
          Entropy (8bit):3.974084043331936
          Encrypted:false
          SSDEEP:
          MD5:3D2433DD5AAF713D67528A0F2EE16E40
          SHA1:47FBB33E23C5559681D5AC6A6BD5F04AF4D481B9
          SHA-256:08B3F8EA006D0C183923F97E1A693871B96EE321E34EA0004AA01BABE154CC86
          SHA-512:E9F2F0132859FC2A84DFE380A6F5CBF368DE173F9269D0D350891F1CF5CB0F8C1068B38809039C9C057AB3B07380142A099986A221BC6F5C7005D78F61E80BA8
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........o...`.......n...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\K4os.Compression.LZ4.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):5.868850005697838
          Encrypted:false
          SSDEEP:
          MD5:97668D4B0A81F07576884BFD38022F5B
          SHA1:2E29AD8CC7E5606DC1300C850845364E02E53A20
          SHA-256:F2F0EBA48D74F2DFB85BF3D344DD16F773AEF6A1D8F16A25C3C2DB44334AC4E4
          SHA-512:E366A74A971A37FA5355E9D5CF76D2B233C685FB65E74EA4461B2CD3E749B23B0172A293C19B516D83252A9740CFD1356F039DFEB026A8B0B42D08A5B8B92A80
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:............." ..0.................. ... ....... .......................`............`.................................8...O.... .......................@......@...T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................l.......H.......d...\s............................................................(....*..(....*^.(.......%...%...}....*:.(......}....*:.(......}....*...0..U........,..-..-..-.*.-.r...pr...ps....z..2...2...X..i.....+..-.r-..p..'.....'...(....s....z*..(....*.(....*..(....*..(....*.0..+.........0..*...2.......(....+......(.......1..*.*..0..7.........(.......0..*..(.......(.........(..............(....*..0..V...........(...+......(...+.%.,...i-....+....%......%.,...i-....+....%.......X.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Bcl.AsyncInterfaces.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):22144
          Entropy (8bit):6.434408185018128
          Encrypted:false
          SSDEEP:
          MD5:48EFE61D6CA3054309907B532D576D2A
          SHA1:F36403AABB16540C93FB35245EC0B4E435628AAE
          SHA-256:295AF2142D9214F3FD84EAFE4778DCA119BE7E0229F14B6BA8D5269C2F1E2E78
          SHA-512:778E7C4675D8FDE9E083230213D2EFA19AA6924FE892ED74FA1EA2EC16743BB14B99B51856E75EAEF632D57BE7F36DD1BC7CE39A7C2B0435B2F3211BB19836A3
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2...$..........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s ...*N.{.....{.....s ...*v.{.....{....o!....{....s"...*..(....*"..s....*.0.....................s#...*&...s#...*..{$...*"..}$...*.0..F.........{%....Xh}%.....}&.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Bcl.AsyncInterfaces.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
          Category:dropped
          Size (bytes):18215
          Entropy (8bit):4.720079384519439
          Encrypted:false
          SSDEEP:
          MD5:0737B770BA5D854D4887A8F4D9C8DE04
          SHA1:40A8A356D807D71C102C91D68AD1A0AD6E3FDDA6
          SHA-256:CA53D9B1BBEA04C30DB4186B015B7C57DCE7C5ECDF1CFAC9E4AFE9FFCF6910F0
          SHA-512:39A48874D547F714922F4864D3A34C842AC0898B09040796A9046182C093E3CA70F1D20F5D616721129E8D7F6A1F1FDEB3C8277C6BB2EB53B6DC8EA5966003C7
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Bcl.AsyncInterfaces</name>.. </assembly>.. <members>.. <member name="T:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1">.. <summary>Provides the core logic for implementing a manual-reset <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource"/> or <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource`1"/>.</summary>.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="F:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1._continuation">.. <summary>.. The callback to invoke when the operation completes if <see cref="M:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.OnCompleted(System.Action{System.Object},System.Object,System.Int16,System.Threading.Tasks.Sources.ValueTaskSourceOnCompletedFlags)"/> was called before the operation completed,.. or <see cref="F:System.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Controls.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):71808
          Entropy (8bit):6.302233040356993
          Encrypted:false
          SSDEEP:
          MD5:391166F9D5D40EE90F0744982177F4AB
          SHA1:F7DFF35B30DE2E02BCB3A7EFE45334E1B5D7C8FE
          SHA-256:FA36ED1236CDA36DFA34BE757A791EC94011D43D19E73D0BD9D0F9F802473A22
          SHA-512:700FBE5FD992F678C83CCA1170F68593149C04E314402F7505B8A640FA89CD24633426ECB3548057E7AF14F0342301E66B5785F01F7FDD64ED2AF13614CD98EE
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`."Q...........!..................... ........... .......................@......2.....`.....................................W........................>... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........t...w...........]..0...P .......................................v.{....On..O.w..-t..x<P....e.@0v.bY>.7. %c.\.h.J....MW......P.w.J...(...3^.....>M.............(WIH....1..../O}.}...gOm...{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*6..(.........*.*.*.*.0...........-.r...ps....z..2...o....o....2.r...ps....z..2...o....2.r)..ps....z.o....,..o....o....-.s....z.o.....o......o....,..o....o....-..*.o....-.s.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Drawing.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):144496
          Entropy (8bit):6.219127874938619
          Encrypted:false
          SSDEEP:
          MD5:5BD39A82AACF1AA423E6EEEEDA696EEA
          SHA1:B7971F9807520DAC9523BFD1185A7DCC9E5CC77C
          SHA-256:1D69EAF538008E0FE1A7EB2CE0124A49B95C491797749640C8351ED4643F5C97
          SHA-512:CBD255E7323A7E82D8B9443E8CE67BEF88F88BF46E525333E4017024A31952656F61F93334B3957D85FB0E422E561197C0ADB1366653DA007C9667651B1F37B1
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[."Q...........!..................... ... ....... .......................`......a.....`.....................................W.... ..................p>...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......$...h...............c...P ...............................................\.E..-.....A.}.8.p. 0AF@4.....T.P\...S.aEf.....$..m..G.h......Q.,.2....N..jE...QD.V..<i<(*".\q.7_..;.ge. Q[..P..{....*"..}....*F.o....r...p(....*..0..C........(......~....-....7...s.........~....(...+(...+(.....(1.....o....&*F.~....(....t....*6.~.....(....*F.~....(....t....*6.~.....(....*F.~....(.....j...*J.~......j...(....*F.~....(.........*J.~..........(....*F.~....(.........*J.~......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Effects.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):139888
          Entropy (8bit):7.142634633787823
          Encrypted:false
          SSDEEP:
          MD5:18DB3E02D95A16FD502C7C091C0361D9
          SHA1:AB2D700306E0A0A3D094A0BC856FF1FFAD916C49
          SHA-256:34843CFEA24B713B1B5FD9A93C61D7C6D3FA320DBB84DF60D9D48C5560C79452
          SHA-512:6DE8751ABED256BCC381F69248F33AAE551A17966EFBC0ABB5C1DC98865B46E3924202C1347E0EC6949F1719E1D282817838815E99E68E7B1381A6B204C95416
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]."Q...........!..................... ........... .......................@............`.....................................K.......................p>... ......X................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......X....K...........M..._..P ......................................Du..l..O..(|.n.....z.fj.W4.mc....f...>e..~.V....<../..}....1$q.7@r..3w..JQ....._C(S....C. .Z.Pt..d,......f-..]..".SO.7.4...x.0..:........(.....s......r...p(M...o.....(.....~....(.....~....(....*F.~....(.........*J.~..........(....*F.~....(.....+...*J.~......+...(....*.0..,.......s.......(....o......(....o......(....o.....*F.~....(.....+...*J.~......+...(....*....0..3........t.......(...............#..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Interactions.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):108168
          Entropy (8bit):6.179559450110609
          Encrypted:false
          SSDEEP:
          MD5:3034CC0D5CF3731ED90153AA616F3F59
          SHA1:AACE8D26358D9829F0E6632BDDF183534ACFEC0D
          SHA-256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
          SHA-512:88589B022D713D565342E331394ED5600D1FE346AA788E45E16CF51221CE898F10BD28C6A09FDC44D9AD94F25B4ED22C6F0EB28FA832863C01732DEF5B6C6086
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X."Q...........!.....^..........n}... ........... ..............................C.....`..................................}..O....................h...>...........{............................................... ............... ..H............text...t]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................P}......H.......L...................1...P ......................................Am.........C.....7.7....|..........,...w?..T....A.e......I}.#N..E....~...y. x`E......C`A&P.....Y.....A..J......#.p..).uGkJ1:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.Interactivity.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):62160
          Entropy (8bit):6.394651976589669
          Encrypted:false
          SSDEEP:
          MD5:B5BBEE69523810F8AA9D92E3D3ECB896
          SHA1:9A45F181AC22B5C633EED421B59F5FE9D12D6A7C
          SHA-256:BF99695470075C4E2C906BE4567F1D0AB3A6D85D31EC1D8F6B4139015C48A2B3
          SHA-512:9EEFF3BA247793163FD091FB26D8E620C99A8CB1B510F26EA7C31EB9EC27F2DE9E92F14CA470852C84FF1DCCF5FBCBAED8C93EA2F05C6515E2C078776C62BA7E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a."Q...........!..................... ........... ....................... ............`.................................@...K.......`................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B................p.......H.......PE...............D......P .......................................xk.r..E. z.aD.-$..}...=..+<%...Z....x.N.,..D...nA*....1T. 6./n.`j..."q..rE........44.(..a...\..>...~.......9.M.).#..c.0..W.......(....s.........(.........~.....(....,+(....~....~.....o....t>........~....(....&*(....*j~....%-.&~....~.....o....*.......*2~.....(....*Z~....(.....o.....?...*Z~....(.....o.....?...*.(....,.(....,.~....(.....o....&*(....*.(....,.(....,.~....(.....o....&*(....*Z(....-..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Expression.Prototyping.SketchControls.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):48344
          Entropy (8bit):6.53421522959476
          Encrypted:false
          SSDEEP:
          MD5:06296D204C279118CB8863F07E3DE4E1
          SHA1:175553C011BA3B50322833477F095142F1C3D699
          SHA-256:CEB0E446953833CAA54BC01E84B787281CF6712BA7DB65D4C9A664413E95CEFB
          SHA-512:BFA4479554B841A17969D124FD69701DC1313E8F24EAD667C45002AE8D60C3F615D8D484D1334C87E5C93F1FB30B8217A0CBD528125EDFFEF050B898BDC1598A
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."Q...........!.....t............... ........... ..............................~H....`.................................l...O.......`............~...>..........4................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...`............v..............@..@.reloc...............|..............@..B........................H........p..L!...........0..&@..P ........................................9q.}..;q._^.X.A...&Y..n._=....*...%...'.Dc...S)..C....W.....k.Q......l.U.v.%...l...."ITo.Z".w..|-:.L%5g..cy':....=.6..Z.bF.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*..{....*"..}....*..{....*"..}....*"..}....*..{....*..{....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.SDK.Expression.Blend.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):4608
          Entropy (8bit):3.488842171019742
          Encrypted:false
          SSDEEP:
          MD5:23E59CC67C075C315F717770D46B00A6
          SHA1:260D18B0BDBB8ADABB1A6D8565ACA14CCC462CB2
          SHA-256:1E2636B145C0C69E30DB1492950EE23D02458DFE6DAC69EA51D865BA15FA0FDE
          SHA-512:36128BAE654D5C58053FEF3EB8DCD54B7671DACB5CEA6F26C5340E0BC38579667064F169FE7FA744FDB40DEBAAA4CA040D749C1DA803A139594DF9E7D1D42284
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Y.........." ..0.............N'... ...@....... ....................................`..................................&..O....@..8....................`.......%............................................... ............... ..H............text...T.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................0'......H.......P ..t...........................................................BSJB............v4.0.30319......l...|...#~......P...#Strings....8.......#US.<.......#GUID...L...(...#Blob......................3..................................................y.....@.....>.....h.................`.....,.....E...........T.....2...............................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........#.....,.....K...#.T...+.x...3.x...;.~...C.T...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Toolkit.Uwp.Notifications.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):143568
          Entropy (8bit):6.151125088275872
          Encrypted:false
          SSDEEP:
          MD5:F58E9CA60368433534C420B054B01CD3
          SHA1:598B9280153E53C6FFF56AF80D2C59D087809612
          SHA-256:51EEBDB28F042F6169E3C71CEC16D3FA95634C4284A20ED1D4E4D182DE5F4BEC
          SHA-512:14E180A029A81C777E2B4E938891DE578203EF01AC2F187280E87FC161A2B7DE9E36CFF5FBD810FF5CA5BBC5CC84BDBCE68F120014813C8E5ED17EE200E7F573
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p..........." ..0.............Z$... ...@....... ....................................`..................................$..O....@..p................ ...`.......#..T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................9$......H.............................."......................................V!.u......s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Toolkit.Uwp.Notifications.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):67744
          Entropy (8bit):5.779980811986005
          Encrypted:false
          SSDEEP:
          MD5:84BBBD6CEDAFDB016CF09096F873CA08
          SHA1:E13D83497FBDFBE2A72BEA3F74437D5D282CB819
          SHA-256:A681F37A656D321B78FBE3DBAFE296334C3C57A6966D4DADAD6E06AF7AA1B200
          SHA-512:6288DF55D4BE8FBF9329D29D437CB0B862EF28E1173D63FD080B622EB2F2FDE8BA3AE0303D8DDAEFDF0897F30225FBCDEA0BEE68435D47BD73D71E8206BA30FE
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb.........c..#~...d..4...#Strings....Hi......#US.Li......#GUID....i.....#Blob.......CF.H.l.B..u.Y0......W?..........................p...Y.......J...S.......^...........V...Y...............n.......................&.......................................H.......................i...r...'...0...c...l.......................(...p...y...................7...@...q...z...................7...@...s...|...................T..._.......................9...v.......................<...E...t...}.......................7...o...x.................../...8...q...z...................P...Y...................'...0...u.......................C...N....................... ...o...z...................G...R...........................:...C...........................-...6...e...n...................1...:...o...x...................5...@...x...................#...h...u...................I...V.......................#...^...m....................... ...Z...g...................9...F...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Microsoft.Win32.TaskScheduler.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):333824
          Entropy (8bit):6.105576145657233
          Encrypted:false
          SSDEEP:
          MD5:A844AC745A4005FBD3F51D79FF88583C
          SHA1:92671774FD4BE9781A77D2788A8DDDBF8981EAD5
          SHA-256:74FE1A6A1E36BE7D893E31BBB4D4BD83BF4B927E715276CD5607982139818EBD
          SHA-512:5F0734058D9146FFEB552ABF443DF5097CF134A4737BED499467830E08D97F5D1996C1F1647C5C12289CA4D4209EFFD480010AFEBC59D50290D4CA7D45BB41F8
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ..............................I.....`.................................0-..O....@.......................`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Newtonsoft.Json.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):701992
          Entropy (8bit):5.940787194132384
          Encrypted:false
          SSDEEP:
          MD5:081D9558BBB7ADCE142DA153B2D5577A
          SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
          SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
          SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Newtonsoft.Json.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):710224
          Entropy (8bit):4.632813781023419
          Encrypted:false
          SSDEEP:
          MD5:F414B3F68FE7C4F094B8FE8382F858C9
          SHA1:66EE1B3266FCEDDE433B392156AB4A24262B2F34
          SHA-256:2D46B37B086D6848AF5F021D2D7A40581CE78AADD8EE39D309AEE4771A0EECCF
          SHA-512:19B2FEB40C2E9D4D20D9A21F88F6ECEA773060C056B8CBBD21A6EEC41486DC5FC101E6C31129B0D53466D04709BCD4ED777058DDFB02532242B43E253A7B24BD
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):12994008
          Entropy (8bit):7.567022772822108
          Encrypted:false
          SSDEEP:
          MD5:FCCC265765BBBD194C353DC5A5C791CF
          SHA1:92651C4BE83DCD1A1A9C33704F1695C06F2E2EF4
          SHA-256:5CA519F2449E518162353A4DEF2C0E69CF040D33A3DFF2EDCDE43AD9E704C8B2
          SHA-512:6812E675AC6892D3E777859DD609FF5455ED19E9A5D6A33E1E2C5464C8332828ED88A7544024833ACF1FC23C48B30B2D8C5DB7D4F6E362B83E3CFCF925BCB11D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S.d.........."...0..L.........."j... ........@.. ..............................@.....`..................................i..O.......8............4............................................................... ............... ..H............text....J... ...L.................. ..`.rsrc...8............N..............@..@.reloc...............2..............@..B.................j......H........%..........=....=...,............................................{A...*:.(B.....}A...*..0..)........u..........,.(C....{A....{A...oD...*.*.*v H... )UU.Z(C....{A...oE...X*..0..:........r...p......%..{A......%q.........-.&.+.......oF....(G...*..{H...*:.(B.....}H...*....0..)........u..........,.(C....{H....{H...oD...*.*.*v .'L. )UU.Z(C....{H...oE...X*..0..:........r-..p......%..{H......%q.........-.&.+.......oF....(G...*..{I...*..{J...*V.(B.....}I.....}J...*.0..A.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe.config (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):5293
          Entropy (8bit):5.081218757004898
          Encrypted:false
          SSDEEP:
          MD5:2722A3DE42A1D0EF4089459DA2CB3596
          SHA1:A3B2A985EFF4F694BFB4936FCF8EE8904E3B6917
          SHA-256:F9D49DAF8E030400897C673ABE22E7B4D4E38C7411B2AA2DD990DE27643C6F21
          SHA-512:B50F4AC22281092A505D49DEEA50D50A6BA476F2C78DB5D632E4AFD8FAB7246BAC812A166ADF5F6FA287C94E325CDF49FFCBD6D8B19BFEDF97A716A4F0CFD816
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />.. </configSections>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <log4net>.. <appender name="Console" type="log4net.Appender.ConsoleAppender">.. <threshold value="INFO" />.. <layout type="log4net.Layout.PatternLayout">.. Pattern to output the caller's file name and line number -->.. <conversionPattern value="%date %5level [%2thread] (%class:%3line) - %message%newline%exception" />.. </layout>.. </appender>.. <appender name="RollingFile" type="log4net.Appender.RollingFileAppender">.. <file value

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):381912
          Entropy (8bit):6.439766294357493
          Encrypted:false
          SSDEEP:
          MD5:17EFC2840E75C1152627931E792CD463
          SHA1:4FC08F54A83BDFB9C7FA5737D88774C6ECDE77A7
          SHA-256:CA65DC92723FC101E92D63F7DCCCFB94EB9245B3FA4965B85A878B2DCF69D54B
          SHA-512:D80B24C0BC29331EAD66548F0FE78DF2B201F683F2CCBEC0FC239DCE6EA2A265756372C153529388E7C5609AAF36994AC06CF809C9E739660D22C42EE463FAD3
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f............."...0.............*.... ... ....@.. ....................... ............`.....................................O.... ..................................8............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................H.......$!..............</...............................................0..W.......r...p.(.....s....s....~....r...pr+..p..o...+-.(....r=..po....*r...p.(....(......(....&*..(....*..(....*.~....-.r...p.....(....o....s ........~....*.~....*.......*.~....*..(!...*Vs....("...t.........*.BSJB............v4.0.30319......l.......#~..........#Strings....p...L...#US.........#GUID.......L...#Blob...........W..........3........&...................".......................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*55 bytes
          Category:dropped
          Size (bytes):28160
          Entropy (8bit):2.8092294183149353
          Encrypted:false
          SSDEEP:
          MD5:797FD2D689E8C77EF12032FC87D74042
          SHA1:54C0F8F273CACA4F54DC2DC639E8A2231F8E3B2F
          SHA-256:B068ED55BE3203D112A537D890DFD834BA7CFF5272CF5BF4AABD6329F92481D8
          SHA-512:2930EBB0C30488B8BFC2165E019605181ABC03094463A42FB7CA9095FDF39DE2F4D7B584015C6B3C90775407188250B085B5875620BA73EA5047C14CECE299DE
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........7...........4...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\is-66TRR.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):70422
          Entropy (8bit):5.066278414966296
          Encrypted:false
          SSDEEP:
          MD5:CBC6CF332EF0AE97F9A544DCDB74C7A9
          SHA1:BBEE2F6B882AEAAB30B5E1932E41BFF108A6C708
          SHA-256:5260A6F0E771DD26B4F8DAF71E87082DF009718C631D1FA8639096064DBCD3CE
          SHA-512:FF4B6C4A7BA7B123819795A80DFC8F2284FAC47286097148239BDA1BD1377D9BEF1F90B30395CA65304F8121DE4F296AD38F06CB22150B8F31DD4256E71CD572
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff43\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f24\fbidi \froman\fcharset0\fprq2{\*\panose 00000400000000000000}Mangal;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}..{\f43\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Serif{\*\falt Times New Roman};}{\f44\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Sans{\*\falt Arial};}..{\f45\fbidi \froman\fcharset0\fprq2{\*\panose 000000000

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\is-6J2A0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):48330
          Entropy (8bit):5.060075813914965
          Encrypted:false
          SSDEEP:
          MD5:4E8E10F5AA5140AA1B1E84212AEF9015
          SHA1:53F394156534283FB1E3053A2BA408610B3F826C
          SHA-256:6FBDE2927E7D4D6AA64F92E20AC9CB1670C3B171A9AE9F74FA8CC3318715E67B
          SHA-512:6E1618BAF630C18D76CA67EE09CE3A80AA10075A2637F16A248AFD9E74B3E1D6A313D282D098F25D06DBFC08A7843369C2DB9D4F30FC2D7F7FCE678D4B4B23FF
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f43\fbidi \fnil\fcharset0\fprq0{\*\panose 00000000000000000000}SegoeUI{\*\falt Segoe UI};}{\f124\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0502040204020203}Segoe UI;}..{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\flominor\f

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\is-78ROE.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):117008
          Entropy (8bit):4.6968771271853855
          Encrypted:false
          SSDEEP:
          MD5:4408344C6BDDF73B0E9D6C365F400DEF
          SHA1:E9DD7DB827BD7459CE05AAC922C1C71E4B98AC48
          SHA-256:DFA8506439FECA1FD0F305A9C7811E995D2AE271F7E97044CCDE9C70CC356993
          SHA-512:84EB833B76F285667D4370138B1C2BE0594F835520852AB12ADB751B0621C7ADE5733495FE4CD508CED4B525A6BE506B85B29AB4D01CB06A2DFD5172B6E062B4
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff43\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f24\fbidi \froman\fcharset0\fprq2{\*\panose 00000400000000000000}Mangal;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}..{\f43\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Serif{\*\falt Times New Roman};}{\f44\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Sans{\*\falt Arial};}..{\f45\fbidi \froman\fcharset0\fprq2{\*\panose 000000000

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\is-Q1GS5.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
          Category:dropped
          Size (bytes):604
          Entropy (8bit):5.120976459234596
          Encrypted:false
          SSDEEP:
          MD5:F0F234690C43317851084C41B7DD5BF6
          SHA1:04D836F86477DE358CADCF8D2F46D949265F2D48
          SHA-256:B31E3040B4492E8BE55AA4B70B2C4BDACB2A11A384EF8F9D344AD64DA32078F1
          SHA-512:D3F901055BDD0796E1E1B1A3DCF00E410C7BD16B69729C6AD87EFE371F6127AAF9D9D60B362E7E0A0A7B0E201EDA4BE0AAFD5569693A8D04C12C0C9E95D4F95E
          Malicious:false
          Reputation:low
          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}{\f1\fnil\fcharset2 Symbol;}}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-284\li284\sl240\slmult1\f0\fs24\lang9 Tech support icon in the dock: get phone tech support for your PC 24/7, provided by AnyTech365\par..{\pntext\f1\'B7\tab}New icon for the OneLaunch browser\par....\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-284\li284\sa200\sl276\slmult1 Various performance improvements and bug fixes\par..}...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\release_notes_4.92.rtf (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):117008
          Entropy (8bit):4.6968771271853855
          Encrypted:false
          SSDEEP:
          MD5:4408344C6BDDF73B0E9D6C365F400DEF
          SHA1:E9DD7DB827BD7459CE05AAC922C1C71E4B98AC48
          SHA-256:DFA8506439FECA1FD0F305A9C7811E995D2AE271F7E97044CCDE9C70CC356993
          SHA-512:84EB833B76F285667D4370138B1C2BE0594F835520852AB12ADB751B0621C7ADE5733495FE4CD508CED4B525A6BE506B85B29AB4D01CB06A2DFD5172B6E062B4
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff43\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f24\fbidi \froman\fcharset0\fprq2{\*\panose 00000400000000000000}Mangal;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}..{\f43\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Serif{\*\falt Times New Roman};}{\f44\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Sans{\*\falt Arial};}..{\f45\fbidi \froman\fcharset0\fprq2{\*\panose 000000000

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\release_notes_4.93.rtf (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):70422
          Entropy (8bit):5.066278414966296
          Encrypted:false
          SSDEEP:
          MD5:CBC6CF332EF0AE97F9A544DCDB74C7A9
          SHA1:BBEE2F6B882AEAAB30B5E1932E41BFF108A6C708
          SHA-256:5260A6F0E771DD26B4F8DAF71E87082DF009718C631D1FA8639096064DBCD3CE
          SHA-512:FF4B6C4A7BA7B123819795A80DFC8F2284FAC47286097148239BDA1BD1377D9BEF1F90B30395CA65304F8121DE4F296AD38F06CB22150B8F31DD4256E71CD572
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff43\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f24\fbidi \froman\fcharset0\fprq2{\*\panose 00000400000000000000}Mangal;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}..{\f43\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Serif{\*\falt Times New Roman};}{\f44\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Liberation Sans{\*\falt Arial};}..{\f45\fbidi \froman\fcharset0\fprq2{\*\panose 000000000

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\release_notes_4.98.rtf (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
          Category:dropped
          Size (bytes):604
          Entropy (8bit):5.120976459234596
          Encrypted:false
          SSDEEP:
          MD5:F0F234690C43317851084C41B7DD5BF6
          SHA1:04D836F86477DE358CADCF8D2F46D949265F2D48
          SHA-256:B31E3040B4492E8BE55AA4B70B2C4BDACB2A11A384EF8F9D344AD64DA32078F1
          SHA-512:D3F901055BDD0796E1E1B1A3DCF00E410C7BD16B69729C6AD87EFE371F6127AAF9D9D60B362E7E0A0A7B0E201EDA4BE0AAFD5569693A8D04C12C0C9E95D4F95E
          Malicious:false
          Reputation:low
          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}{\f1\fnil\fcharset2 Symbol;}}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-284\li284\sl240\slmult1\f0\fs24\lang9 Tech support icon in the dock: get phone tech support for your PC 24/7, provided by AnyTech365\par..{\pntext\f1\'B7\tab}New icon for the OneLaunch browser\par....\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-284\li284\sa200\sl276\slmult1 Various performance improvements and bug fixes\par..}...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\ReleaseNotes\release_notes_5.0.rtf (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):48330
          Entropy (8bit):5.060075813914965
          Encrypted:false
          SSDEEP:
          MD5:4E8E10F5AA5140AA1B1E84212AEF9015
          SHA1:53F394156534283FB1E3053A2BA408610B3F826C
          SHA-256:6FBDE2927E7D4D6AA64F92E20AC9CB1670C3B171A9AE9F74FA8CC3318715E67B
          SHA-512:6E1618BAF630C18D76CA67EE09CE3A80AA10075A2637F16A248AFD9E74B3E1D6A313D282D098F25D06DBFC08A7843369C2DB9D4F30FC2D7F7FCE678D4B4B23FF
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang4105\deflangfe4105\themelang4105\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f43\fbidi \fnil\fcharset0\fprq0{\*\panose 00000000000000000000}SegoeUI{\*\falt Segoe UI};}{\f124\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0502040204020203}Segoe UI;}..{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\flominor\f

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\TranslationData\TranslationCollection.json (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2397
          Entropy (8bit):4.743104252226533
          Encrypted:false
          SSDEEP:
          MD5:8E6D9F25582448A7322724D750B3971F
          SHA1:89C9D6371550692B09F967EA8EB0BC8E8384CB9A
          SHA-256:52E439B4E3004014F1D692F07F435572EB572329F6C83C5E169A38AC08CB9101
          SHA-512:1DF2D533910C7559A287A1F31774347B7705D738B5079F8D2F4E29DAB68ADD68B85A5D1574138E74C9FF70581DE13556D697714FC8A4B0D097C5FF51B2508D5B
          Malicious:false
          Reputation:low
          Preview:.{..."default": "Auto detect language",..."af": "Afrikaans",..."sq": "Albanian",..."am": "Amharic",..."ar": "Arabic",..."hy": "Armenian",..."as": "Assamese",..."az": "Azerbaijani",..."bn": "Bangla",..."ba": "Bashkir",..."eu": "Basque",..."bs": "Bosnian",..."bg": "Bulgarian",..."yue": "Cantonese (Traditional)",..."ca": "Catalan",..."lzh": "Chinese (Literary)",..."zh-Hans": "Chinese Simplified",..."zh-Hant": "Chinese Traditional",..."hr": "Croatian",..."cs": "Czech",..."da": "Danish",..."prs": "Dari",..."dv": "Divehi",..."nl": "Dutch",..."en": "English",..."et": "Estonian",..."fo": "Faroese",..."fj": "Fijian",..."fil": "Filipino",..."fi": "Finnish",..."fr": "French",..."fr-CA": "French (Canada)",..."gl": "Galician",..."ka": "Georgian",..."de": "German",..."el": "Greek",..."gu": "Gujarati",..."ht": "Haitian Creole",..."he": "Hebrew",..."hi": "Hindi",..."mww": "Hmong Daw",..."hu": "Hungarian",..."is": "Icelandic",..."id": "Indonesian",..."ikt": "Inuinnaqtun",..."iu": "Inuktitut",..."iu-L

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\TranslationData\is-MTTCD.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2397
          Entropy (8bit):4.743104252226533
          Encrypted:false
          SSDEEP:
          MD5:8E6D9F25582448A7322724D750B3971F
          SHA1:89C9D6371550692B09F967EA8EB0BC8E8384CB9A
          SHA-256:52E439B4E3004014F1D692F07F435572EB572329F6C83C5E169A38AC08CB9101
          SHA-512:1DF2D533910C7559A287A1F31774347B7705D738B5079F8D2F4E29DAB68ADD68B85A5D1574138E74C9FF70581DE13556D697714FC8A4B0D097C5FF51B2508D5B
          Malicious:false
          Reputation:low
          Preview:.{..."default": "Auto detect language",..."af": "Afrikaans",..."sq": "Albanian",..."am": "Amharic",..."ar": "Arabic",..."hy": "Armenian",..."as": "Assamese",..."az": "Azerbaijani",..."bn": "Bangla",..."ba": "Bashkir",..."eu": "Basque",..."bs": "Bosnian",..."bg": "Bulgarian",..."yue": "Cantonese (Traditional)",..."ca": "Catalan",..."lzh": "Chinese (Literary)",..."zh-Hans": "Chinese Simplified",..."zh-Hant": "Chinese Traditional",..."hr": "Croatian",..."cs": "Czech",..."da": "Danish",..."prs": "Dari",..."dv": "Divehi",..."nl": "Dutch",..."en": "English",..."et": "Estonian",..."fo": "Faroese",..."fj": "Fijian",..."fil": "Filipino",..."fi": "Finnish",..."fr": "French",..."fr-CA": "French (Canada)",..."gl": "Galician",..."ka": "Georgian",..."de": "German",..."el": "Greek",..."gu": "Gujarati",..."ht": "Haitian Creole",..."he": "Hebrew",..."hi": "Hindi",..."mww": "Hmong Daw",..."hu": "Hungarian",..."is": "Icelandic",..."id": "Indonesian",..."ikt": "Inuinnaqtun",..."iu": "Inuktitut",..."iu-L

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\1.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1643
          Entropy (8bit):7.800591646034944
          Encrypted:false
          SSDEEP:
          MD5:8E0FFDD3A090F263E3B350B79018FF15
          SHA1:B970D21F43593B3214F27653429D67068A9C89DD
          SHA-256:C071C4621917EC58C67730F16D6F42A68972B9FED7F366836550796C11F1F4C1
          SHA-512:A8A40BA8291CD1A41FA9CB2F1FB7DA59E7422BEAA5CE742262ED05ADC8823F1D9BD6965B38864329A5813A42764562882A07F3CBD4663E5AD7C337460963687F
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTEGpL..................bbb.........................mE..z..o...aC........................................................z.............Vj.c....tRNS.............&...@v5.*k......o]Q....PIDATX...v.0..U. .8...j.....)!....s....;'..V...J)....O...B......+...R<..0\...}."+.Ouq..^...T.O0..J`..]..,.7UL...u.`..../.kS.bpv....hw....,r....9.`...a...`.OP>;|+.cSB.....z.n7..4.:.K.zi.}.+...;...H..u.e.F.Z=..r:.p6^.5.I.....PH>.^.<.....x}..o.{.IPc....]l.....Q.._8.?w&m......./....pn.<....Q.9.2.GA...o%.n..$NE".....(h.G_.....g..D.h....K.W....e.....Hei8.BQ.M.T...G9..C."..i...T.D.A.....Uy..a.C... m.Dj..;A.|D.!..I4....p...}+n-.....!A..:.[...bB..k.*:./p.1M.F=...$u{.E...R,).A1.@.zEU.*sz.~..w.M..2.........P..V..>..s......,.j8.OqZ.eDJ...ZE].7.Od.@P...,.(.w.RU.i...v.(\3t6.L..=...YQ...g. ....h.....YRj.]Q.i..CR:"g.S..M.e.e..j.:.........PQ.K.h...vh..z....`..H...S{.r.aM.<....`M....Nrx.D..>....A.io.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\10.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2268
          Entropy (8bit):7.770486037437278
          Encrypted:false
          SSDEEP:
          MD5:468904A2C4F6BDBC8C688768C64A0DCC
          SHA1:C50E1EEC768D3BC8F855E1F150BF295AD48E0A07
          SHA-256:862CFCF6666A23060CE4E51ABE9A563223729505E40F75D4AED23F9D9EECFBD9
          SHA-512:BF6CD2CAB3DAC4B8C44943023CDB924181125B6FEBAF7FF88773D2923B264A11ADFB8EB3EF0784507CBF54A4DB67946F512904235C5BB43F9389E9F3F62EC0CD
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB........\PLTEGpL..........................................UUU..................`R2.........k........w.....................{.rI...............~........n.........................................................................................................y.....................[.............I.......................f..5......... ....?.....t.....XtRNS................ %*0..)p..4.t.E..`...D...<...r...=................................... .......IDATX...W.I..I....!$\r...\.d.BTB....pJ8..Zu...o...g....."D o>~...=U...G.fi.....n...9w8.w....^..W..m..3.xwP.v.]...!:... t]w...c.G.H.u.b.D"..!..]...WI.86g@..#... ..b.}EQ....F'......I...A.*.F$..A.es.A...J:3......c..@%..KQX;..0....../^.|........E$p...............".jim.@U...<=.Gq.n/.FH.i.O...t...~......k...r@..--...*=.......-..Y^V...Q}....c.bO_(ENF..]..P..$....s.Y.....Y.0&8OVk....G^M..Z=D..@.FE..nX.... )........N.M......fA..hrZ....[..(..m..1:d..$...xV.V

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\11.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 70, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1841
          Entropy (8bit):7.8430417800315935
          Encrypted:false
          SSDEEP:
          MD5:06CC8965468C584AEFF00E0BFB71E450
          SHA1:C8B83CFFECFCD1C0B3349709BBE9D10D9F5CE80B
          SHA-256:65BA8502AACF6277E4A584D5E5C19C18B05306361405051C9F937D41AE809829
          SHA-512:2EA077497B10DF7B52ABD33A725305AFEB60A709E800EE9FE5531DAF23855039CD43F15F629A082383C1D40223294C2F90E03B168A40295F20C9FBE611209648
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...F.....X9".....gAMA......a.....sRGB.........PLTEGpL..................iii...###..............................................GNP......................................................HF.W....tRNS...............$.u...[:.4.......!IDATX..i..H..[\X\hp..Y......&'.B\.v..6.DETx=I.P........;...d.....o8.....8..../..L..lg..8........N.LFb....Y..Gn..#..x<..a.LH..F^...."8e)..l........./x5.e6.[...X..&..+..f>...R.....$`..=..Qx.C.h..*..6.r.d...<......9...E.V..#b`...{.+....8.d...x.....q._I.p."...9.D.u..qQ ^.........<.PQ'Y.uy.4M...!^s.<P.k.D..,9.:.r.t.....A.L..?....@.|..C>5......".d..p....H..\...j.N..98mw.V.;E..Fp..{.8RQ.Q........#D,..o.9.....H.bD.Z.IP.....T.R..>...y.yC.).@.R.Ln..8.....2.$.n...A..(.IP...)>K1..g....B...7 a.Gc.,P*.9y..S..&.....8..]....H.C..:.Nm......I.n..>.0h....\#.....UCPY?[J....-K....>...m.....H..4]y....r..+...D...t..e.t c..@.Sw......R.W.m.$..A..u.......P..T.4|.(S*X....Z?ha../ ......Pv.@.Z......#.1..D.$.%].......jL.T..Q[....1......Z..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\12.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 66, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1946
          Entropy (8bit):7.835396596697952
          Encrypted:false
          SSDEEP:
          MD5:8188B3E896D8EC057F80A0355F550E7C
          SHA1:7FF41B8FCE858A48ABF2F53B052EFFC6B528809A
          SHA-256:AAA4708BCE500F576C0A8F769CF258330D21DDD2A4143BDA63F5258044CDEB11
          SHA-512:45F54C3522DFA998D20A7D8A955CEBDE5C07F8842EB2DDC54AFCEC5A9CD3E67948926B0C3EABC13A231E74C4F9CC23190F11A5EAFB7524AB85F57B2AB6D12925
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...B......`.....gAMA......a.....sRGB.........PLTE000..................GpL......................................y~.............iV/........................................................................................................U..... .a.....)tRNS................%0...5...6u...~X....n..A..7...7IDATX.....F......M|...r.]+ ..6.\...;u.......];*(....f....O2........xK.S..?~...".Gj4.i...e..?..........Y.CO...0.c..,T..xd=6.y^..&.;=..;B.........y. z.D!p....P.........*... .x4".CN.'.!^... .*...6H..xA...o...'..yhE......C^..2........r.j...]..b~...(.O...$.[..puw............. ...tI...9.c...-?.5cR.........p..Uoc.`...uABB..)qL8O.....V,v{...I^g...j....<=..v.X^.-f QB.so.(@.....!Z.y.ua....I.A..P.....$....HP_EA..e.2(r...yY....J..I.D4MD.....C.....@x..f.C...[w//L.L..b..,..#cR.g.)p...u8B../B..|g=Ym96L.F.....w......./.aH..%L+H&.{x..R.....Q..........1.<..$..b...$..}.....8..|+...3....... ..p.1y....D.{6.E.... .0.~..qL.$._.E..p+.R..=g.i...H.D..<..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\13.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1842
          Entropy (8bit):7.835631815264469
          Encrypted:false
          SSDEEP:
          MD5:366322FABA3603E1715FBA3B039264BD
          SHA1:7DE8FE7DE3D8AE9337B29C3949FA7DA99FA048B1
          SHA-256:C24DEA202F8D8C05CECB66AFF26E3B5D351F163FEC910DB3B1279D4DBF9C3C77
          SHA-512:D54ED0B5DC6F2A1D30F9BE09853B92B33AC70CA07BBBE857B497B5B25B2428357EC88308C15FD261325F8D5F7BAB7539D1ADB0DD3C486816D163B85E183607ED
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEGpL.....................888......... ....................;tz..........@..H..D..:.....>QW.....................?..9..4.....E...........L.....0..+........}.....'.....:........v&.i....tRNS.............%...q.[C.8......0.|fd....IDATX..kC.<..{q..f.{-.XE`..[.....33I.X.]..ZT.O.L.I.h.O..\....._AX..z!...@.........+.......8.a.gb...|..T@....dLbV.Y.;....?L!.......K=.......X........}s!,.3f..Y../....Y.W.\.e..-.Z....K'.....3...J../....e..|.......?..eY...:. . ..BiH!.|.....VB..i.F...(..8J.P.b._.t.l...U|.s......).S.u..8_bK.}@..f.%...%...{.F]k.N.i..8u.3[QZ.8+3`.:.p..f:......!...R.0..Y]..3*v..P.*.t..60.d.HYU..@i..s.).`.=I.6.E......I.....$W..L...x.G..t.T..L`iZ....@..G..!..D.q....*4'...O.Q....,.....63..,...:."...j..I..O.(..[u.K...X.]...r! DV.O.t.s.......D.P.$.t# .v%.hS.F....6.........X/.8.....z.$'.C..........P......D.eA..&Sj9. .s...@....=c.P...D...>yj...$.5E_.m...<J..$).[...j..b.|....D@...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\14.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2028
          Entropy (8bit):7.837885180628608
          Encrypted:false
          SSDEEP:
          MD5:C9978DEA5D212D625BC32A1E852FBBA9
          SHA1:3DDFA62AEA91B9CE8BB49424FF9B5BAA4514D4DD
          SHA-256:84E6E628B648DEDBB7D64575CD7C785B825E94F0CE1F17EBAA9B81A812497F42
          SHA-512:5209DDB4A9AD0CD840B320A78052282B124AF272BF5F4954C4A68D04D64AE336D349DC1D345CF1B52BEC845AA62CD15CB60364ABFE6B541A34018C1FC56F885C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEGpL..................888.............................................................GOP....~.............9....................................................................?..........r..j..G(g....&tRNS..............-% ..k.8...S.4.`...w.........IDATX...v.8...Sl.)....i.......H..K.?3.l...v..sv....4..._..l....?..u.^..g.o.p....~..`..._.Gd.....%L...'"...Q>9...:....<...+..a.......;..O..r.)....A..X.....>..yw.-..!.`.8...X...].....`.]..(..W.(......n7..y..o<O..8..(...^..,`a5.t......8.g~.J..P.eY...z+@.!9Sj].}.:.......F+.......4..0-..R..je.e#.U....!...P..qNG..jeM..t._.. '.0.L..$...F.5J...h...cQ..I..q.d.z..3DK....MA.....1'.$&=...^.&.Z,g..CE.N@Z.%....PY.&..p|..,....#.$.'.&A.'.@..C.l...V....j-.."...I'.D...,.(L.,g........pQb.\.R3H4.;.l8eA.....c.E")....s$.1=0..`.E..d.#j4KHY.I.#..P...Q..B.......>'E..).J.e.2.].Q...C.!.k$...v..(e8eY...1.....[:L.{v.Y..*B..g.}..;>T%D.S...q..q....Y!.(..6HP..XO.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\15.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1395
          Entropy (8bit):7.752996143932236
          Encrypted:false
          SSDEEP:
          MD5:4405A48B8EA0A38583FEC9CD85A7FCF1
          SHA1:DB0B2A817A57A1935AA64A1867DA316B12A0E3FD
          SHA-256:388E3DF4CFE3E2551CDD0B439FFBDCBB1590DB0D19F0F310B97FD60248E0A488
          SHA-512:D54BCBFC9D5E7A631E284BB527F1B78C3DF9C17C841BD792526D69A7FD9F811155715954AEF63CCC5A0E95A8C2226A5AF28C52118CDB718EDECD49E2ED7FD72C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTEGpL..................###...................................................................?..:.....D........I..N..6..U........2..S..........}`./..O$.}C...._).....Ns.~....tRNS..........#).....o.q...<^RY.....BIDATX..ks.:.....1..\..b.-M.m.Ch...Y.&Y..v3s.0..g.]I..z........e|.U...0..?..F!.....|y......:....>.a..........eu...!.D4...%.....y.\..Sd.+3|.@.3..KQ2..Bj.'..>.5Y:.x.=..Y...'.MI.T....%..qI.v.......a..?...;(..9`..~...V.t;:...&}"..]u.N".....I.W.O.oHwPd.?.|~...r]........H8j.. ....9.^..).N..'..Zz?.I...9..Yv..)...v8.H>.....l...A..px...K....u..?.3H..A.....E5.....c.h"...g....8..e..$..g.._\.yJ.TC...........H...T<.T..j.....% }.=.<..)..LUM9YbOzkI$..*.O.xv.*..leCK...8.T..RkF...RK...RT....X.)M.ig$y".D86E......i*{.H(..N.R.c.....U..,^xM..<]!.w.5...'...S.k.=.B.B"...|... ..i.d ..I..F..p..xZ...D.".j.. y~..q>....&h...R.j...5[....t.&KE...t:.@...I1..c+G...I[(*......[.B.)^.)..[.^..A.@..M.!.T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\16.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1605
          Entropy (8bit):7.8135042985555145
          Encrypted:false
          SSDEEP:
          MD5:B7C7B31973E7FDCA1549AFD99F45FB06
          SHA1:AD5852749D4EDED56951C39890F576403D1A2D00
          SHA-256:FA0158D2D52FB081854654CFD816B1ABA890B1164B951E70075085416193756D
          SHA-512:1BE3E57A86DD5E88FC9B8A9EE9DA86E165ECBEBBB798B5A7383C71DD8B9FE03EC24676E4F8F8DFD9586FD9205A50F8787122C99B51E305A48556F816F13FF119
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTE333..................GpL.........""".................................|...........................................................3..d..e...........<....... v....tRNS.............!(..t..^..:.Z......%IDATX...z.8....2$....$$.2.........l...owE.@..G.,.V......R.........Et..|..<%Z........^?..A..K..(.?.2..u...H..a.o...p:..i.)r.aE....v{.^..Y .8>....W...Z0..!kR....1.h.,...Y"...^.,....j&.d..D.g..R.c.i..K....{.I...-'..>h...(v...91.w....@.W.D\..).....t.....$.\.T$.".."[fyY.a>..w.O7.s ..HYDV...R.'...9j.. ...U.H)H..D.....B....V.>)m..'.B6..V.....4.N.Q.X...*oib...,h..x.....0.." })..k......x.e....ej.....H...`..I../Mb(.....&..v.t...........4..jRfI]S....,.f.......b.....(.No..5!.!HF.,...1.E.D@5?s...$......)...Oq;......?.$..p.[nK...S....$.kT=.1.2.-.HY. ..w.8.y...s...6C2(...n6o......%E...,G>I.Y.W....^.L89.X.]..Y..&G...#y6.I._i......v.q$2....d.uNyM.]......3=..I...6.]......].n..|n...3i..G.q.4...t.z..R.%.%i.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\17.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 68 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1131
          Entropy (8bit):7.7203310825525095
          Encrypted:false
          SSDEEP:
          MD5:D10981A9454AB06EFF597E7626A9DA83
          SHA1:343ADC3641D2EBE93125DF681E3AB61BDA0A5B0F
          SHA-256:DEF719251EEBE618E2B928EB91E6EC0E9F5EF69C1C44493F44738E3715869F90
          SHA-512:07C9D94D786E3B49F47F7262A892E315182C51CDB3C6A44C1EC2E163DD2D6D7F3A4E2CDDFDE77043E40518AF38EDCE11CD7661BE38CDB8A65F4087327A290FA5
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...D...@......\!.....gAMA......a.....sRGB........iPLTEGpL............................................................:?Bqvz...Z^a..............................{<......tRNS.7>0......(.G.!P....M/.Qg.%.O....yIDATX...r.0.E....!l.........b.v2/3...S-.U.....2.l........D$..cp..s~.....`~....D.I..#.b.b..04..B..|...v..y%..H.X...t>.%SR.(.g.!F.;.!.L....u...0.....@.hRo..H0..9....E...I.y}."I.X..i..f9a..I.(5q^\GRE6.OH .F.......8."..,.Btf....(..2.)........2.pq......]u_V...3..D....../.U...Zvlp..K.....3..C...w..,.*../.]9...G.3.%.~L.E...F...6..0...!......(0..&...P...!..........27......h.R..m.;..l.<...L..5...n.s..(..>L.@xE.U..j....6.WU....d^f..L.!2.......N!....).W..>>...A....4....5./.,.2.m(..=.v..LKc...:.-._....).o`.].>......kT.o;..g5r,...x...r.)q2....j._.t.......JZ...f.v....J.......7[Spr.c5.....*..QJ]....q....L...x.....J~.....O.]YC?..Z..]...k....iW..$..X.u.@"..{(|..!WHg5bL*....<#.9.[j........X..n......C.>..V..0..~...c~0(L....;h\.t.S.......2....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\2.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 62, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.7897664870254335
          Encrypted:false
          SSDEEP:
          MD5:82B8B14657341984CD29A5C1164D8192
          SHA1:72F36418C128F097352F575A7A2959F5CCA92100
          SHA-256:61FFCAFB2BDC2E8858ED977D88599A5497D1DF080B1959799FEBDA7CB722283F
          SHA-512:C704D7544B9657F387522C4F50AAB2F9C510688EBF3A9DCF6ECAD0CA6225000772527E6AD2749196A1AE0D667A17AAF1A30B3EDDE05F813722A90CD0A05695ED
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...>......H......gAMA......a.....sRGB.........PLTEGpL........................'''.................................{d1.........vn.z.....}.......y.....Y.......................................................|.............................~...W.0...........+.b...*tRNS..............".+.u.1.m.=.U...Vv.`...j. 3.Y....IDATX...V.8..#7.%.de_..sfL6.%....{....nI......s..c.[e...V..H.d,Y.$.w.).T."...T.<*..4...A..>.P*.,.nR!...Vt..A.....J.........@ T.'.......F..@....^.c...3J.eH{=>.G...h|!y...V.....2.4........x.<..8....}......8d.0G_.........A..>pE..if;^..dH..zl.I..|.$HUp.~.....G6.z...)I./..H...w.X.WI..$cJ....'M....Q.US...(C.........p.ww..'K..@2(.Lm5..!...;&...\.EQ..(.j+......U.....oO.A...... a3t>......B..v.)..E.Hu....5...`...0G.>.,Il).4.m..fs.Bx....5...o..so........3..nq......A...r'. .......)..y...o.]..y...eIs...1.....g.'..x%Q..Bc1j...:..jj\.[ .(..6C#..tZ.flH..!..nG...Za...]L..5{.)..p8....'M...":*.%H.A`@........q..U..j.!:.....:JN....o...y\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\3.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 70 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1948
          Entropy (8bit):7.801003785789268
          Encrypted:false
          SSDEEP:
          MD5:1ABF9F2F2FA65D298C06D435653E7EA6
          SHA1:442A3D8A1AAE46652C579FBD2EFE1CB2284C65FB
          SHA-256:9FA148BFF6F2F6600B1A1A7793C4560F56414B0F55437DFBE07D423328F1A86F
          SHA-512:F57801925FCA0DEF1931A2BC061043B4B755F9FF5EAAD067CDC9FBB82D90A646DCB894A17C4D7646104DB42D579BC5F1467F18B144FF56EA73F77FC2B40B1CE2
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...F...@............gAMA......a.....sRGB.........PLTEGpL..................222!!!............UUU.................................k..........U/.......c..m..u............p..s..`....f..s..Q...............................................y............................Y.....0tRNS................."'..-4....G..8...p..........h.9....IDATX...S.I...d....%...<n.ADT.]H4......=3; ..].U]#.............$d..$....M.L+.jz..~.O...I.C.EYdL...._......T..q...V..f...A..Z).E.t./6..B.......!.J+fT...[@..E.(...4.._c..HL.z>M+li...I...XzE...n..:"...|.^.v.t...(.....H.BX.(. H..9}w.......V.$F....7..c..HQ.)iZ....Z.....wG".=L.K.X..1H....?.....l&..j6..C..pt...q..Iy{{k8..9;j6.e`.,.)Z..wIG.rs..!..jR.W..._....$k..(w77..<.^.1=>vW|/.w..s.U.YG.W.7.....n<ADY..czv......s..TT.HL..|..Y,.V.[,OY......a..s.s+...k..k....En..../.tr.?..3[.....7lxX.`.".T...........a...~...z.v...t....TfW.B......p.....}.:.J. ..o.P0...9....gv...`Z.t.O.E.S.6d.y.Xr..zf0g...V.|b1.q.".)i....#8..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\4.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 60, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1359
          Entropy (8bit):7.751505798802007
          Encrypted:false
          SSDEEP:
          MD5:9F81356D504E20EAB101340E5E9E3E32
          SHA1:849AA503DB715AF5AFFCE9B0BDC53C60E36EDE08
          SHA-256:46D8B4B5ED65C3DDF867223C1360A50297432854EAA0DAF69E7C2F49CB665D8D
          SHA-512:A3D6E99694BEB4962ABFAD30BA247DDF33A6226224C9B2293529539099D82FFF6CE4A372A98492E05A9F6259AD50CF795462C93801B0006442513F9DEA5607C9
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...<............gAMA......a.....sRGB.........PLTEGpL........................111.......................}_(...............................{..........................................d...T...!tRNS..........."+...m./:......R|...~~..W...3IDATX...b.0....PQ.j.Y`.@m...7gKHX.7s1?*....N...l._HiE...#<..L....l...j..`..QDB.....4...N..j.`.[AEJ..Q..y....Y..P....]?......l.....+..b.....8r.E7R.q........|S.....|..|..8?..%..a.].....#.MQ..[........G~q....8........]0..K.|.............S.....T.1..J...#..........\A.....%Ez......F@.1.%.!m0......#6..!b]%0.T.J...LZ+1.k}]3..Cn...Z.*C..-....V1.<....z&....t..Z.;R.vY.F!g..m..i.g.....&....7.F4$ ...@@2.$.H..,E..'.'......$.......EL.O"...*{..LJ.08.K5G.$..x....A.d...Y."{";..0cJVUz........r}v...=%..#*yc..).Eo.v..1..k..V."..|..."G.IlA...S...'k..J..{..uY.v{w....wpc.........U.;..?O...d.........vg........v...;i.w..;.%..X.|...kn".........Al.h. ....4.....d;..17c-...1n(uS.A'S......7.(.K......%.....X.t{>l........v..4...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\5.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1401
          Entropy (8bit):7.810802370350953
          Encrypted:false
          SSDEEP:
          MD5:A40772E819D50F4E4FF99870A9586B1F
          SHA1:19CFCC960632F881A5E672350BD11A1CBCA48C05
          SHA-256:69B092295E99D87FA9A181579BA439A3DCA82F64795D23E4038FD616E0B06D4B
          SHA-512:2D3F2D685809871F91987E2D6C8440CEA2357C12308AD03D3B4792B74482DC6D20BB1BA183FDC516A9B631FED1256D66165827621615F6C0C512A3A44438A320
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...@......`......gAMA......a.....sRGB........cPLTEGpL..................###.....................z}....................................................,.....tRNS...........!*.y6..].lH......IDATX...(..c4..j6.....SN-.....s..\..[....T.....Q.. D. ;.p..f..S..aY@...U.dU...... ...,.*.y_B..7.A.x.!.SFb...).....(...w......\..).c.da.......a..v.6..\/........9h.0.y")8.m.$..V,.f..].H..H.c-....8..mb.R.-M.e...k...}|.c..R*...<../f..%.Hq>&..Q.'=.F.O...pq+....W...M..q7..g.......Fm..E....Vv,.+oJ...bhD;.2...@..m...[...bG.....+cf.s...!..6 ......Tl..\....4i.6k._.9.j.%.u..W..Q..`.ZyY..,)..R.$.j..@...3.@|.,M7$UQ...f..!c#.q....IM........z2..K...k7...`.M...o...IZ7...1/..(.G.!I..X.c.B..r...t.."..4.X..Qp..T.....<`VH|.6....p......./.hT..R.. . .h.MI.^.@.L.....#(g...F.}~.v...u....::...F....L..I.).d...TxP. .n.|L...}*.......2....w.o2. ..........s.k..nP.7Y0.I....#\q0....;...sT.1..}...4...2..~..B..E.....Q.|...K..vm..a.v....+...q.w.Q.....}...l...e6:.G.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\6.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1690
          Entropy (8bit):7.824363659151294
          Encrypted:false
          SSDEEP:
          MD5:C3A122FF9946A7D569D58CDC44FE39FC
          SHA1:A89C7A4852CAC4F374F0E2CE57117FBBB5C10D77
          SHA-256:E1F4390082C9AFB969FA6F1FCDB4A9235E589B43C3AD59B90228F76CC38F9DF2
          SHA-512:EA5DFECC428243AD00B637682F32B657738775635A81C6D0C8EAC1C11EEB70B56A48B39BD5164DBAFB0DF2B9AF03BD48E1B83B6EA2DD28EC0BF5E5F49D6D1B71
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEggg..................GpL!!!.................................................[^_......................................................8.iG....tRNS............ &</.x3.s....9Y.........IDATX...v.J......7.k..U.(..z..A.;3..q=./U..7]...$.@F5.......3'Y....y...^..~f.........~..H...)<H.z..y....#...Y..../A...O&....EAa...D.D........h..$...A.%.....c...a.I,F..3........... .@)..</4......@....C.#"..p.,CFF..<.b~Rt'&.".*O..,..*.|...)...dC...#.o.:......y..\9..e.M.%...#.I*>..,.2..J1..Y..2I.4L....R. ....b..t..I_O.t.$3.G...S.].E...s. .C-.....&...GI..x.:.L.....rH..8 ..O..8.....T]6.9Q....kdG.'.zy..6.....T.~.q.=.6cM..Jk}({.M.....J.........{.@D...z...~.....H..AB".L......7UU.@:.{..."..5@.....Q.T....t...kQ.u...(.0t#2<+pr!..j!..s...}.2....N......H..g[A.....8..h..q..S.......d..".2q5".h......u..bQ.ld16~,/D.F...5\j.2... "....O.5.cG...u..<..(-[.T.z9W...3+.....J... .....v..G...Au[~q...kM%.03....~..~&PS.].`T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\7.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 66, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1885
          Entropy (8bit):7.854920759578032
          Encrypted:false
          SSDEEP:
          MD5:02F2758B2DDB93CD34E93899A6BBE15D
          SHA1:1A260AF88321E289C5434DA66250899CA49B161A
          SHA-256:9A552B246E2BC5ED938D034D3491BFBCC6D3C22B26BE02B0843ACB23A645B758
          SHA-512:8F68BD2DDFD5402E77D0FEA23D80F10ED30FC02CB494791A2B4575EB4B9CB63CC577F1FA0374C70B8D95EAFD047362EEA80F08195928C87E9F6E24E0E804834C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...B......`.....gAMA......a.....sRGB.........PLTEGpL..................$$$..............................{........................|...d..............................................y..................................................................................m................=..7..L...............[........A.../......1tRNS............$+.3..b.....q.v>4.5R.i.............9.......IDATX..y[.X..e.`......L..!.$...RTT.......s...!:...f^$.'..|.Kr...!R.25.../(.\....cY..u...E..Ye.L`.b..%..** .....Df..y.T..R.q.".....S.,.2^M.!.)1$...T|....L(9T!W A..,.....x...L....p}}........f.Q....*1.x1?E..0o....Y...j....g......gg.:..9..;".^...8.(B=?4S..`...B.10....!=7[.C...fkSE..%..q...tq..b....iU1.%..L.e:.+.J $....l.q....|_....YK<dl.D..3....6|..r..S.....C..h.....v.M.N....M.ID..~??_!...iO.I{@..K;.1.P.`}<'.`e.[.GHuKYJ.hm...y....h...a...8K..8..........}+.]...Q\.-...i..H.&...._..%.0wF0tA`Zj....J.6+.< @}....2...j.._TL.%}z..I.+....c......nto;.....*......1

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\8.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1977
          Entropy (8bit):7.801345898620898
          Encrypted:false
          SSDEEP:
          MD5:5CCD0D58D7DBF5F3CB5187509F629C93
          SHA1:0472186B411F1731680CB8EE8967FB6DA46823BF
          SHA-256:28D8EEFFAF8A81C13B0A5694513EB0AE05FF1A4B982B22EC93A0D3723740C819
          SHA-512:75F5DFC892D44651A53FCB48C65B0B8DD121BA85838D64A4E5615FB9734184419ED612D9026DD45CA907F84C71315AE1CAC1F83206D318A12724A83BE084C11F
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB........SPLTEhhh..................GpL............................q.eT..z..z..............{........................~.......................n........m7.......................y..........................................................................................z................=.....7..q.....i.......L....W...........t.... .?.......o....8tRNS..........."+&1n67'c....w....9......X...r.m.C......~...d....IDATX...W.X.._...@-....n...$.l.QK[.3V[.j...........=.s........$...w..OAJd.|...tQ....u ..g..t.h.../.k.NC.)...e...0DDb_g........X.uNt6...8..(..}..AR...d2..).4D.%.s@<V...@J..}rse..G.K..Q.M..r...I]....5h....+)t...t..x1...z..%.^......r....K.B....S\..@.W.9..@..:&91..:0 .s..r.)..L.AR2......,.....".%.A ..=.-/..8...H..S..>S.)..!a.`;........$..TV".C-$-3..ux0....!..$E.q....Z..IKK....zp..@2>..r..Y$...._...).4..C6..F(!."AS.4?................!...]wR::..9....bT.{0..k$_>N;vt1.8.Psc.Q-$u...."n..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\9.png (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2024
          Entropy (8bit):7.8160441095086295
          Encrypted:false
          SSDEEP:
          MD5:6CF3E145EB2796119A1DCC89E2D622CA
          SHA1:84CC5C98BB3306090E2FC1C12E6F9D3B04B182E3
          SHA-256:9F5DC03EA0B20A2AD3CA631E5F3320E9AF92F0E007D7B32D1B70FB6B3F3D3BCD
          SHA-512:C11B0E1C821347FD489F0A2DF8DF674C69986D69E08E342D1693D7F2801990035BFEBA84DDD859F9F19F76F64F19B8DD3157F4D04B26417925D8C26102D83517
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...@......`......gAMA......a.....sRGB......../PLTE.....................GpL................................y}~..............s...........................g..........................z..........................................................................................................................[..A........~..........L..o......!.A......./tRNS.............".'...7..r<..bq...............(|.....IDATX...W.I....u`.b@.>..x.]...Z..D...I..........g.L..{...G....c..S....... .....^S.o<............LB.5e.?........e.h.. ...s.|.....P6..]...f'.t"-..)L.wA.'..L.i....%.f.(HfT... ..A.W.)Y...J.R$`..I.....L.y...._f..giu...].\]./m.J.*....L......7.w....F..dK.......93..e...BT5...|;1.. .Kq....5A..]^*d5)..$..10D.WD..g..OU...#i..E.f..9..gg....Jp..j.T..4...MLd....B..12.. .$.6...:.>.'t....4..nUC..1j..$....J.f..t6}M..M.dRDo..+..&...)G....9....4...4.A3VD.......!Ki.FF....8hjz... '-..........T.`4...{dt...........`.;..K...<D..@z..x.....\.O.8...<.J.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-2PUR7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2028
          Entropy (8bit):7.837885180628608
          Encrypted:false
          SSDEEP:
          MD5:C9978DEA5D212D625BC32A1E852FBBA9
          SHA1:3DDFA62AEA91B9CE8BB49424FF9B5BAA4514D4DD
          SHA-256:84E6E628B648DEDBB7D64575CD7C785B825E94F0CE1F17EBAA9B81A812497F42
          SHA-512:5209DDB4A9AD0CD840B320A78052282B124AF272BF5F4954C4A68D04D64AE336D349DC1D345CF1B52BEC845AA62CD15CB60364ABFE6B541A34018C1FC56F885C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEGpL..................888.............................................................GOP....~.............9....................................................................?..........r..j..G(g....&tRNS..............-% ..k.8...S.4.`...w.........IDATX...v.8...Sl.)....i.......H..K.?3.l...v..sv....4..._..l....?..u.^..g.o.p....~..`..._.Gd.....%L...'"...Q>9...:....<...+..a.......;..O..r.)....A..X.....>..yw.-..!.`.8...X...].....`.]..(..W.(......n7..y..o<O..8..(...^..,`a5.t......8.g~.J..P.eY...z+@.!9Sj].}.:.......F+.......4..0-..R..je.e#.U....!...P..qNG..jeM..t._.. '.0.L..$...F.5J...h...cQ..I..q.d.z..3DK....MA.....1'.$&=...^.&.Z,g..CE.N@Z.%....PY.&..p|..,....#.$.'.&A.'.@..C.l...V....j-.."...I'.D...,.(L.,g........pQb.\.R3H4.;.l8eA.....c.E")....s$.1=0..`.E..d.#j4KHY.I.#..P...Q..B.......>'E..).J.e.2.].Q...C.!.k$...v..(e8eY...1.....[:L.{v.Y..*B..g.}..;>T%D.S...q..q....Y!.(..6HP..XO.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-2R8LL.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1842
          Entropy (8bit):7.835631815264469
          Encrypted:false
          SSDEEP:
          MD5:366322FABA3603E1715FBA3B039264BD
          SHA1:7DE8FE7DE3D8AE9337B29C3949FA7DA99FA048B1
          SHA-256:C24DEA202F8D8C05CECB66AFF26E3B5D351F163FEC910DB3B1279D4DBF9C3C77
          SHA-512:D54ED0B5DC6F2A1D30F9BE09853B92B33AC70CA07BBBE857B497B5B25B2428357EC88308C15FD261325F8D5F7BAB7539D1ADB0DD3C486816D163B85E183607ED
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEGpL.....................888......... ....................;tz..........@..H..D..:.....>QW.....................?..9..4.....E...........L.....0..+........}.....'.....:........v&.i....tRNS.............%...q.[C.8......0.|fd....IDATX..kC.<..{q..f.{-.XE`..[.....33I.X.]..ZT.O.L.I.h.O..\....._AX..z!...@.........+.......8.a.gb...|..T@....dLbV.Y.;....?L!.......K=.......X........}s!,.3f..Y../....Y.W.\.e..-.Z....K'.....3...J../....e..|.......?..eY...:. . ..BiH!.|.....VB..i.F...(..8J.P.b._.t.l...U|.s......).S.u..8_bK.}@..f.%...%...{.F]k.N.i..8u.3[QZ.8+3`.:.p..f:......!...R.0..Y]..3*v..P.*.t..60.d.HYU..@i..s.).`.=I.6.E......I.....$W..L...x.G..t.T..L`iZ....@..G..!..D.q....*4'...O.Q....,.....63..,...:."...j..I..O.(..[u.K...X.]...r! DV.O.t.s.......D.P.$.t# .v%.hS.F....6.........X/.8.....z.$'.C..........P......D.eA..&Sj9. .s...@....=c.P...D...>yj...$.5E_.m...<J..$).[...j..b.|....D@...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-2SQAH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1401
          Entropy (8bit):7.810802370350953
          Encrypted:false
          SSDEEP:
          MD5:A40772E819D50F4E4FF99870A9586B1F
          SHA1:19CFCC960632F881A5E672350BD11A1CBCA48C05
          SHA-256:69B092295E99D87FA9A181579BA439A3DCA82F64795D23E4038FD616E0B06D4B
          SHA-512:2D3F2D685809871F91987E2D6C8440CEA2357C12308AD03D3B4792B74482DC6D20BB1BA183FDC516A9B631FED1256D66165827621615F6C0C512A3A44438A320
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...@......`......gAMA......a.....sRGB........cPLTEGpL..................###.....................z}....................................................,.....tRNS...........!*.y6..].lH......IDATX...(..c4..j6.....SN-.....s..\..[....T.....Q.. D. ;.p..f..S..aY@...U.dU...... ...,.*.y_B..7.A.x.!.SFb...).....(...w......\..).c.da.......a..v.6..\/........9h.0.y")8.m.$..V,.f..].H..H.c-....8..mb.R.-M.e...k...}|.c..R*...<../f..%.Hq>&..Q.'=.F.O...pq+....W...M..q7..g.......Fm..E....Vv,.+oJ...bhD;.2...@..m...[...bG.....+cf.s...!..6 ......Tl..\....4i.6k._.9.j.%.u..W..Q..`.ZyY..,)..R.$.j..@...3.@|.,M7$UQ...f..!c#.q....IM........z2..K...k7...`.M...o...IZ7...1/..(.G.!I..X.c.B..r...t.."..4.X..Qp..T.....<`VH|.6....p......./.hT..R.. . .h.MI.^.@.L.....#(g...F.}~.v...u....::...F....L..I.).d...TxP. .n.|L...}*.......2....w.o2. ..........s.k..nP.7Y0.I....#\q0....;...sT.1..}...4...2..~..B..E.....Q.|...K..vm..a.v....+...q.w.Q.....}...l...e6:.G.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-3E05J.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 62, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.7897664870254335
          Encrypted:false
          SSDEEP:
          MD5:82B8B14657341984CD29A5C1164D8192
          SHA1:72F36418C128F097352F575A7A2959F5CCA92100
          SHA-256:61FFCAFB2BDC2E8858ED977D88599A5497D1DF080B1959799FEBDA7CB722283F
          SHA-512:C704D7544B9657F387522C4F50AAB2F9C510688EBF3A9DCF6ECAD0CA6225000772527E6AD2749196A1AE0D667A17AAF1A30B3EDDE05F813722A90CD0A05695ED
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...>......H......gAMA......a.....sRGB.........PLTEGpL........................'''.................................{d1.........vn.z.....}.......y.....Y.......................................................|.............................~...W.0...........+.b...*tRNS..............".+.u.1.m.=.U...Vv.`...j. 3.Y....IDATX...V.8..#7.%.de_..sfL6.%....{....nI......s..c.[e...V..H.d,Y.$.w.).T."...T.<*..4...A..>.P*.,.nR!...Vt..A.....J.........@ T.'.......F..@....^.c...3J.eH{=>.G...h|!y...V.....2.4........x.<..8....}......8d.0G_.........A..>pE..if;^..dH..zl.I..|.$HUp.~.....G6.z...)I./..H...w.X.WI..$cJ....'M....Q.US...(C.........p.ww..'K..@2(.Lm5..!...;&...\.EQ..(.j+......U.....oO.A...... a3t>......B..v.)..E.Hu....5...`...0G.>.,Il).4.m..fs.Bx....5...o..so........3..nq......A...r'. .......)..y...o.]..y...eIs...1.....g.'..x%Q..Bc1j...:..jj\.[ .(..6C#..tZ.flH..!..nG...Za...]L..5{.)..p8....'M...":*.%H.A`@........q..U..j.!:.....:JN....o...y\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-3J0TL.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2268
          Entropy (8bit):7.770486037437278
          Encrypted:false
          SSDEEP:
          MD5:468904A2C4F6BDBC8C688768C64A0DCC
          SHA1:C50E1EEC768D3BC8F855E1F150BF295AD48E0A07
          SHA-256:862CFCF6666A23060CE4E51ABE9A563223729505E40F75D4AED23F9D9EECFBD9
          SHA-512:BF6CD2CAB3DAC4B8C44943023CDB924181125B6FEBAF7FF88773D2923B264A11ADFB8EB3EF0784507CBF54A4DB67946F512904235C5BB43F9389E9F3F62EC0CD
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB........\PLTEGpL..........................................UUU..................`R2.........k........w.....................{.rI...............~........n.........................................................................................................y.....................[.............I.......................f..5......... ....?.....t.....XtRNS................ %*0..)p..4.t.E..`...D...<...r...=................................... .......IDATX...W.I..I....!$\r...\.d.BTB....pJ8..Zu...o...g....."D o>~...=U...G.fi.....n...9w8.w....^..W..m..3.xwP.v.]...!:... t]w...c.G.H.u.b.D"..!..]...WI.86g@..#... ..b.}EQ....F'......I...A.*.F$..A.es.A...J:3......c..@%..KQX;..0....../^.|........E$p...............".jim.@U...<=.Gq.n/.FH.i.O...t...~......k...r@..--...*=.......-..Y^V...Q}....c.bO_(ENF..]..P..$....s.Y.....Y.0&8OVk....G^M..Z=D..@.FE..nX.... )........N.M......fA..hrZ....[..(..m..1:d..$...xV.V

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-88VR8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1395
          Entropy (8bit):7.752996143932236
          Encrypted:false
          SSDEEP:
          MD5:4405A48B8EA0A38583FEC9CD85A7FCF1
          SHA1:DB0B2A817A57A1935AA64A1867DA316B12A0E3FD
          SHA-256:388E3DF4CFE3E2551CDD0B439FFBDCBB1590DB0D19F0F310B97FD60248E0A488
          SHA-512:D54BCBFC9D5E7A631E284BB527F1B78C3DF9C17C841BD792526D69A7FD9F811155715954AEF63CCC5A0E95A8C2226A5AF28C52118CDB718EDECD49E2ED7FD72C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTEGpL..................###...................................................................?..:.....D........I..N..6..U........2..S..........}`./..O$.}C...._).....Ns.~....tRNS..........#).....o.q...<^RY.....BIDATX..ks.:.....1..\..b.-M.m.Ch...Y.&Y..v3s.0..g.]I..z........e|.U...0..?..F!.....|y......:....>.a..........eu...!.D4...%.....y.\..Sd.+3|.@.3..KQ2..Bj.'..>.5Y:.x.=..Y...'.MI.T....%..qI.v.......a..?...;(..9`..~...V.t;:...&}"..]u.N".....I.W.O.oHwPd.?.|~...r]........H8j.. ....9.^..).N..'..Zz?.I...9..Yv..)...v8.H>.....l...A..px...K....u..?.3H..A.....E5.....c.h"...g....8..e..$..g.._\.yJ.TC...........H...T<.T..j.....% }.=.<..)..LUM9YbOzkI$..*.O.xv.*..leCK...8.T..RkF...RK...RT....X.)M.ig$y".D86E......i*{.H(..N.R.c.....U..,^xM..<]!.w.5...'...S.k.=.B.B"...|... ..i.d ..I..F..p..xZ...D.".j.. y~..q>....&h...R.j...5[....t.&KE...t:.@...I1..c+G...I[(*......[.B.)^.)..[.^..A.@..M.!.T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-8P4II.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 60, 8-bit colormap, non-interlaced
          Category:modified
          Size (bytes):1359
          Entropy (8bit):7.751505798802007
          Encrypted:false
          SSDEEP:
          MD5:9F81356D504E20EAB101340E5E9E3E32
          SHA1:849AA503DB715AF5AFFCE9B0BDC53C60E36EDE08
          SHA-256:46D8B4B5ED65C3DDF867223C1360A50297432854EAA0DAF69E7C2F49CB665D8D
          SHA-512:A3D6E99694BEB4962ABFAD30BA247DDF33A6226224C9B2293529539099D82FFF6CE4A372A98492E05A9F6259AD50CF795462C93801B0006442513F9DEA5607C9
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...<............gAMA......a.....sRGB.........PLTEGpL........................111.......................}_(...............................{..........................................d...T...!tRNS..........."+...m./:......R|...~~..W...3IDATX...b.0....PQ.j.Y`.@m...7gKHX.7s1?*....N...l._HiE...#<..L....l...j..`..QDB.....4...N..j.`.[AEJ..Q..y....Y..P....]?......l.....+..b.....8r.E7R.q........|S.....|..|..8?..%..a.].....#.MQ..[........G~q....8........]0..K.|.............S.....T.1..J...#..........\A.....%Ez......F@.1.%.!m0......#6..!b]%0.T.J...LZ+1.k}]3..Cn...Z.*C..-....V1.<....z&....t..Z.;R.vY.F!g..m..i.g.....&....7.F4$ ...@@2.$.H..,E..'.'......$.......EL.O"...*{..LJ.08.K5G.$..x....A.d...Y."{";..0cJVUz........r}v...=%..#*yc..).Eo.v..1..k..V."..|..."G.IlA...S...'k..J..{..uY.v{w....wpc.........U.;..?O...d.........vg........v...;i.w..;.%..X.|...kn".........Al.h. ....4.....d;..17c-...1n(uS.A'S......7.(.K......%.....X.t{>l........v..4...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-9DM27.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 70 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1948
          Entropy (8bit):7.801003785789268
          Encrypted:false
          SSDEEP:
          MD5:1ABF9F2F2FA65D298C06D435653E7EA6
          SHA1:442A3D8A1AAE46652C579FBD2EFE1CB2284C65FB
          SHA-256:9FA148BFF6F2F6600B1A1A7793C4560F56414B0F55437DFBE07D423328F1A86F
          SHA-512:F57801925FCA0DEF1931A2BC061043B4B755F9FF5EAAD067CDC9FBB82D90A646DCB894A17C4D7646104DB42D579BC5F1467F18B144FF56EA73F77FC2B40B1CE2
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...F...@............gAMA......a.....sRGB.........PLTEGpL..................222!!!............UUU.................................k..........U/.......c..m..u............p..s..`....f..s..Q...............................................y............................Y.....0tRNS................."'..-4....G..8...p..........h.9....IDATX...S.I...d....%...<n.ADT.]H4......=3; ..].U]#.............$d..$....M.L+.jz..~.O...I.C.EYdL...._......T..q...V..f...A..Z).E.t./6..B.......!.J+fT...[@..E.(...4.._c..HL.z>M+li...I...XzE...n..:"...|.^.v.t...(.....H.BX.(. H..9}w.......V.$F....7..c..HQ.)iZ....Z.....wG".=L.K.X..1H....?.....l&..j6..C..pt...q..Iy{{k8..9;j6.e`.,.)Z..wIG.rs..!..jR.W..._....$k..(w77..<.^.1=>vW|/.w..s.U.YG.W.7.....n<ADY..czv......s..TT.HL..|..Y,.V.[,OY......a..s.s+...k..k....En..../.tr.?..3[.....7lxX.`.".T...........a...~...z.v...t....TfW.B......p.....}.:.J. ..o.P0...9....gv...`Z.t.O.E.S.6d.y.Xr..zf0g...V.|b1.q.".)i....#8..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-BL54E.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 70, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1841
          Entropy (8bit):7.8430417800315935
          Encrypted:false
          SSDEEP:
          MD5:06CC8965468C584AEFF00E0BFB71E450
          SHA1:C8B83CFFECFCD1C0B3349709BBE9D10D9F5CE80B
          SHA-256:65BA8502AACF6277E4A584D5E5C19C18B05306361405051C9F937D41AE809829
          SHA-512:2EA077497B10DF7B52ABD33A725305AFEB60A709E800EE9FE5531DAF23855039CD43F15F629A082383C1D40223294C2F90E03B168A40295F20C9FBE611209648
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...F.....X9".....gAMA......a.....sRGB.........PLTEGpL..................iii...###..............................................GNP......................................................HF.W....tRNS...............$.u...[:.4.......!IDATX..i..H..[\X\hp..Y......&'.B\.v..6.DETx=I.P........;...d.....o8.....8..../..L..lg..8........N.LFb....Y..Gn..#..x<..a.LH..F^...."8e)..l........./x5.e6.[...X..&..+..f>...R.....$`..=..Qx.C.h..*..6.r.d...<......9...E.V..#b`...{.+....8.d...x.....q._I.p."...9.D.u..qQ ^.........<.PQ'Y.uy.4M...!^s.<P.k.D..,9.:.r.t.....A.L..?....@.|..C>5......".d..p....H..\...j.N..98mw.V.;E..Fp..{.8RQ.Q........#D,..o.9.....H.bD.Z.IP.....T.R..>...y.yC.).@.R.Ln..8.....2.$.n...A..(.IP...)>K1..g....B...7 a.Gc.,P*.9y..S..&.....8..]....H.C..:.Nm......I.n..>.0h....\#.....UCPY?[J....-K....>...m.....H..4]y....r..+...D...t..e.t c..@.Sw......R.W.m.$..A..u.......P..T.4|.(S*X....Z?ha../ ......Pv.@.Z......#.1..D.$.%].......jL.T..Q[....1......Z..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-FHH1J.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1690
          Entropy (8bit):7.824363659151294
          Encrypted:false
          SSDEEP:
          MD5:C3A122FF9946A7D569D58CDC44FE39FC
          SHA1:A89C7A4852CAC4F374F0E2CE57117FBBB5C10D77
          SHA-256:E1F4390082C9AFB969FA6F1FCDB4A9235E589B43C3AD59B90228F76CC38F9DF2
          SHA-512:EA5DFECC428243AD00B637682F32B657738775635A81C6D0C8EAC1C11EEB70B56A48B39BD5164DBAFB0DF2B9AF03BD48E1B83B6EA2DD28EC0BF5E5F49D6D1B71
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB.........PLTEggg..................GpL!!!.................................................[^_......................................................8.iG....tRNS............ &</.x3.s....9Y.........IDATX...v.J......7.k..U.(..z..A.;3..q=./U..7]...$.@F5.......3'Y....y...^..~f.........~..H...)<H.z..y....#...Y..../A...O&....EAa...D.D........h..$...A.%.....c...a.I,F..3........... .@)..</4......@....C.#"..p.,CFF..<.b~Rt'&.".*O..,..*.|...)...dC...#.o.:......y..\9..e.M.%...#.I*>..,.2..J1..Y..2I.4L....R. ....b..t..I_O.t.$3.G...S.].E...s. .C-.....&...GI..x.:.L.....rH..8 ..O..8.....T]6.9Q....kdG.'.zy..6.....T.~.q.=.6cM..Jk}({.M.....J.........{.@D...z...~.....H..AB".L......7UU.@:.{..."..5@.....Q.T....t...kQ.u...(.0t#2<+pr!..j!..s...}.2....N......H..g[A.....8..h..q..S.......d..".2q5".h......u..bQ.ld16~,/D.F...5\j.2... "....O.5.cG...u..<..(-[.T.z9W...3+.....J... .....v..G...Au[~q...kM%.03....~..~&PS.].`T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-GG8FJ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 66, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1946
          Entropy (8bit):7.835396596697952
          Encrypted:false
          SSDEEP:
          MD5:8188B3E896D8EC057F80A0355F550E7C
          SHA1:7FF41B8FCE858A48ABF2F53B052EFFC6B528809A
          SHA-256:AAA4708BCE500F576C0A8F769CF258330D21DDD2A4143BDA63F5258044CDEB11
          SHA-512:45F54C3522DFA998D20A7D8A955CEBDE5C07F8842EB2DDC54AFCEC5A9CD3E67948926B0C3EABC13A231E74C4F9CC23190F11A5EAFB7524AB85F57B2AB6D12925
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...B......`.....gAMA......a.....sRGB.........PLTE000..................GpL......................................y~.............iV/........................................................................................................U..... .a.....)tRNS................%0...5...6u...~X....n..A..7...7IDATX.....F......M|...r.]+ ..6.\...;u.......];*(....f....O2........xK.S..?~...".Gj4.i...e..?..........Y.CO...0.c..,T..xd=6.y^..&.;=..;B.........y. z.D!p....P.........*... .x4".CN.'.!^... .*...6H..xA...o...'..yhE......C^..2........r.j...]..b~...(.O...$.[..puw............. ...tI...9.c...-?.5cR.........p..Uoc.`...uABB..)qL8O.....V,v{...I^g...j....<=..v.X^.-f QB.so.(@.....!Z.y.ua....I.A..P.....$....HP_EA..e.2(r...yY....J..I.D4MD.....C.....@x..f.C...[w//L.L..b..,..#cR.g.)p...u8B../B..|g=Ym96L.F.....w......./.aH..%L+H&.{x..R.....Q..........1.<..$..b...$..}.....8..|+...3....... ..p.1y....D.{6.E.... .0.~..qL.$._.E..p+.R..=g.i...H.D..<..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-GHVBS.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 68, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1977
          Entropy (8bit):7.801345898620898
          Encrypted:false
          SSDEEP:
          MD5:5CCD0D58D7DBF5F3CB5187509F629C93
          SHA1:0472186B411F1731680CB8EE8967FB6DA46823BF
          SHA-256:28D8EEFFAF8A81C13B0A5694513EB0AE05FF1A4B982B22EC93A0D3723740C819
          SHA-512:75F5DFC892D44651A53FCB48C65B0B8DD121BA85838D64A4E5615FB9734184419ED612D9026DD45CA907F84C71315AE1CAC1F83206D318A12724A83BE084C11F
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...D............gAMA......a.....sRGB........SPLTEhhh..................GpL............................q.eT..z..z..............{........................~.......................n........m7.......................y..........................................................................................z................=.....7..q.....i.......L....W...........t.... .?.......o....8tRNS..........."+&1n67'c....w....9......X...r.m.C......~...d....IDATX...W.X.._...@-....n...$.l.QK[.3V[.j...........=.s........$...w..OAJd.|...tQ....u ..g..t.h.../.k.NC.)...e...0DDb_g........X.uNt6...8..(..}..AR...d2..).4D.%.s@<V...@J..}rse..G.K..Q.M..r...I]....5h....+)t...t..x1...z..%.^......r....K.B....S\..@.W.9..@..:&91..:0 .s..r.)..L.AR2......,.....".%.A ..=.-/..8...H..S..>S.)..!a.`;........$..TV".C-$-3..ux0....!..$E.q....Z..IKK....zp..@2>..r..Y$...._...).4..C6..F(!."AS.4?................!...]wR::..9....bT.{0..k$_>N;vt1.8.Psc.Q-$u...."n..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-II36B.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 68 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1131
          Entropy (8bit):7.7203310825525095
          Encrypted:false
          SSDEEP:
          MD5:D10981A9454AB06EFF597E7626A9DA83
          SHA1:343ADC3641D2EBE93125DF681E3AB61BDA0A5B0F
          SHA-256:DEF719251EEBE618E2B928EB91E6EC0E9F5EF69C1C44493F44738E3715869F90
          SHA-512:07C9D94D786E3B49F47F7262A892E315182C51CDB3C6A44C1EC2E163DD2D6D7F3A4E2CDDFDE77043E40518AF38EDCE11CD7661BE38CDB8A65F4087327A290FA5
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...D...@......\!.....gAMA......a.....sRGB........iPLTEGpL............................................................:?Bqvz...Z^a..............................{<......tRNS.7>0......(.G.!P....M/.Qg.%.O....yIDATX...r.0.E....!l.........b.v2/3...S-.U.....2.l........D$..cp..s~.....`~....D.I..#.b.b..04..B..|...v..y%..H.X...t>.%SR.(.g.!F.;.!.L....u...0.....@.hRo..H0..9....E...I.y}."I.X..i..f9a..I.(5q^\GRE6.OH .F.......8."..,.Btf....(..2.)........2.pq......]u_V...3..D....../.U...Zvlp..K.....3..C...w..,.*../.]9...G.3.%.~L.E...F...6..0...!......(0..&...P...!..........27......h.R..m.;..l.<...L..5...n.s..(..>L.@xE.U..j....6.WU....d^f..L.!2.......N!....).W..>>...A....4....5./.,.2.m(..=.v..LKc...:.-._....).o`.].>......kT.o;..g5r,...x...r.)q2....j._.t.......JZ...f.v....J.......7[Spr.c5.....*..QJ]....q....L...x.....J~.....O.]YC?..Z..]...k....iW..$..X.u.@"..{(|..!WHg5bL*....<#.9.[j........X..n......C.>..V..0..~...c~0(L....;h\.t.S.......2....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-LP0AO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1643
          Entropy (8bit):7.800591646034944
          Encrypted:false
          SSDEEP:
          MD5:8E0FFDD3A090F263E3B350B79018FF15
          SHA1:B970D21F43593B3214F27653429D67068A9C89DD
          SHA-256:C071C4621917EC58C67730F16D6F42A68972B9FED7F366836550796C11F1F4C1
          SHA-512:A8A40BA8291CD1A41FA9CB2F1FB7DA59E7422BEAA5CE742262ED05ADC8823F1D9BD6965B38864329A5813A42764562882A07F3CBD4663E5AD7C337460963687F
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTEGpL..................bbb.........................mE..z..o...aC........................................................z.............Vj.c....tRNS.............&...@v5.*k......o]Q....PIDATX...v.0..U. .8...j.....)!....s....;'..V...J)....O...B......+...R<..0\...}."+.Ouq..^...T.O0..J`..]..,.7UL...u.`..../.kS.bpv....hw....,r....9.`...a...`.OP>;|+.cSB.....z.n7..4.:.K.zi.}.+...;...H..u.e.F.Z=..r:.p6^.5.I.....PH>.^.<.....x}..o.{.IPc....]l.....Q.._8.?w&m......./....pn.<....Q.9.2.GA...o%.n..$NE".....(h.G_.....g..D.h....K.W....e.....Hei8.BQ.M.T...G9..C."..i...T.D.A.....Uy..a.C... m.Dj..;A.|D.!..I4....p...}+n-.....!A..:.[...bB..k.*:./p.1M.F=...$u{.E...R,).A1.@.zEU.*sz.~..w.M..2.........P..V..>..s......,.j8.OqZ.eDJ...ZE].7.Od.@P...,.(.w.RU.i...v.(\3t6.L..=...YQ...g. ....h.....YRj.]Q.i..CR:"g.S..M.e.e..j.:.........PQ.K.h...vh..z....`..H...S{.r.aM.<....`M....Nrx.D..>....A.io.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-QC7GN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 72, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1605
          Entropy (8bit):7.8135042985555145
          Encrypted:false
          SSDEEP:
          MD5:B7C7B31973E7FDCA1549AFD99F45FB06
          SHA1:AD5852749D4EDED56951C39890F576403D1A2D00
          SHA-256:FA0158D2D52FB081854654CFD816B1ABA890B1164B951E70075085416193756D
          SHA-512:1BE3E57A86DD5E88FC9B8A9EE9DA86E165ECBEBBB798B5A7383C71DD8B9FE03EC24676E4F8F8DFD9586FD9205A50F8787122C99B51E305A48556F816F13FF119
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...H.....b3Cu....gAMA......a.....sRGB.........PLTE333..................GpL.........""".................................|...........................................................3..d..e...........<....... v....tRNS.............!(..t..^..:.Z......%IDATX...z.8....2$....$$.2.........l...owE.@..G.,.V......R.........Et..|..<%Z........^?..A..K..(.?.2..u...H..a.o...p:..i.)r.aE....v{.^..Y .8>....W...Z0..!kR....1.h.,...Y"...^.,....j&.d..D.g..R.c.i..K....{.I...-'..>h...(v...91.w....@.W.D\..).....t.....$.\.T$.".."[fyY.a>..w.O7.s ..HYDV...R.'...9j.. ...U.H)H..D.....B....V.>)m..'.B6..V.....4.N.Q.X...*oib...,h..x.....0.." })..k......x.e....ej.....H...`..I../Mb(.....&..v.t...........4..jRfI]S....,.f.......b.....(.No..5!.!HF.,...1.E.D@5?s...$......)...Oq;......?.$..p.[nK...S....$.kT=.1.2.-.HY. ..w.8.y...s...6C2(...n6o......%E...,G>I.Y.W....^.L89.X.]..Y..&G...#y6.I._i......v.q$2....d.uNyM.]......3=..I...6.]......].n..|n...3i..G.q.4...t.z..R.%.%i.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-UBSH3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 66, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1885
          Entropy (8bit):7.854920759578032
          Encrypted:false
          SSDEEP:
          MD5:02F2758B2DDB93CD34E93899A6BBE15D
          SHA1:1A260AF88321E289C5434DA66250899CA49B161A
          SHA-256:9A552B246E2BC5ED938D034D3491BFBCC6D3C22B26BE02B0843ACB23A645B758
          SHA-512:8F68BD2DDFD5402E77D0FEA23D80F10ED30FC02CB494791A2B4575EB4B9CB63CC577F1FA0374C70B8D95EAFD047362EEA80F08195928C87E9F6E24E0E804834C
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...B......`.....gAMA......a.....sRGB.........PLTEGpL..................$$$..............................{........................|...d..............................................y..................................................................................m................=..7..L...............[........A.../......1tRNS............$+.3..b.....q.v>4.5R.i.............9.......IDATX..y[.X..e.`......L..!.$...RTT.......s...!:...f^$.'..|.Kr...!R.25.../(.\....cY..u...E..Ye.L`.b..%..** .....Df..y.T..R.q.".....S.,.2^M.!.)1$...T|....L(9T!W A..,.....x...L....p}}........f.Q....*1.x1?E..0o....Y...j....g......gg.:..9..;".^...8.(B=?4S..`...B.10....!=7[.C...fkSE..%..q...tq..b....iU1.%..L.e:.+.J $....l.q....|_....YK<dl.D..3....6|..r..S.....C..h.....v.M.N....M.ID..~??_!...iO.I{@..K;.1.P.`}<'.`e.[.GHuKYJ.hm...y....h...a...8K..8..........}+.]...Q\.-...i..H.&...._..%.0wF0tA`Zj....J.6+.< @}....2...j.._TL.%}z..I.+....c......nto;.....*......1

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\WeatherNotificationAsset\is-UH4K0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 72 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2024
          Entropy (8bit):7.8160441095086295
          Encrypted:false
          SSDEEP:
          MD5:6CF3E145EB2796119A1DCC89E2D622CA
          SHA1:84CC5C98BB3306090E2FC1C12E6F9D3B04B182E3
          SHA-256:9F5DC03EA0B20A2AD3CA631E5F3320E9AF92F0E007D7B32D1B70FB6B3F3D3BCD
          SHA-512:C11B0E1C821347FD489F0A2DF8DF674C69986D69E08E342D1693D7F2801990035BFEBA84DDD859F9F19F76F64F19B8DD3157F4D04B26417925D8C26102D83517
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...H...@......`......gAMA......a.....sRGB......../PLTE.....................GpL................................y}~..............s...........................g..........................z..........................................................................................................................[..A........~..........L..o......!.A......./tRNS.............".'...7..r<..bq...............(|.....IDATX...W.I....u`.b@.>..x.]...Z..D...I..........g.L..{...G....c..S....... .....^S.o<............LB.5e.?........e.h.. ...s.|.....P6..]...f'.t"-..)L.wA.'..L.i....%.f.(HfT... ..A.W.)Y...J.R$`..I.....L.y...._f..giu...].\]./m.J.*....L......7.w....F..dK.......93..e...BT5...|;1.. .Kq....5A..]^*d5)..$..10D.WD..g..OU...#i..E.f..9..gg....Jp..j.T..4...MLd....B..12.. .$.6...:.>.'t....4..nUC..1j..$....J.f..t6}M..M.dRDo..+..&...)G....9....4...4.A3VD.......!Ki.FF....8hjz... '-..........T.`4...{dt...........`.;..K...<D..@z..x.....\.O.8...<.J.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\is-A86S6.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
          Category:dropped
          Size (bytes):40678
          Entropy (8bit):1.6220947885016412
          Encrypted:false
          SSDEEP:
          MD5:F086726485BA441DB6861C1B40AFC02E
          SHA1:43A50500EE5A622A6F0FE5C945144CB0B993D1F1
          SHA-256:F241B4C5478FC577619639DCDB800DE9206B847CD28684146934063BBA415A45
          SHA-512:22682D1D2AD63BF46C0854ADF655D4076A989C2CBB6C1C7ABA221308FB23C9673C004CA20E2030AB37D2865048F61FED63376B1C56CE6325CA5269A7B97A3F1D
          Malicious:false
          Reputation:low
          Preview:ID3.......TXXX.......major_brand.dash.TXXX.......minor_version.0.TXXX.......compatible_brands.iso6mp41.TSSE.......Lavf59.6.100.............P.................................Info...........]............ #&'*,/247:<?ADGIKMPSUX[]`behjmnqtvy|~......................................................Lavc59.12............$.@.......].+.}..................Pd.....i....... .......... ..4....LAMEUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..RdV....i....... .......... ..4....UUUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..Rd.....i....... .......... ..4....UUUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..Rd.....i....... ..........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Resources\test_audio.mp3 (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
          Category:dropped
          Size (bytes):40678
          Entropy (8bit):1.6220947885016412
          Encrypted:false
          SSDEEP:
          MD5:F086726485BA441DB6861C1B40AFC02E
          SHA1:43A50500EE5A622A6F0FE5C945144CB0B993D1F1
          SHA-256:F241B4C5478FC577619639DCDB800DE9206B847CD28684146934063BBA415A45
          SHA-512:22682D1D2AD63BF46C0854ADF655D4076A989C2CBB6C1C7ABA221308FB23C9673C004CA20E2030AB37D2865048F61FED63376B1C56CE6325CA5269A7B97A3F1D
          Malicious:false
          Reputation:low
          Preview:ID3.......TXXX.......major_brand.dash.TXXX.......minor_version.0.TXXX.......compatible_brands.iso6mp41.TSSE.......Lavf59.6.100.............P.................................Info...........]............ #&'*,/247:<?ADGIKMPSUX[]`behjmnqtvy|~......................................................Lavc59.12............$.@.......].+.}..................Pd.....i....... .......... ..4....LAMEUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..RdV....i....... .......... ..4....UUUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..Rd.....i....... .......... ..4....UUUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..Rd.....i....... ..........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ServiceWire.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):92160
          Entropy (8bit):5.905187757671245
          Encrypted:false
          SSDEEP:
          MD5:99B3D7EFABD8F3AFE78405D3E9FF2D00
          SHA1:FF7742716BF3759ECAB5547520362E1694786696
          SHA-256:152558A74C510F529FFA5C9397FDFB37858961371BD23E89219236A14F4EA16A
          SHA-512:01392BE8B1C28AC135B15C700913879E1250A78092ADF32443CE77F4B95F942A4451E46123241F43BDC06C14488A7C2F636891FECF1C8FA3AB0BCCAA7F53A03F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e..........." ..0..\..........nX... ........... ....................................`..................................X..O...................................0W..T............................................ ............... ..H............text...tZ... ...\.................. ..`.rsrc................^..............@..@.reloc...............f..............@..B................MX......H.......\................................................................si...}.....sm...}.....(......%-.&s....}......%-.&s....}....*>..}......}....*:..o.....(....*....0..G.......s......s.......s.......o.......,..o......,..o......o........,..o......*..(...................(..........5;.......0..Q.......s......s.......s.......o.......,..o......,..o.......j.o....&.o........,..o......*....(...................(..........?E........(....*J......-..*..(...+*N.-..*..(`....(....*..0..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Buffers.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):20856
          Entropy (8bit):6.425485073687783
          Encrypted:false
          SSDEEP:
          MD5:ECDFE8EDE869D2CCC6BF99981EA96400
          SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
          SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
          SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Buffers.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
          Category:dropped
          Size (bytes):3481
          Entropy (8bit):4.808701688265429
          Encrypted:false
          SSDEEP:
          MD5:1C55860DD93297A6EA2FAD2974834C3A
          SHA1:7F4069341C6B62ECFC999A6C2D8A2D5FB59D44F6
          SHA-256:2EC7FB12E11F9831E40524427F6D88A3C9FFDD56CCFA81D373467B75B479A578
          SHA-512:37FA5D4553CA3165F10E2FFEF38FEFC0DBA4A2DBFA05AB9F09AB87B5F71F30E6D965D2F833F58B50B3BC2529EBE8FB5CC431C264F7B47AD026F5C5A874A6ADA1
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. <returns>A new instance of the <see cref="System.Buffers.ArrayPool`1"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ComponentModel.Annotations.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):43152
          Entropy (8bit):6.137234963318556
          Encrypted:false
          SSDEEP:
          MD5:7D3D14B0417A68CCDD9C51972FF74863
          SHA1:CEACBD53B6A02E1F7337A6B0058924E1E11949BB
          SHA-256:04113C8549185519F3202790CEB23DF609644872B9C249A56D2BCF59566102C4
          SHA-512:B2D133214F21D700E1AF0C248DCC11EF66EA6DA62043FF6D5E900FE2A1665D75583E4CD218526A146F2C62E22ADF4CA2FA3B8879AE0F5A2E515E2C3A5184CE9C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... .............................../....@..................................w..O....................j...>..........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r=..p.(....*2r}..p.(....*2r...p.(....*2r...p.(....*2r%..p.(....*2r]..p.(....*2r...p.(....*2r/..p.(....*2r...p.(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.EF6.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):203680
          Entropy (8bit):6.084130705592534
          Encrypted:false
          SSDEEP:
          MD5:C4F999C91E9F5040B16A137EA7D89E82
          SHA1:A29ABF6DB6301AA0827A24F361E84C8CEC548C45
          SHA-256:1813EF77CB5657DC01019445E126790D9BFBB5E310B0571F02D5D754DB7BFA31
          SHA-512:FB21C48A10AA2CDCDC04CA98A72498335EB66239141CF96334182EE4624671FA9467348820A721E2E47E47FED5408565E5E490AC7CC8AD23895F01D75A693F70
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.............r.... ........... .......................@............`................................. ...O........................I... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H........................W..p...h........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.Linq.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):203680
          Entropy (8bit):6.086621622251276
          Encrypted:false
          SSDEEP:
          MD5:59498A0F662DBC18D751A6AF9D0E7173
          SHA1:0F03D743971EE6FA939E386635DB7813A4D235B6
          SHA-256:9D55C1C6A194C61D0E7810F7E6260734C2E133796D3E4FB6532EEE58BD5045FC
          SHA-512:6C2DEB8EBD823644FF865879CDFD34E020598E7823CF120ADE33DAEF2314A886ECDAF52838B1954C01D5C614704E796635C7C5BBBC6FF3AFD384398DAF8C1BFC
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.................. ........... .......................@............`.....................................O........................I... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........|...........\W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Data.SQLite.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):402336
          Entropy (8bit):6.138265912892721
          Encrypted:false
          SSDEEP:
          MD5:147328DEF2E79A86D7335A661EECC051
          SHA1:98FF30131D77CF28807D50B97CC92CC8655E235C
          SHA-256:7442D48A24C1747CB17D80E95C4D7343DE16E14A252484ACE3BE3FAE55B1D641
          SHA-512:D26F6627F09CAB90AE545DF68F2DF006F0BEB988CFADB16F6AF56A454E854A9B9C10D2CE787052B80536F9D05B7286D57E42F361F54944E20DF99B3C1C49AEFB
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.................. ........... .......................@......Ez....`.....................................O.......p................I... ......|................................................ ............... ..H............text...D.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H........7...#...........[..P...........................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....r)..p.(........(;.....~<...(=...,z.....sj...}.......}.......}............{............%......(>....%...C....%...!....%...%.........%....%.........s....(....*vra..p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(V.....}.....*.................0..T........{..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Memory.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):142240
          Entropy (8bit):6.142019016866883
          Encrypted:false
          SSDEEP:
          MD5:F09441A1EE47FB3E6571A3A448E05BAF
          SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
          SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
          SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Memory.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):13950
          Entropy (8bit):4.749162715500682
          Encrypted:false
          SSDEEP:
          MD5:ADD19745A43B2515280CE24671863114
          SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
          SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
          SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Numerics.Vectors.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):115856
          Entropy (8bit):5.631610124521223
          Encrypted:false
          SSDEEP:
          MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
          SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
          SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
          SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Numerics.Vectors.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):183484
          Entropy (8bit):4.7848212109760935
          Encrypted:false
          SSDEEP:
          MD5:95DD29CA17B63843AD787D3BC9C8C933
          SHA1:1A937009A92B034EDB168CFAC0EC1C353BE8F58E
          SHA-256:AE2C3DE9AD57D7091D9F44DCDEE3F88ECCF2BA7CB43ADC9BB24769154A532DC7
          SHA-512:8E9397816D3435CCF79F1BF07B482473A7DD3B570BCE003639F2E9FA1C5FE31C4B9400B68F191A36251A59C0253EF9E09039FDD63BA2205D379B3C582E603499
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second element in th

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Runtime.CompilerServices.Unsafe.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):18024
          Entropy (8bit):6.343772893394079
          Encrypted:false
          SSDEEP:
          MD5:C610E828B54001574D86DD2ED730E392
          SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
          SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
          SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Runtime.CompilerServices.Unsafe.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):20529
          Entropy (8bit):4.731043104619016
          Encrypted:false
          SSDEEP:
          MD5:C782E92ABBFC0531226F735C6AC56498
          SHA1:2586FDBEB6D1E11D4CECD5B3E8387A18C7B4D350
          SHA-256:39C2D4A63A186D423E9C866F4D3E9A6ACBA0103398F20BAF8B92A38744894215
          SHA-512:A12B6807695C9C626DE9602ABC6DF72BCC5E869A29C7111E956034F321436E7C50EA36ED5EC5B6F93A639AE0F7AEA93953E91AE557BF423A749B036C7252A7B9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the of

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Encodings.Web.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):76904
          Entropy (8bit):6.044596523315333
          Encrypted:false
          SSDEEP:
          MD5:BA1AF3BBFF4D457B6D3F730234C3C701
          SHA1:1B75BC14DAA093502C7C5814852928E28AB6659A
          SHA-256:78EB5B4FEE580E163D1BEA1FDB7D371FDFCFD30ACD8708FF62C4372AAA219F7C
          SHA-512:51895C9B0EDE088B034C581AB4574A36F80E41F2B04186B3C066B6D72DA85680E00EA5E07DC9C89DB7D997C1AD3D9686ACCDC827859EAAB2918376C4C9E469B2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............v.... ... ....... .......................`............`.................................#...O.... ..................h$...@......8...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................W.......H........l..T...........0.................................................('...*..('...*..('...*^.('......7...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......8...%...}....*:.('.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0....................(+.....1...(+....Z.9.....(...+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Encodings.Web.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
          Category:dropped
          Size (bytes):62941
          Entropy (8bit):5.113786858273216
          Encrypted:false
          SSDEEP:
          MD5:ACC8AF8D28DC65488D1C49DEFD8EA153
          SHA1:1EECE92A2F2E40DE4AFB43F7A5CAEC9A3B384B87
          SHA-256:0772B7895A1FEA1D3BBEE2ED2F5200EF4F9EB38B22C3D00B5405325BE9D8A7CD
          SHA-512:452669AFF783AC248394838083695BD6CE45CB1B41FC512C7F3C7039D49D9E40C24F51A2255BAE3AC6F2E01388A54EC1F17092566CE808C70F3FC599ADA9734A
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Encodings.Web</name>.. </assembly>.. <members>.. <member name="T:System.Text.Encodings.Web.HtmlEncoder">.. <summary>Represents an HTML character encoding.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> class.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.Create(System.Text.Encodings.Web.TextEncoderSettings)">.. <summary>Creates a new instance of the HtmlEncoder class with the specified settings.</summary>.. <param name="settings">Settings that control how the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> instance encodes, primarily which characters to encode.</param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="settings" /> is <see langword="null" />.<

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Json.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):514176
          Entropy (8bit):5.979438933069324
          Encrypted:false
          SSDEEP:
          MD5:B838DE4983C0C091CB8FD239C1136957
          SHA1:14646C217887CF57E6F5262C56C2B9E07F90CA80
          SHA-256:5C485D25A8C044D814E4CF18A8124DFD665D49CBB18A2D1D0865D6DE893E7693
          SHA-512:9145F49E349DD1F09F8A24844511ED55099259A951038B1313D762CD5297032A6BB5B9C21866CAEB14CB4031C0E0C77CFBCA8A4DAD8B5EF0712EFA3B286283F2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.................................=...O........................(..........d...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................q.......H...........0?...........V...f...........................................(H...*..(H...*..(H...*^.(H..........%...}....*:.(H.....}....*:.(H.....}....*:.(H.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(I.....R...(I.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(J.... ...._.S...(J.....d.S*..0..&.........+....(K...G...Z.(......X....(L...2.*...0..............n.....(L.....1...(L....Z.......(...+.+...(L....Z........sN..............

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Text.Json.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):457799
          Entropy (8bit):4.895083548380783
          Encrypted:false
          SSDEEP:
          MD5:48DCE2A80E6612C98E895CCCFFDFDD06
          SHA1:6FC93E474AA32491BCB53A1A9DC1BC1C40B23F3A
          SHA-256:8499B6FFB77447FCB124DBFD0964E92267E14B3796A27FFC62A1B0FF04340575
          SHA-512:17FC851264162A29D3D36F6622A66DCD7CF435CDEE862DF86CDC0976357A126944775C538A5B8A25E9A385CE36C07EA73FE2BE5275EECF3C0F57044C063C2194
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Json</name>.. </assembly>.. <members>.. <member name="T:System.Text.Json.JsonCommentHandling">.. <summary>Defines how the <see cref="T:System.Text.Json.Utf8JsonReader" /> struct handles comments.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Allow">.. <summary>Allows comments within the JSON input and treats them as valid tokens. While reading, the caller can access the comment values.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Disallow">.. <summary>Doesn't allow comments within the JSON input. Comments are treated as invalid JSON if found, and a <see cref="T:System.Text.Json.JsonException" /> is thrown. This is the default value.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Skip">.. <summary>Allows comments within the JSON input and ignores them. The <see cref="T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Threading.Tasks.Extensions.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):25984
          Entropy (8bit):6.291520154015514
          Encrypted:false
          SSDEEP:
          MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
          SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
          SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
          SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Threading.Tasks.Extensions.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):10147
          Entropy (8bit):4.891178331598223
          Encrypted:false
          SSDEEP:
          MD5:C89E735FCF37E76E4C3D7903D2111C04
          SHA1:3C0F1F09C188D8C74B42041004ECE59BBD6F0F56
          SHA-256:975A9555F561B363C3E02FD533F6BF7083AA11BBC7CBF2B46C31DF3D3696B97B
          SHA-512:DEBDD8D0ED2FF6AD7B175ACFEB1681B1A68EEEDD6D717E20E6AC5E0D11C13A1219B4D60F9319939C63BF4B53456328531369F4A9FFF5B201475858310E385007
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Threading.Tasks.Extensions</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.ValueTaskAwaiter`1">.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult">.. <returns></returns>.. </member>.. <member name="P:System.Runtime.CompilerServices.ValueTaskAwaiter`1.IsCompleted">.. <returns></returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.OnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.UnsafeOnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="T:System.Threading.Tasks.ValueTask`1">.. <summary>Provides a value type that wraps a <see cref="Task{TResult}"></see> and

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ValueTuple.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):25232
          Entropy (8bit):6.672539084038871
          Encrypted:false
          SSDEEP:
          MD5:23EE4302E85013A1EB4324C414D561D5
          SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
          SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
          SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.ValueTuple.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):142
          Entropy (8bit):4.391770241438592
          Encrypted:false
          SSDEEP:
          MD5:B6E60687AE5DB6D011E21E6993620745
          SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
          SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
          SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\System.Windows.Interactivity.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):55904
          Entropy (8bit):6.299047178318044
          Encrypted:false
          SSDEEP:
          MD5:580244BC805220253A87196913EB3E5E
          SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
          SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
          SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Abstractions.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):68096
          Entropy (8bit):5.818996871954672
          Encrypted:false
          SSDEEP:
          MD5:1B066B3CB5D8CA243A8BBD13E11FA596
          SHA1:63F9D1C08E011D9ACA6BDC6839887D03D38944A8
          SHA-256:788F516054FA47046514FAB1BA81B712FB441814E9745FB46C09D29F6DE8A464
          SHA-512:A35A8881B928057C165BE32F637FFAFCE456C5A23EDED2D867847898C37A84FC0DB4F1892550EB11D86E89D55123520C0B34626321B756E2FEDE7974592A0B22
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ... ....... .......................`.......D....`.................................;...O.... .......................@......\...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................o.......H........m..$.............................................................o(...*..o)...*:.(*.....}....*..{....*"..(....*"..(....*.s.........*..(*...*..(*...*"..(....*"..(....*.s ........*.....(+.....%-.&r...ps,...z(-...o....(%.....('....((...*..{....*"..}....*..{....*"..}....*N....)...s/...(0...*v..($....(&...s.....O...o1...*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Abstractions.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):26744
          Entropy (8bit):5.577899180430984
          Encrypted:false
          SSDEEP:
          MD5:A4DA40C592D3C0A0E293224885A3444F
          SHA1:AE1549F5316A9155FD7EA87D93711531D4D8C96E
          SHA-256:987CB722C4B342D7021BF4AA997C886CD0A4D377684E93C1F3A8F29915630413
          SHA-512:481973FB1CA599220541C18412B6042DE274FFC214D5E245D16DF37F707CD3EA1E89CD39C98BE903143DDF2D4D0DC706AAEDB6362D527DFCDA76B0D2EA33F85E
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...x...#Pdb........./..#~...0......#Strings.....1......#US..1..p...#GUID....2..\6..#Blob....3.D.D9L...2].N.P......W...........a...t.......x...*...O...c...4...g...>.......G...Q.../...f...........&...........D...........................H...x.......X...S...........}.......................................=...M..........................................."...4...........................................F...X...+...=...:...L...7...I...................j...|...........g...y...........9...I...................................m.......+...?...........,...<............................ ... ..g!..{!..."..."..."..."..S#..g#..$$..8$...$...$..V%..j%...%...&..s&...&..V'..j'...(...(...(...(..Z)..n)..F*..Z*.................../.../..Q/..a/.../.../.../...0..70..K0...0...0...0...0...1..11..j1..|1...1...1...2...2...5..(5..d5..t5...5...5...5...5..*6..:6....................................................................................................4...E.......................,.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Container.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):148480
          Entropy (8bit):5.9723556565995475
          Encrypted:false
          SSDEEP:
          MD5:D618CBBBAB32121BB8F78ED1DE80189A
          SHA1:F52EFD7E2FBB87C57BE0F6A981A527A6A6E9B338
          SHA-256:033FFDF50A855FD3B42E8950A4707EDB2ED0820E37D2C9EE9456AF41D22AEB7E
          SHA-512:607074853BDD4E953906896686B873C0214EDEE889730EA47EA643173BA2CD9C44EE10006943952D2C60ED2F43414776B7AE38050CA62E0628723FBBD9306E31
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r............" ..0..:...........W... ...`....... ..............................^+....`..................................V..O....`...............................U..T............................................ ............... ..H............text...09... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................V......H...........lM..................TU.......................................*Z.({...t....o ...t....*..({...t.....t!...%-.&r...ps@...zo!...*Z.({...t....o$...t....*..({...t.....t!...%-.&rM..ps@...zo%...*Z.({...t....o"...t....*..({...t.....t!...%-.&r...ps@...zo#...*..(....*.0..y........({...t...........sA...}.....({...t....{.....({...t....oB....:...(C...(D...r...poE....|....:...(C...(D...r...poE....}...*..(....*n.-.rM..ps@...z.s....o7...&*r.-.rM..ps@...z.s....o7...&.*r.t....%-.&rM.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Unity.Container.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):51564
          Entropy (8bit):5.412082020948322
          Encrypted:false
          SSDEEP:
          MD5:AEBBA016111759F5A3A0CF7BDFDC704A
          SHA1:86F08D8FBB86A6B6F9D1B32498D155E7F2186C88
          SHA-256:E48615039CE42E73BD402271F38FE0DED7C075F36AED10AA0A3E452ED2AD4B36
          SHA-512:F0A100E370EA0024BFCECF51D92A2CF8B5DA01BE3A6FE23D49356146C9F5E70A7836E28E41F092868FA8FAEA45904FC14005349E43B0C585825A21406135280C
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb.........W..#~...X......#Strings....`^......#US.d^..p...#GUID....^...j..#Blob.......!.`C...~.!c3qz.....W.+................/...r...)...........4...........................4...............................e...L...G...............................U...r...S...k...........................r...............q.......E...S...7...E...........................\...j...(...8...:...J........ ... ... ..P!..`!..U"..e"...#...#...%...%..4&..D&...'...'...(...(...*..'*...,...,..O-.._-.......... /..0/...0...0..h2..z2...4...4...5...5..!7..37...8...8...8...8..99..K9...9...9..m:...:...;...;..R<..d<...<...<..E=..U=...=...=..&?..6?...?...?..c@..w@...@...@..sA...A...B...B...B...B...C..-C...C...C..;D..OD...D...D..#E..7E...E...E...E...F..hF..|F...F...F...G...G..IJ..aJ...J...J...K...K...T...T...V...V.._[..s[...a...a...a...a..*b..Bb...b...b...b...b..4c..Hc...c...c...c...c...d...d..hd..zd...d...d...e...e..Ne..`e...e...e...f...f...i..(i..Ti..hi...i...i...i...i...j..,j..cj..uj..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):117248
          Entropy (8bit):5.85283161712302
          Encrypted:false
          SSDEEP:
          MD5:6C5E9D5EEB09BE9AA48C4E828EC7BACF
          SHA1:0A0E2E37C044BA276F4DAED48E6318EA8FF9A1C6
          SHA-256:338A3AFCD78DCF09A0A0CFBEB26D88EDC8EA1B34EBC5D1B33BFEA35F3920BEE6
          SHA-512:5296DC437634A1112C660461D8E2D460712297AE15FE188F0DF0479BB16C4DFBD7F1FE2606CF6AFED241484EE9001C626183F03FBEAB344191E77C6199D551A8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3Y..........."...0.............v.... ...@....@.. ....................... ............`.................................#...O....@..............................T-..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................W.......H........!..h............................................................0..........(.....o.....(....(...+.r...p...o.....Yo....(.....(....o......r...p(....-..r'..p(....-!.rA..p(....-'*.r]..p(.....(....&*.r...p(.....(....&*.r...p(.....(....&*....0..U.......s.......(....r...p(....(.....r...ps....}...........s....(...+(...+%.......s ...o!...*....0.._........-..-..*.*.-..*.......%..\.o"...(...+($...........%..\.o"...(...+($......(%...,..*..(&...,..*.*..('...*..('...*6.{.....o(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.exe.config (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):1274
          Entropy (8bit):5.048527526942425
          Encrypted:false
          SSDEEP:
          MD5:37BB9A71E72F008F12D96168C93A7F14
          SHA1:7A81BA738BB6AED323BE5AD1477DC1E2774027ED
          SHA-256:F37286EDBFEF7F343690A1C2AD68C975E4E6A4579E027B4DB68AF36BF1862CD1
          SHA-512:FEF2122D8BDAAE7F4DDA6C10620EBE2657139013EC4CCFE98D85EFAA7575FE514E44D3A82175407E1A7BBC95BC52BEDBBDEF30F0234F088B44657CA97D49E3B9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="K4os.Hash.xxHash" publicKeyToken="32cd54395057cec3" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.0.7.0" newVersion="1.0.7.0" />.. </dependentAssembly>.. <dependentAssemb

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\VersionProxy.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*47 bytes
          Category:dropped
          Size (bytes):24064
          Entropy (8bit):2.3058729815309262
          Encrypted:false
          SSDEEP:
          MD5:9CF5F0B3583EC81499F857726E2A4A3A
          SHA1:A75B3C089FD86E720A62C7A5A1B447379A8AEF90
          SHA-256:829BA38A6FB053FC726EAB2F49C55A0DDE356742BF085FD311295F36F8872D37
          SHA-512:31299DFCF77D6F9B0593633036CE366C7B933933F8A18C5A8686582CA72BE3C4577F4E01BF681DD44118F308188CCE6D09A18A85B8905A8AC202C210E6C6E645
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS.........../...........-...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\Win32Library.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):47104
          Entropy (8bit):5.873490942953871
          Encrypted:false
          SSDEEP:
          MD5:628EF3FBAC2BEE679CD774A7E445FF19
          SHA1:EF12BF503A3B44BB1F8AE075086E7BF16A6A4965
          SHA-256:F8173EE0961BDDC6A56A3E94836AA239886E92B75B5D155313DFB198F48EAB6F
          SHA-512:E721C4C9D70A1EA1E21509C387FC653E39AB3026A34F0C489F1E9596F2D3FB83D3D345AD31783F140DCF4EA16F7A77BE70CB8A597775AF135AE5B58B47390721
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.q..........." ..0.................. ........... ....................... ............`.................................K...O...................................|...8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........D..l.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*&~.......*....0..X.........( ...-...(!...(".......o#.....5&..X.../(..( ...-..+...($......(%......,..(&...+......*.........!.5.....r...p('...*.0...........r/..p((...,.(.......o).....r=..p((...-6.rI..p((...-).rQ..p((...-".rY..p((...-..ra..p((...-.+.rI..p*rQ..p*rY..p*ra..p*rm..p.r...p(*...s+...z.0..=........,..(,...,.rb..p..-..s+...z.(,...-...o-....?

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\WpfAnimatedGif.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):42496
          Entropy (8bit):5.782944900930189
          Encrypted:false
          SSDEEP:
          MD5:47D729B6841F1E0E510BBC7D74454B73
          SHA1:BB7A519A2BF2DBFA8AEF238241D6DD5C62AEED77
          SHA-256:B4C69BE213BA3DD40E6BC819B7BFC13AB03D06D5F3EFA0E4643B1B55E5A529F9
          SHA-512:F5ECD0CCA56306273685C12CCB5AF8F540161E2CFFE3F639A2FA1F9DE29CFEBB2F6D8F8BA4AD43E02A721DA30DD8E3CC911E46E4237578E026A5BA8C059429AF
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ...............................F....@.................................J...O.......$...........................h...T............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B................~.......H........H..Hq...........................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...' )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*...0..2..........(....~.......o"...-.~.....s#...%.o$.....o%...&*...0..A..........(....~.......o"...,)..o&..., .o'...-.~.....o(

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\WpfAnimatedGif.pdb (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):16464
          Entropy (8bit):5.1752761490048576
          Encrypted:false
          SSDEEP:
          MD5:81B1ED5A70F7CD884555BD43EA2CEDBB
          SHA1:5B5038CC52A18DB1581AC9DC75A6A8612A310B0E
          SHA-256:AFA73A32B976FFE3926C21B06CF8CC25B72ECE16AEC7E546DCADC6596FD4932C
          SHA-512:F55E04663FFA9E65DD030743A98644F8145D4CA2B982CDC8C16315C8482E7E2FE5A83249EF835DBEF9931DB99F94F54FCBEA1B756AB5AEF961C7739C95CDBFDA
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...|...#Pdb............#~..........#Strings....`.......#US.d...P...#GUID........ ..#Blob.....{...A...E..q.^.......W...................s...........................................Q...................................................................*...}...".......=...D...............................7...o...x.......................(...U...^...........................F...O...........................I...R...........................{.....................................................%...7...I...V...r...z.......................#...*...1...8...?...F...W...u...................................................................$...,...9...A...N...V...c...k...x...................}...................R...............Y...z.......d...............6...W...................,...M..._...q...................................................S...........{.......................................................$...0.......]...d...k...r...y.......................................d.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\112.0.5615.49.manifest (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):226
          Entropy (8bit):4.933300084417082
          Encrypted:false
          SSDEEP:
          MD5:FFD21EC24483B86C638173D0214DD8FD
          SHA1:533E88F15BA15A5E3267D47BD4C259F6F2FC722C
          SHA-256:74AFB036E86DFAC77CE642D3CF619327D17CB402F1D43C847010C01C76317DE2
          SHA-512:0A07744E906D2986D214DD61BE164832E46F255D6985E3889F2CF0563F37A4108E918845E43D148A282940D60DE68D2348115B81199B8F4C991E1922FF776738
          Malicious:false
          Reputation:low
          Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='112.0.5615.49'.. version='112.0.5615.49'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\af.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):360735
          Entropy (8bit):5.375626358845348
          Encrypted:false
          SSDEEP:
          MD5:1E678514F81FC298A2C1687F6A455DD2
          SHA1:77F78ABF9479D945108245C276EA1B2B02F70529
          SHA-256:CC6F3DD5015A9836E1D273462A3B914A9921E4B2E9173DEEEEEEA932731B0FC2
          SHA-512:3053040ED28F7530BF81B44ED3C20CE050B16B030DF05EAB1A7AFC9BD4E0BF056E2EEE3A287736378ADDFA839CEEE310D77DCD74C703E6B6818EDF4B9E5F508F
          Malicious:false
          Reputation:low
          Preview:............e.(...h.1...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z....|....}...............................................".....#.....$.....).....V.....c.....r............................................).....S.....f.....h.....l..............................................................4.....C.....P.....T.....W....._.....i............................................................... .....0.....F.....R.....c.......................................!.....*.....6.....B.....Q.....Y.....^.....o......................................................................,.....1.....m...................................%.....,.....A.....E.....Q.....Y.....].....l.........................................'.....B.....G.....Q....._.....p.....y......... .....".....%.....(.....*.....+.....,. ...-.:.....^.../.m...0.z...1.....3.....4.....5.....6.#...7.4...8.I...9.X...<.k...=.w...>.....?.....@.....A.....C.....D.....E.&...F.@...G.k...H.{...I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\am.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):569449
          Entropy (8bit):5.047548033002916
          Encrypted:false
          SSDEEP:
          MD5:276131F1EB9A32C9F626764606883BAB
          SHA1:ABA73B61A6BF210E688801367A947355BA06A089
          SHA-256:0B67C53128AA7B1D16D67EDE3A663C872AD69B3568D33223D8606C5977F44F20
          SHA-512:3C25DF3FF3728D1455F758B77964424DEC561E2A51208B1549CABBE6D8CD74CFE841AC7475F899E2AF159F87E7CCAEE130F4136789B71DD48C5C0DF3090F8DE2
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.R...j.^...k.m...l.x...n.....o.....p.....r.....s.....t.....v....w....y....z....|....}...............................&.....-.....4.....;.....<.....=.....B.....n...........................!.....9.....c.....v.....~.................................:.....V.....b..................................-.....?.....c.....y..............................................*.....f................................................M.....\.....u.............................7...................................-.....3.....6.....h...............................................#.....,.....H.....O.....f.......................f.....s.......................?.....O.....l.....u.........................................k.............................5.....;.....C.....Y.....{............... .....".....%.....(.<...*.l...+.o...,.....-.........../.....0.....1.Z...3.v...4.....5.....6.H...7.p...8.....9.....;.....<.....=.....>.<...?.F...@.f...A.....C.....D.....E.!...F.Q...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ar.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):625627
          Entropy (8bit):5.031873649269564
          Encrypted:false
          SSDEEP:
          MD5:BA5FC18F022AA2FB4DF01DB3FE523268
          SHA1:29E5D163C81DEE6D66A5DE1D6CEA3AB7A8F7B775
          SHA-256:21D0834784E673B6C0526B372ABB12E28EF230D9F6B11F1F8F7BCECBD4D40BDD
          SHA-512:692235DE4CE8F0295D770CD208DB6966BC31821E867F1605212BB9FE0F24830C0B69E273C710609B268DA5AFC65AF506209781A79FAF81A4093DC8700BE0810C
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.....k.)...l.4...n.<...o.A...p.N...r.T...s.e...t.n...v.....w.....y.....z.....|.....}............................................................>.....W.....t.............................D.....R.....\....................................../.....9.....P.....c............................................9.....C.....T.....^.....h............................;.....f.......................................G.....W.....n.............................-.....}...............................................8.....W.....r...........................................................5.....=.......................V.....k.......................#.....@.....P.....X.....d.......................#.....B.....d.....u.........................................0.....>... .P...".m...%.....(.....*.>...+.A...,._...-.v........./.....0.....1.....3.+...4.R...5.y...6.....7.....8.2...9.K...;.f...<.....=.....>.....?.....@.....A.....C.....D.-...E.n...F.....G.....H.....I.,...J.c...K.}.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\bg.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):648669
          Entropy (8bit):4.804767558582706
          Encrypted:false
          SSDEEP:
          MD5:B4C77A9BE548D19FAAE155CDE2AA1B3F
          SHA1:270CFFF29C33993BAABAF2542E1FEA80D7707367
          SHA-256:F8B36B6003B19368B4C32CF90A2B42206EF2F9B9DC9C1B8C84026C46D8BF1087
          SHA-512:F1E57DFE3EDF0E5FA725C87BE3F4785183B1FD80CEF5F87C984318A340F8653CC381A4B7811B9AE910C0CAF88872AA183233455E71AE713A0C2E5C2A396D819E
          Malicious:false
          Reputation:low
          Preview:............e.:...h.C...i.K...j.W...k.f...l.q...n.y...o.~...p.....r.....s.....t.....v.....w....y....z....|....}.....................................&.....-.....4.....5.....6.....;.................................<.....Q..................................+.....-.....1.....Y........................................I.....s..................................$.....8.....B.....p......................J.....~.........................................J.....`.....z.......................5.....V.......................-.....C.....e.....w.....z.......................;.....l.....s.....v.....w...................................i.....s.......................;.....d.......................0.....O.....c.....w.......................1.............................M.....y..................................."... .6...".f...%.....(.....*.....+.....,.....-.h........./.....0.....1.'...3.G...4.....5.....6.1...7.U...8.....9.....;.....<.....=.....>.D...?.S...@.t...A.....C.....D.....E.G...F.....G.....H.'...I.P.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\bn.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):823568
          Entropy (8bit):4.421394153486522
          Encrypted:false
          SSDEEP:
          MD5:35B9FABFD24A72F675E6A3C7B52F9443
          SHA1:57D5CFB8C637B64D45EDE0460DE012571D26F626
          SHA-256:B733549B04780E968828F7DE06DC35CC82233BA8FACCC26D00E548FAC2A5F5EB
          SHA-512:761733BB1443ABE6E15E24D2CD147AC088F845DBA189886068F05F53D9628F122C70025B1D65C7B03877A9856CE4A8C9F91C366C3A7765C481C2913ADDE309F9
          Malicious:false
          Reputation:low
          Preview:............e.(...h.1...i.B...j.N...k.]...l.h...n.p...o.v...p.....r.....s.....t.....v.....w....y....z....|....}..........................................#.....*.....1.....2.....3.....8.....................B.....T..................................^...............................+.....]............................N............................@.....I.....L.....X.....g.......................Q.........................................A.....].................).............................!.................(.....T.........................................C.....g.................................................................V...................................".....>.....p.....y.............................S...........%.....D.......................W.....f................................. .....".]...%.....(.....*.)...,.,...-.c........./.....0.....1.Q...3.q...4.....5.....6.....7.....8.6...9.U...;.....<.....=.....>.....?.&...@.[...A.....C.$...D.D...E.....F.....G.:...H.p...I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ca.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):411650
          Entropy (8bit):5.356567176627367
          Encrypted:false
          SSDEEP:
          MD5:642D94154BB2783BB7089B8667630F60
          SHA1:4419727691E825AE78DF349E6CAE45609531984A
          SHA-256:043675A484981BD3CD4DF53A9464EF930F3DD5A10B00D9F438644BBA7B254D63
          SHA-512:F88E4D56EC42CF4EA96857C7B05BCAB4E481878CE8F3841FC66D4ED4026DE4981E8905D42EB09336B958C4156850B47E7AE047E3EAD7D5A15D432EF21BE304F3
          Malicious:false
          Reputation:low
          Preview:............e.*...h.3...i.;...j.G...k.V...l.a...n.i...o.n...p.{...r.....s.....t.....v.....w.....y....z....|....}...............................................$.....%.....&.....(.....Q.....k..............................................5.....[..............................................................,.....J.....Z.....].....y...............................................................4.....O.....c.....k.....r....................................................(.....F.....U.............................................................2.....G.....].....d.....g.....h.....q.....z...................................$.....f.....n.......................(.....8.....O.....T.....^.....i.....n...................................7.....H.....w............................................. .....".....%.,...(.H...*.e...+.h...,.....-.........../.....0.....1.,...3.<...4.[...5.x...6.....7.....8.....9.....;.....<.....=.....>.0...?.:...@.M...A.....C.....D.....E.....F.....G.B...H.g...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\cs.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):410257
          Entropy (8bit):5.803685977178117
          Encrypted:false
          SSDEEP:
          MD5:2E893C00A29409501E7AB9FEDF2FFFFE
          SHA1:E1D692A85ECE792F80272F379998627F67C796DA
          SHA-256:8917EE9C1C441E56EAFE8F7E95B7244BB5E5CEEFCEC6B76AE1507675DE5CE7ED
          SHA-512:AC63ECBD201AC1F6E15556081BC3182CC3F126F69A2C08FF0E2352974567DBF41201FD55825A774F1B8293A5D9BF70A44E946B528EF2A09FEB1E3A966DA2A3F3
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...r.U...s.f...t.o...v.....w.....y.....z.....|.....}..................................................................6.....F.....X.....j.....s.................................O.....y..............................................................C.....S.....Y.....t...............................................................'.....<.....T.....\.....c.....i.....y........................................!.....@.....K.....z...................................................................$.....+.........../.....<.....I.....P.....[.....g.......................;.....A...................................).....;.....H.....Q.....[.....q...................................*....._.....{....................................... .....".....%.....(.*...*.G...+.J...,.h...-.........../.....0.....1.....3.....4.0...5.Q...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.]...C.....D.....E.....F.....G.....H.%...I.8...J.\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\da.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):379802
          Entropy (8bit):5.420267481416249
          Encrypted:false
          SSDEEP:
          MD5:6D3E1592E524BD5E4B44230F9285B36A
          SHA1:93E585E78F03CF406BB760ACCEE26E20E11C8305
          SHA-256:B03F03602FA4B3137ED5612AFC8A54DCB01502356BEAA89572B4F3041F12C75E
          SHA-512:D2B0806B1DC3A71BE3187A18445C0DC71637E62258BC22F39876EFBAA15164A3423C19B8148120EF4682C6D38DAC74A782CC86AD9EF62E7502446F5469C4AB3F
          Malicious:false
          Reputation:low
          Preview:............e.H...h.Q...i.b...j.n...k.}...l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}...................&...........6.....=.....D.....K.....L.....M.....O.....x....................................................".....Q.....{.............................................................7.....H.....N....._.....m.....{.........................................................).....3.....;.....B.....F.....R.....a.....s.....{.......................................5.....Q.....Z.....f.....o.....{.....~..................................................................................@.....G...................................-.....R.....\.....k.....p.....z.....|.........................................".....3.....g.....~....................................... .....".....%.....(.....*.B...+.E...,.c...-.s........./.....0.....1.....3.....4.....5.!...6.S...7.d...8.w...9.....;.....<.....=.....>.....?.....@.....A.....C.&...D.0...E.S...F.w...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\de.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):410020
          Entropy (8bit):5.447503544872608
          Encrypted:false
          SSDEEP:
          MD5:93B789221A7C1FE5AD979FD0D8A0268E
          SHA1:DDE427AA43632A0D2D0C9035CBF95C43595E7DD1
          SHA-256:10BCD30939DDBBDBC45B1BA17B43C90B0998A49EAB9E543EB5CAFB13C3B881D3
          SHA-512:A8A80B74189D4E5FB7C247871CF3A178922E986DA667EB91D966444D3A1A464D31A05EF2789F0DABCB49293114EECC8C75FE301F905CB46CD446C0FE1C3D7EEB
          Malicious:false
          Reputation:low
          Preview:........s.8.e.....h.....i.....j....k....l....n....o....p.....r.....s.....t.....v.3...w.@...y.F...z.U...|.[...}.m.....u.....z..................................................................................".....b.....k....................................................).....>.....Q.....f.....p.....y.....................................................................6.....M.....f.........................................................3.....:.....O.......................................,.....:.....J.....Y.....l.....v.....y..................................................................$.....5.....|.............................Q.....g...........................................................$.....E.....l...............................................).....?.....H.....V... .Z...".g...%.....(.....*.....+.....,.....-.......%.../.;...0.C...1.h...3.v...4.....5.....6.....7.....8.-...9.;...;.K...<.U...=.c...>.z...?.....@.....A.....C.....D.....E.....F.7...G.a...H.|...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\el.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):707149
          Entropy (8bit):4.886649691100473
          Encrypted:false
          SSDEEP:
          MD5:E4969DEE878AECA3A73DB1C6C60D0FC1
          SHA1:40A68656E0562E9E5F069E8658AA3C7D03D006A9
          SHA-256:72AB077FF4CF6ED0EDFFC117D97AAAF1F583BFB2D80D55E59CC22BF401BC9B2E
          SHA-512:16D86DEB84DE54061C27891121042243C57FC1426072B7A736299838896EC5AD2E32B64FF4E778E5B545F62E3DE58F4BACE22FEAF895E9DCE4B563FD87D7E826
          Malicious:false
          Reputation:low
          Preview:............e.....h.7...i.?...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y....z....|....}................................................&.....'.....(.....*............................%.....e.................................;.....t.....v.....z...........................8.....M.....d......................6.....]..............................................I.................4.....Q.....Y.....`...................................1.............................0.............................+.....G.....W.....Z.....}.............................$.....'.....(.....D.....^.....p.................5.....=...........a.....q...........G.......................@.....Y.....m.............................8.............................z.............................@.....U.....c... .v...".....%.....(.&...*.k...+.n...,.....-.........../.(...0.O...1.....3.....4.=...5.{...6.....7.....8.Y...9.x...;.....<.....=.....>.(...?.9...@.Z...A.....C.....D.....E.N...F.....G.....H.<...I.l.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\en-GB.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):331458
          Entropy (8bit):5.46078324322181
          Encrypted:false
          SSDEEP:
          MD5:21992BD8FAD811D18229A475F0091DD9
          SHA1:AB86CA3D7AFD8A72367CC1D9A838B89F91976DFE
          SHA-256:98B0C1437D1C97F8CDE708308B63E7C53BFD9371B31104503372857B850E8B0F
          SHA-512:7F03D4B0E32CA6ABEF5B8CF882D5950935BC26DB78BE1A73283FB56096B2EC7B3230B1982710765220055D1AEF89C77F768906F2CF8DAB07C9F8EDED0759950C
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i....j....k....l....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...|.j...}.|...................................................................................................X.....a.....x.................................................$.....(.....3.....C.....J.....V.....q.....................................................................................1.....=.....E.....L.....Q.....Z.....e..................................................2.....S.....\.....e.....o.....}...............................................................................................>.....B.....o...........................................................&.....+...../.....?.....Z.....s...............................................#...........@.....H.....V... .Z...".c...%.....(.....*.....+.....,.....-.........../.....0. ...1.T...3.b...4.v...5.....6.....7.....8.....9.....;.....<.....=.....>.*...?.2...@.A...A.j...C.....D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\en-US.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):333898
          Entropy (8bit):5.453770724540848
          Encrypted:false
          SSDEEP:
          MD5:1046E9DAAAA4989B72E5A7C6BA42F7F1
          SHA1:18FB9B4C897EB0102C88DE18500E902E7D022306
          SHA-256:959150F8BDE93B60915702EBB93F1DBDD019A9E2A203172B787D74A92B993FFE
          SHA-512:E7EA151A34B04BB70363FD6B720E8BB1593D526A216FB1F58637E75E75E5BA2F852BD7640E1711F08B9D71043711B2931F1EC3951832482BF6BE31DD5434BAED
          Malicious:false
          Reputation:low
          Preview:........&...e.....h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................3.....@.....O....._.....f...................................... .....1.....3.....7....._.....o.....s.....~.....................................................................................-.....;.....T.....i.....|....................................................................).....@.....P.....~..................................................................,.....3.....6.....7.....>.....F.....N.....U.....Z.....e.........................................'.....2.....M.....S.....e.....i.....s.....x.....|.........................................(.....P.....e.....i.....p.....{..................... .....".....%.....(.....*.....+.....,.!...-.2.....V.../.d...0.m...1.....3.....4.....5.....6.....7.....8.0...9.=...;.N...<.V...=.a...>.v...?.~...@.....A.....C.....D.....E.....F.....G.&...H.9.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\es-419.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):400967
          Entropy (8bit):5.33908966102681
          Encrypted:false
          SSDEEP:
          MD5:5F05BB2E16AA1D2B080523AB8EE95A9C
          SHA1:A3F34B00C5543BD9BA73E16E83F6D94964703FC9
          SHA-256:A8E63322631913B20FAE4AC211CC1D8BD0224C525BF84B2C6DC332E40127D46F
          SHA-512:C2C89F20A6D4967D223F4706F0A207607FED2D8517168E8B3062F7A48072E92D9ED50B0ED3AE42C0A36CF696737743AEDF4BDAAB137DD93240D3DC7A370D5172
          Malicious:false
          Reputation:low
          Preview:............e.N...h.W...i.`...j.l...k.{...l.....n.....o.....p.....r.....s.....t.....v....w....y....z.....|.....}...................$.....,.....4.....;.....B.....I.....J.....K.....M.....s......................................... .....*.....2.....V..............................................................%.....F.....W.....\.....u.........................................................,.....P.....u........................................................,.....=.....J.....f.....r.............................................................A.....Y.....q.....x.....{.....|...............................................H...................................K.....Z.....t............................................... .....?.....a.....r................................................... .'...".;...%._...(.x...*.....+.....,.....-.........../.....0.&...1.\...3.p...4.....5.....6.....7.....8."...9.4...;.C...<.R...=.`...>.|...?.....@.....A.....C.....D.....E.#...F.M...G.z...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\es.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):401109
          Entropy (8bit):5.323944677515716
          Encrypted:false
          SSDEEP:
          MD5:B3C8636122A5C08ACD8650A8DFD9E7AD
          SHA1:1A9469AD88C622E25125F99EFBDC0F5B12B2DA0C
          SHA-256:69AF131577E9C69606B32BB42FF49C1B72413D9723FEF8F204D1C99D1CC8E579
          SHA-512:A3D682E0562290683721BF31E4815B378E8D6A3FABB5B51788AAF5B84163958543744A8ED8D61C426217E9462EFECA3AD18B96796442EAD9AA9237F5891B674F
          Malicious:false
          Reputation:low
          Preview:............e.J...h.S...i.[...j.g...k.v...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................'...../.....6.....=.....D.....E.....F.....H.....w.........................................(.....3.....;....._.........................................................!...........Q.....a.....f...............................................................8.....[..............................................................6.....G.....T.....m........................................................&.....9.....L.....d.....|.................................................................^.............................5.....i.....x.....................................................<.....[.....u.....................................................*... .6...".J...%.f...(.....*.....+.....,.....-.........../.....0."...1.W...3.k...4.....5.....6.....7.....8.....9.,...;.=...<.L...=.Z...>.v...?.....@.....A.....C.....D.....E.....F.I...G.w...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\et.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):365390
          Entropy (8bit):5.44498953062638
          Encrypted:false
          SSDEEP:
          MD5:6826245481412E9E7BF98A452528C225
          SHA1:A017AAAB28D26487502BC22FD9F5623B7893796F
          SHA-256:FA7A7EE221C8726511D67E2C1A88FF43BE73EEB4EF75CB72A082CAC0EDE1DBEC
          SHA-512:DBA7D0261A8E45287066EA3414B6CD46FBF956525D8B5BCA9C1724FA52016256F6D6833CDC0459AAAAC919721562063BDD3AB93E4489D25F678603847A1DF9E0
          Malicious:false
          Reputation:low
          Preview:............e.V...h._...i.p...j.|...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......'.....,.....4.....<.....D.....K.....R.....Y.....Z.....[.....].............................................8.....B.....X..................................................*.....9.....E.....P.....t.......................................................................*.....>.....S.....j.....r.....y.........................................................&.....4.....Z.....|..........................................................................!.....".....+.....5.....;.....C.....N...................................J.....b.....{...........................................................(.....M.....l.....}....................................................."... .,...".?...%.g...(.....*.....+.....,.....-.........../.$...0.1...1.Z...3.e...4.|...5.....6.....7.....8.....9.....;.*...<.7...=.@...>.S...?.[...@.j...A.....C.....D.....E.....F.'...G.E...H.]...I.s.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\fa.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):574450
          Entropy (8bit):5.175601049632429
          Encrypted:false
          SSDEEP:
          MD5:6CCEB5D387A502730694053EA0F9D740
          SHA1:E43D256E5DE6E7750933472915B1A4C7BCD24715
          SHA-256:0C31372197874DC727D48814C414ECBB8566BB57359D6CD4261BE55638FFAAA0
          SHA-512:C9034B04603DEFEE108019A973A8CB4B6718E702BA6A37CBC54D47A0C544BD7AF4E7E3C28B53640D57DC79F924645A0DC637282D87E9218F199556FE8B2D04B9
          Malicious:false
          Reputation:low
          Preview:..........(.e....h....i....j....k....l.....n.....o.....p.....r.....s./...t.8...v.M...w.Z...y.`...z.o...|.u...}.......................................................................*.....F.....p.......................................W....................................................7.....J.....w................................+.....1.....@.....F.....t............................U.....p.....x.............................................M.....d.............................9.....U.....d.....~...............................................0.....7.....:.....K.....\.....m.....{.............................~.................e.............................!.....).....<.....H.....T.............................5.....[.....l...................................<.....O.....]... .p...".....%.....(.....*.+...+.....,.L...-.p........./.....0.....1.....3.!...4.R...5.....6.....7.....8.U...9.n...;.~...<.....=.....>.....?.....@.....A.8...C.}...D.....E.....F.....G.<...H.b...I.v...J.....K...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\fi.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):369786
          Entropy (8bit):5.411040205020434
          Encrypted:false
          SSDEEP:
          MD5:848C9948ABF59133896FC2039A2EEC9C
          SHA1:8E3276CD8453133164798F126D19212717EB35BE
          SHA-256:44909D861478E09551A37EA8CA3D81997C2D6EB3C91E4F8DD5095E410075A704
          SHA-512:7060D41CFA786C7D0A015572E53C761D18A2BB9FBEAA325771D5AD8A26B9275BC0F1F958ECA768B6293330514A8C7BF4C394D39665AE18035F92AB5867E7DE50
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l."...n.*...o./...p.<...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}.......................................................................(.....9.....L.....R........................................4.....M.....O.....S.....{...............................................................!.....9.....=.....G.....M.....Q.....p.........................................................$.....1.....F.....L.....T....................................................+.....7.....H.....M.....P.....^.....p....................................................................$.....,.....t.............................2.....[.....j.....z.....................................................0.....G.....X................................................... .....".....%.$...(.A...*.a...+.d...,.....-.........../.....0.....1.$...3.2...4.N...5.h...6.....7.....8.....9.....;.....<.*...=.6...>.L...?.U...@.t...A.....C.....D.....E.....F.0...G.W...H.q...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\fil.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):414085
          Entropy (8bit):5.186625368112207
          Encrypted:false
          SSDEEP:
          MD5:1C80EA93527607FA9B191386F0753A09
          SHA1:0001E2586F87303DF162314B8024FEC6C37DBB67
          SHA-256:457031341B2B54FE158F9D2224D978F71F517008EC1A220C94A7AFA3B17E502A
          SHA-512:D0CD751CB1B6A521066783C01354AF8A82A5C12C49FBEC20FFB53A33C1473AA9D0D8BCB0B6F1B5C8D050C2C9F5BDDD97B31C610FAE37C4F0BB26CA43BB309298
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}....................................................................................D.....K.............................................2.....4.....8.....a.....t.....z...................................................+.....>.....F.....I.....O.....Y.....q.........................................................0.....>.....[.....f......................................:.....c.....s........................................................... .....'.....*.....+.....5.....?.....I.....T.....].....n.......................N.....V...............................................).....3.....9.....R.....x...................................M.....l.....s.....~........................... .....".....%.....(./...*.M...+.P...,.n...-.........../.....0.....1.....3.....4.+...5.L...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.1...A.f...C.....D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\fr.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):432568
          Entropy (8bit):5.348241694698998
          Encrypted:false
          SSDEEP:
          MD5:AA42FE509CAB8BEAABE96AEF7A3AD1B1
          SHA1:6037656E73928B66D2BD1DE555E8B07D739FD1BA
          SHA-256:0FF54E5333F563563706A6784A2F781D1BFBA37F5C06E2A4972313364AE3A9FE
          SHA-512:E281F549E5E5743A41ECF4D3CFC626820FAEB5C82E995048F3EB71B3B2120B94EE4390E0B50FD382611B1457942040758F199273EB4FEF5A32EDFDD327548CD4
          Malicious:false
          Reputation:low
          Preview:............e.,...h.5...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w....y....z....|....}.....................................!.....(...../.....0.....1.....3.....X.....h.....v.............................................?.....i.....x.....z.....~............................................1.....C.....E.....].....q..........................................................8.....J.....R.....Y....._.....m..............................................$.....8.....w.......................................................'.....>.....V.....].....`.....a.....i.....q.....z.............................(.....^.....e...................................&.....-.....7.....@.....D.....^.............................#.....4.....j............................................. .....".....%.#...(.6...*.R...+.U...,.s...-.........../.....0.....1.....3.1...4.O...5.o...6.....7.....8.....9.....;.....<.....=.-...>.U...?.`...@.r...A.....C.....D.....E.....F.2...G.c...H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\gu.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):807489
          Entropy (8bit):4.465357369229439
          Encrypted:false
          SSDEEP:
          MD5:FFE42592623725D9ED992326C10ED28F
          SHA1:76CE293CB14300480DDE5C41ADE99765A7392725
          SHA-256:932A8ABD894F52B0CDE2B0EB311F1F87349CEACE5DA0D9CE3668C3F66B24F3BA
          SHA-512:4C4DF73DD8680F4D95046BB6C1736A7D3DEB917F477B362A47C81FF53BD6F6D520D7A0DD4885D63ECA3909AC564E53B24056663AFC0BD1CC62CF21BDC14FA509
          Malicious:false
          Reputation:low
          Preview:............e.*...h.3...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v....w....y....z....|....}...............................!.....(...../.....6.....7.....8.....=......................).....>.....~...........................d................................1.....g............................5.....X.....k................................../.....?.....\.......................L.........................................".....~................. .....6.....h.................[.............................<.....O.....R.....r...............................................).....B.....a.....x...........!.....-...........A.....c...........8.....r.................*.....3.....T.....`.....l.................4.....................................................+.....M.....u......... .....".....%.....(.E...*.....+.....,.....-.........../.A...0.i...1.....3.....4.....5.K...6.....7.....8.<...9.d...;.....<.....=.....>.....?.....@.@...A.....C.....D.....E.1...F.q...G.....H.....I.3.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\he.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):509697
          Entropy (8bit):4.788508517234622
          Encrypted:false
          SSDEEP:
          MD5:6F3FF3F77DD97BBD3A43AFFEEE86BDCD
          SHA1:85092E20777658B07227AFCABAA940FEDB43E4C1
          SHA-256:5F2A690FA7C44EE3EB5A2197F16D845DE9C8E1A05728100C52ED504500691FDA
          SHA-512:BE4163711355CC1C316F2AFAC66EA8E6A9F55D44F0810F21E644A8E6150C31CC23B4A1B7A2A66F1D6FE9C37291A1DABEFB35FD732EB02BEF8060BB961B2DEAFE
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.&...k.5...l.@...n.H...o.M...p.Z...r.`...s.q...t.z...v.....w.....y.....z.....|.....}...................................................................W.....n..................................,.....4.....@.....b...................................................<.....U.....n.................................-.....1.....B.....J.....T............................!.....R.....g.....o.....v.......................................5.....H.....d...................................C....._.....z.............................................................................&.....1.....E...............................................+.....c.....v...............................................*.....^.....}...................................%.....6.....].....h.....v... .....".....%.....(.....*.....+.....,.3...-.D.....h.../.....0.....1.....3.....4.....5.:...6.~...7.....8.....9.....;.....<.....=.....>.....?./...@.H...A.....C.....D.....E.5...F.k...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\hi.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):852469
          Entropy (8bit):4.440679585907588
          Encrypted:false
          SSDEEP:
          MD5:B2606D81F9C4AA9FCE486722D4B27DFC
          SHA1:FD8F1BB799568D5964F7AF01BF556226BE7404B4
          SHA-256:07A0CDFA760F16F22716F9ED28C81ED60D670994BE0BD682F290C3A892C8DFEF
          SHA-512:79542BAE6870BD3D60B75DCBC8F89A67E5917B0D6896B3B448B4DB0CA6A1F9184BC86C4816C7D9800BE3DDE5AD1D97F3769D9ACD39A13D584511664316A39F69
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.............................................................................................J.....c......................$.....N........................................D.....f.....y.................A.....Q........................................0.....s.................0.....s...................................8.....X.......................].............................y.......................F.....o.........................................F.....M.....P.....R.....k.........................................O...................................W.....w...................................2.................n.......................<.....r....................................... .9...".Y...%.....(.....*. ...+.#...,.A...-.........../.....0.....1.....3.....4.....5.....6.q...7.....8.....9.0...;.p...<.....=.....>.....?.....@.....A.M...C.....D.....E.....F.&...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\hr.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):399541
          Entropy (8bit):5.502595149275442
          Encrypted:false
          SSDEEP:
          MD5:CAAACDD2FD56DE8845ECD5DC138048BE
          SHA1:4F55AC03A2B676F4D365E1D619D1C75584E85CFA
          SHA-256:0F614CD9DC059CD1B1136A389E5BC22F8EDA7B6842CE61B6A513B55575AEB42E
          SHA-512:C7CD9191F3CAB345DC571F869AC477729A60993D506EC8796764D4068D50AEFA8B3820A89EB4F101E8C61F39873B478084FD63B9CDAFC2F964DA4EDFD3C7E4A2
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v.....w.....y.....z.....|.....}./.....7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....m..............................................2.....F.....Z.........................................................."...........=....._.....n.....t.....................................................................&.....G.....a.....i.....p.....x..............................................!.....7.....E.....k.............................................................".....8.....?.....B.....C.....N.....Z....._.....g.....s.......................H.....P...................................,.....=.....H.....R.....X.....m............................. .....1.....c.....w....................................... .....".....%.....(./...*.N...+.Q...,.o...-.........../.....0.....1.....3.....4.'...5.E...6.....7.....8.....9.....;.....<.....=.....>.....?.....@./...A.{...C.....D.....E.....F.....G.....H.....I.'.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\hu.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):430933
          Entropy (8bit):5.6183114357518
          Encrypted:false
          SSDEEP:
          MD5:029211E3D88A58CD65A179C439563780
          SHA1:EB11143345D103096E620922A003C22C20F9DADC
          SHA-256:26F8DF91F76B029ABD977B9F46E9BAA1F6DCC73D9FBAB37FB78D8F20429C0119
          SHA-512:62317FE657576A05E7E6BF132FDADBFA49EFBD1A0C325FE536786A43875F802B31AB75ED1B61DB7B07EAFBC25D44622B202C27A1860012D63CAE08E807C5BDAC
          Malicious:false
          Reputation:low
          Preview:............e.....h.!...i.2...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z....|....}................................................................ ....._.....o..................................(.....5.....<.....k..........................................................5.....<.....j.....{......................................................%.....;.....q.................................................1.....;.....N.......................................".....1.....A.....O....._.....h.....k.................................................................).....3.....J.......................}.............................E.....R.....k.....s.........................................+.....J.....m.....~.........................................".....0... .=...".Z...%.....(.....*.....+.....,.....-.........../.>...0.H...1.....3.....4.....5.....6.....7.....8.>...9.U...;.s...<.{...=.....>.....?.....@.....A.....C.....D.....E.;...F.j...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\id.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):356904
          Entropy (8bit):5.349663258008683
          Encrypted:false
          SSDEEP:
          MD5:EEBB5208C4DBFC67AFC8C81CA6577153
          SHA1:D86AEF020F30E5F401E660692CE300CD3E475CBA
          SHA-256:73EB0F251E2E9C443CCEA71D77C278A8595456E4E9ACDFD25DFC949944F78354
          SHA-512:20353BDBAFD4C6A23C2A4855EB971694023B57385790CA5F5A6AA537C3518CB0E99F892AC906B2230C3D8F7C57C952B8FABECDDCED13E4140280C031A4FB1EB7
          Malicious:false
          Reputation:low
          Preview:............e. ...h.)...i.:...j.F...k.U...l.`...n.h...o.m...p.z...r.....s.....t.....v.....w.....y....z....|....}...............................................#.....$.....%.....'.....J.....X.....e.....u.....|.....................................1.....C.....E.....I.....q....................................................................".....&.....)...........3.....G.....V.....j.................................................................*.....].....r..............................................%.....;.....@.....C.....N....._.....n................................................................................D.....p.....t...........................................................!.....6.....R.....i.....................................................*.....E.....P.....^... .f...".x...%.....(.....*.....+.....,.....-.......&.../.5...0.9...1.m...3.....4.....5.....6.....7.....8.....9.....;.(...<.1...=.>...>.S...?.[...@.l...A.....C.....D.....E.....F.....G.....H.(.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-07PBB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):333898
          Entropy (8bit):5.453770724540848
          Encrypted:false
          SSDEEP:
          MD5:1046E9DAAAA4989B72E5A7C6BA42F7F1
          SHA1:18FB9B4C897EB0102C88DE18500E902E7D022306
          SHA-256:959150F8BDE93B60915702EBB93F1DBDD019A9E2A203172B787D74A92B993FFE
          SHA-512:E7EA151A34B04BB70363FD6B720E8BB1593D526A216FB1F58637E75E75E5BA2F852BD7640E1711F08B9D71043711B2931F1EC3951832482BF6BE31DD5434BAED
          Malicious:false
          Reputation:low
          Preview:........&...e.....h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................3.....@.....O....._.....f...................................... .....1.....3.....7....._.....o.....s.....~.....................................................................................-.....;.....T.....i.....|....................................................................).....@.....P.....~..................................................................,.....3.....6.....7.....>.....F.....N.....U.....Z.....e.........................................'.....2.....M.....S.....e.....i.....s.....x.....|.........................................(.....P.....e.....i.....p.....{..................... .....".....%.....(.....*.....+.....,.!...-.2.....V.../.d...0.m...1.....3.....4.....5.....6.....7.....8.0...9.=...;.N...<.V...=.a...>.v...?.~...@.....A.....C.....D.....E.....F.....G.&...H.9.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-1OC99.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):574450
          Entropy (8bit):5.175601049632429
          Encrypted:false
          SSDEEP:
          MD5:6CCEB5D387A502730694053EA0F9D740
          SHA1:E43D256E5DE6E7750933472915B1A4C7BCD24715
          SHA-256:0C31372197874DC727D48814C414ECBB8566BB57359D6CD4261BE55638FFAAA0
          SHA-512:C9034B04603DEFEE108019A973A8CB4B6718E702BA6A37CBC54D47A0C544BD7AF4E7E3C28B53640D57DC79F924645A0DC637282D87E9218F199556FE8B2D04B9
          Malicious:false
          Reputation:low
          Preview:..........(.e....h....i....j....k....l.....n.....o.....p.....r.....s./...t.8...v.M...w.Z...y.`...z.o...|.u...}.......................................................................*.....F.....p.......................................W....................................................7.....J.....w................................+.....1.....@.....F.....t............................U.....p.....x.............................................M.....d.............................9.....U.....d.....~...............................................0.....7.....:.....K.....\.....m.....{.............................~.................e.............................!.....).....<.....H.....T.............................5.....[.....l...................................<.....O.....]... .p...".....%.....(.....*.+...+.....,.L...-.p........./.....0.....1.....3.!...4.R...5.....6.....7.....8.U...9.n...;.~...<.....=.....>.....?.....@.....A.8...C.}...D.....E.....F.....G.<...H.b...I.v...J.....K...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-1OU17.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):823568
          Entropy (8bit):4.421394153486522
          Encrypted:false
          SSDEEP:
          MD5:35B9FABFD24A72F675E6A3C7B52F9443
          SHA1:57D5CFB8C637B64D45EDE0460DE012571D26F626
          SHA-256:B733549B04780E968828F7DE06DC35CC82233BA8FACCC26D00E548FAC2A5F5EB
          SHA-512:761733BB1443ABE6E15E24D2CD147AC088F845DBA189886068F05F53D9628F122C70025B1D65C7B03877A9856CE4A8C9F91C366C3A7765C481C2913ADDE309F9
          Malicious:false
          Reputation:low
          Preview:............e.(...h.1...i.B...j.N...k.]...l.h...n.p...o.v...p.....r.....s.....t.....v.....w....y....z....|....}..........................................#.....*.....1.....2.....3.....8.....................B.....T..................................^...............................+.....]............................N............................@.....I.....L.....X.....g.......................Q.........................................A.....].................).............................!.................(.....T.........................................C.....g.................................................................V...................................".....>.....p.....y.............................S...........%.....D.......................W.....f................................. .....".]...%.....(.....*.)...,.,...-.c........./.....0.....1.Q...3.q...4.....5.....6.....7.....8.6...9.U...;.....<.....=.....>.....?.&...@.[...A.....C.$...D.D...E.....F.....G.:...H.p...I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-2C5CB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):402872
          Entropy (8bit):5.467938560076162
          Encrypted:false
          SSDEEP:
          MD5:A7E0AF7CF48369548685EE6F15D1B162
          SHA1:24701D5EC6629473C9F8489B4A9B77E839377C90
          SHA-256:AA612E781C5055C9F4638CC5996D570F1867E789B8757FCBAAC52CA9405F16E9
          SHA-512:75196AC5F045F72993D76A670ED85E110C6F526FB2528D627B606D45C276DD3A06D48F4CC1F095A79ACD0596C54633F4B32B5B74B3CFA25593922046600E2F8D
          Malicious:false
          Reputation:low
          Preview:............e.....h.!...i.2...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z....|....}......................................................................G.....Y.....g.....w........................................J.....t.............................................................+.....8.....@.....V.....j.....}.........................................................3.....W....._.....f.....n.....~..............................................-.....@.....m...................................................................1.....8.....;.....<.....G.....O.....U.....].....h.......................A.....G............................. .....3.....8.....C.....O.....U.....h.........................................Q.....g.....n.....u........................... .....".....%.....(.....*.1...+.4...,.R...-.v........./.....0.....1.....3.....4.....5.2...6.l...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.h...C.....D.....E.....F.....G.....H.....I.-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-2OJG7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):645045
          Entropy (8bit):5.0078281328581875
          Encrypted:false
          SSDEEP:
          MD5:B91DF29BB623BC49F7D695BEC6A8DA33
          SHA1:E9CF5F1975363B20FBE52C248EDC038C179997FF
          SHA-256:528FA675B2E7A3FF543CF162652A0795ABDB6DD0A0826E2FFDB9426311DC9ABF
          SHA-512:A4A0B8850FD08187080F36EBF7838FC0634E4E726BF01686EEF2CC07041918B96E138286928733DC43A6F48E79C685D9BB7A77D8C04BD38720BB5D0EFB276B88
          Malicious:false
          Reputation:low
          Preview:..........".e....h....i....j.....k.....l.....n.....o.....p.*...r.0...s.A...t.J...v._...w.l...y.r...z.....|.....}...................................................................@.....].....v.............................+.....9.....`..................................=.....X.....j..................................9.....E.....q.............................................".....9.....r.................................&.....M.....m...................................(....._.....v...................................N.....\....._.....................................................-.....?.....Q.....d.....z............................. .......................s.........................................G.............................P.....a............................./....._.....p.....~... .....".....%.....(.&...*.s...+.v...,.....-.........../.*...0.<...1.....3.....4.....5.!...6.v...7.....8.....9.....;.....<.....=.....>.e...?.t...@.....A.....C.M...D.f...E.....F.....G.$...H.S...I.w.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-3VDCF.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):852469
          Entropy (8bit):4.440679585907588
          Encrypted:false
          SSDEEP:
          MD5:B2606D81F9C4AA9FCE486722D4B27DFC
          SHA1:FD8F1BB799568D5964F7AF01BF556226BE7404B4
          SHA-256:07A0CDFA760F16F22716F9ED28C81ED60D670994BE0BD682F290C3A892C8DFEF
          SHA-512:79542BAE6870BD3D60B75DCBC8F89A67E5917B0D6896B3B448B4DB0CA6A1F9184BC86C4816C7D9800BE3DDE5AD1D97F3769D9ACD39A13D584511664316A39F69
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.............................................................................................J.....c......................$.....N........................................D.....f.....y.................A.....Q........................................0.....s.................0.....s...................................8.....X.......................].............................y.......................F.....o.........................................F.....M.....P.....R.....k.........................................O...................................W.....w...................................2.................n.......................<.....r....................................... .9...".Y...%.....(.....*. ...+.#...,.A...-.........../.....0.....1.....3.....4.....5.....6.q...7.....8.....9.0...;.p...<.....=.....>.....?.....@.....A.M...C.....D.....E.....F.&...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-434T5.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):390683
          Entropy (8bit):5.592198994295706
          Encrypted:false
          SSDEEP:
          MD5:DBBEDA89B6B155C560F862A709D180FE
          SHA1:1F241CF4BB49F8B99CD0D37A54F95BCB02C5CCF1
          SHA-256:58AE2CA3CFE1DE78034F6C479C31DE268D37825ACA919204997BB4B9CA3BFE98
          SHA-512:9D654890491B7590E352CB78FB8E3CCC827F4D195FB52825FFF36F92A0703A10A3302E844F97C2575D5717D0A6C4C53634FDCB594FE3CCF869684B0B587EEF05
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v....w.....y.....z.....|.....}.-.....5.....:.....B.....J.....R.....Y.....`.....g.....h.....i.....k.................................4.....B.....`.....m...........................................'...........C.....V.....`.....y..................................................................+.....;.....`.....z...............................................................K.....[.....h.............................................#.....(.....+.....;.....K.....].....t............................................................................._...................................<.....J.....Z.....c.....m.....v.....}.............................(.....E.....V................................................... .....".....%.*...(.@...*.^...+.a...,.....-.........../.....0.....1.....3.....4.4...5.W...6.....7.....8.....9.....;.....<.....=.....>.$...?.-...@.;...A.g...C.....D.....E.....F.....G.....H.!.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-46FRH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):340166
          Entropy (8bit):6.746362730548477
          Encrypted:false
          SSDEEP:
          MD5:F6285E00C3F48B24CE87D043F3A0F863
          SHA1:38038C85551C8C7206626D8505652D3F18DA2937
          SHA-256:DE2989812210243AA3A13E8C4AE632D63031B5C99649EA8D484AE2AB7A60B90B
          SHA-512:CFBF4E7650FBFC1B273409001136E7311874D364CDD17F8863CFBFFDAE1779974EFFDD35BC78C7B89296B4FEA48D37AD338EE27FD21D9E334B487F148EE9ADC6
          Malicious:false
          Reputation:low
          Preview:........W.T.e.l...h.u...i.}...j.....k.....l.....m.....o.....p.....r.....s.....t....v....w....|....}.........................&.....5.....:.....B.....I.....P.....R.....W....................................................".....,.....V...................................................................I.....U.....[.....j.....|...............................................................3.....?.....G.....N.....Z.....f.....r............................................).....M.....k.....z................................................................................ .....).....2.....8.....B.....L.....y...........................<.....N.....`.......................................................................<.....N....._................................................... .....".....%.....(./...*.D...+.G...,.t...-.........../.....0.....1.....3.....4.!...5.B...6.x...7.....8.....9.....;.....<.....=.....>.....?.(...@.@...A.z...C.....D.....E.....F.....G.....H.-...I.@...J.X.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-5LP88.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):648669
          Entropy (8bit):4.804767558582706
          Encrypted:false
          SSDEEP:
          MD5:B4C77A9BE548D19FAAE155CDE2AA1B3F
          SHA1:270CFFF29C33993BAABAF2542E1FEA80D7707367
          SHA-256:F8B36B6003B19368B4C32CF90A2B42206EF2F9B9DC9C1B8C84026C46D8BF1087
          SHA-512:F1E57DFE3EDF0E5FA725C87BE3F4785183B1FD80CEF5F87C984318A340F8653CC381A4B7811B9AE910C0CAF88872AA183233455E71AE713A0C2E5C2A396D819E
          Malicious:false
          Reputation:low
          Preview:............e.:...h.C...i.K...j.W...k.f...l.q...n.y...o.~...p.....r.....s.....t.....v.....w....y....z....|....}.....................................&.....-.....4.....5.....6.....;.................................<.....Q..................................+.....-.....1.....Y........................................I.....s..................................$.....8.....B.....p......................J.....~.........................................J.....`.....z.......................5.....V.......................-.....C.....e.....w.....z.......................;.....l.....s.....v.....w...................................i.....s.......................;.....d.......................0.....O.....c.....w.......................1.............................M.....y..................................."... .6...".f...%.....(.....*.....+.....,.....-.h........./.....0.....1.'...3.G...4.....5.....6.1...7.U...8.....9.....;.....<.....=.....>.D...?.S...@.t...A.....C.....D.....E.G...F.....G.....H.'...I.P.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-61SMN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):430933
          Entropy (8bit):5.6183114357518
          Encrypted:false
          SSDEEP:
          MD5:029211E3D88A58CD65A179C439563780
          SHA1:EB11143345D103096E620922A003C22C20F9DADC
          SHA-256:26F8DF91F76B029ABD977B9F46E9BAA1F6DCC73D9FBAB37FB78D8F20429C0119
          SHA-512:62317FE657576A05E7E6BF132FDADBFA49EFBD1A0C325FE536786A43875F802B31AB75ED1B61DB7B07EAFBC25D44622B202C27A1860012D63CAE08E807C5BDAC
          Malicious:false
          Reputation:low
          Preview:............e.....h.!...i.2...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z....|....}................................................................ ....._.....o..................................(.....5.....<.....k..........................................................5.....<.....j.....{......................................................%.....;.....q.................................................1.....;.....N.......................................".....1.....A.....O....._.....h.....k.................................................................).....3.....J.......................}.............................E.....R.....k.....s.........................................+.....J.....m.....~.........................................".....0... .=...".Z...%.....(.....*.....+.....,.....-.........../.>...0.H...1.....3.....4.....5.....6.....7.....8.>...9.U...;.s...<.{...=.....>.....?.....@.....A.....C.....D.....E.;...F.j...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-6QJBD.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):369786
          Entropy (8bit):5.411040205020434
          Encrypted:false
          SSDEEP:
          MD5:848C9948ABF59133896FC2039A2EEC9C
          SHA1:8E3276CD8453133164798F126D19212717EB35BE
          SHA-256:44909D861478E09551A37EA8CA3D81997C2D6EB3C91E4F8DD5095E410075A704
          SHA-512:7060D41CFA786C7D0A015572E53C761D18A2BB9FBEAA325771D5AD8A26B9275BC0F1F958ECA768B6293330514A8C7BF4C394D39665AE18035F92AB5867E7DE50
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l."...n.*...o./...p.<...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}.......................................................................(.....9.....L.....R........................................4.....M.....O.....S.....{...............................................................!.....9.....=.....G.....M.....Q.....p.........................................................$.....1.....F.....L.....T....................................................+.....7.....H.....M.....P.....^.....p....................................................................$.....,.....t.............................2.....[.....j.....z.....................................................0.....G.....X................................................... .....".....%.$...(.A...*.a...+.d...,.....-.........../.....0.....1.$...3.2...4.N...5.h...6.....7.....8.....9.....;.....<.*...=.6...>.L...?.U...@.t...A.....C.....D.....E.....F.0...G.W...H.q...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-6RVLN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):918792
          Entropy (8bit):4.36609517586862
          Encrypted:false
          SSDEEP:
          MD5:4A60B734EB8154377FDC4FF96DAD1EE7
          SHA1:59D7C7F5FDB2CE9F579CC68731852A8A82AAB63D
          SHA-256:7470A094660DDF102B11A18300C126ABAC660E5881051C863977BB1F878A1AD9
          SHA-512:CB2350776A1212F6396AD9B5D8B1D4919DEC01ABE44770E95CADFD9986FF5DC501C294F4E4EC8FFF0D20192209FBD60DC628E883555DC357F169CD412EC5F6B5
          Malicious:false
          Reputation:low
          Preview:............e.^...h.g...i.x...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....h...........1.....h.......................%.....y.................#.....M............................+.....F.....................6.......................8.....i...................................d.................b.............................$.....F.....e.......................u.......................@...........".....>.....l...................................Q.........................................#.....G.....e.....x...........9.....H...........s...........&.....Q.....y.............................;.....M.....Y.................\.................R.....c...........6.....K.....i........................... .+...".q...%.....(.....*.i...+.l...,.....-.........../.....0.5...1.....3.....4.3...5.....6.....7.0...8.....9.....;.....<.....=.1...>.^...?.q...@.....A.1...C.....D.....E.....F.q...G.....H.-...I.q...J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-7754P.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):406890
          Entropy (8bit):5.439813986042303
          Encrypted:false
          SSDEEP:
          MD5:195C2D7837F4134F3B066DB7CA411425
          SHA1:F347E67E6A14B07AD5E5363867B6473D6BC9347E
          SHA-256:D40B2CB8C13782AB3296BAA7E59E2C571BE6CD03ED89A5A9BD2E1CC4FAA6AD11
          SHA-512:A5D37142083E9BE9DFBE801B88E9B8BABBACA5D7F0AD931A051E7DDD1E0975D1B6A058255930FB5D735E26DAF7F4903B6D95A95A065B5E17C1A417CF46C78682
          Malicious:false
          Reputation:low
          Preview:............e.4...h.=...i.N...j.X...k.g...l.r...n.z...o.....p.....r.....s.....t.....v.....w....y....z....|....}............................... .....'...........5.....6.....7.....9.....t................................................... .....A.....k.....}........................................................D.....W....._..................................................).....T.....t.............................................................I.....X.....f.............................................(.....0.....3.....D.....V.....i.................................................................3.....:.......................<.....Q.....g...................................................../.....F.....t...................................%.....0.....G.....e.....q......... .....".....%.....(.....*.....+.....,.....-.*.....N.../.e...0.v...1.....3.....4.....5.....6.0...7.E...8.\...9.l...;.....<.....=.....>.....?.....@.....A.....C.-...D.:...E.V...F.p...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-8B71D.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):880306
          Entropy (8bit):4.4340834386921
          Encrypted:false
          SSDEEP:
          MD5:094A23F7314CFFCBC568C6150A0F556A
          SHA1:D1AE13E481FC8B4D1EC01D991FA7E8D78EAB59F8
          SHA-256:70F52D1FA46DFB6F380EEA839E58D67C2CEB156DA0E4B570F16232D2556AF482
          SHA-512:53050D187CDF37C97E31157069068AA66DCBC046B6AF727B5083C5359CB11016FEF60F4C07B4B8E41C3F20829BEBBE10FF53F81DD9899C3F24861CD5CB752559
          Malicious:false
          Reputation:low
          Preview:............e.z...h.....i.....j.....k.....l....n....o....p....r....s.....t.....v.....w.....y.%...z.4...|.:...}.L.....T.....Y.....a.....i.....q.....x.........................................D.....x......................,.....p.................3.....]............................+.....G.....~................1.......................=.........................................q.................o...........>.....s.....{.............................P.....e.................4.....O.................V.......................".....K.....c.....f.............................D.....K.....N.....P.....u.............................#.......................M.....h.....0.....u...........6....._...................................;...........................................................8.....x..................... .....".(...%.....(.....*.4...+.7...,.U...-.........../.....0.%...1.....3.....4.$...5.x...6.....7.*...8.....9.....;.....<.....=.'...>.Z...?.m...@.....A.....C.K...D.p...E.....F.-...G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-8G7F4.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):625627
          Entropy (8bit):5.031873649269564
          Encrypted:false
          SSDEEP:
          MD5:BA5FC18F022AA2FB4DF01DB3FE523268
          SHA1:29E5D163C81DEE6D66A5DE1D6CEA3AB7A8F7B775
          SHA-256:21D0834784E673B6C0526B372ABB12E28EF230D9F6B11F1F8F7BCECBD4D40BDD
          SHA-512:692235DE4CE8F0295D770CD208DB6966BC31821E867F1605212BB9FE0F24830C0B69E273C710609B268DA5AFC65AF506209781A79FAF81A4093DC8700BE0810C
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.....k.)...l.4...n.<...o.A...p.N...r.T...s.e...t.n...v.....w.....y.....z.....|.....}............................................................>.....W.....t.............................D.....R.....\....................................../.....9.....P.....c............................................9.....C.....T.....^.....h............................;.....f.......................................G.....W.....n.............................-.....}...............................................8.....W.....r...........................................................5.....=.......................V.....k.......................#.....@.....P.....X.....d.......................#.....B.....d.....u.........................................0.....>... .P...".m...%.....(.....*.>...+.A...,._...-.v........./.....0.....1.....3.+...4.R...5.y...6.....7.....8.2...9.K...;.f...<.....=.....>.....?.....@.....A.....C.....D.-...E.n...F.....G.....H.....I.,...J.c...K.}.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-94HCJ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):356904
          Entropy (8bit):5.349663258008683
          Encrypted:false
          SSDEEP:
          MD5:EEBB5208C4DBFC67AFC8C81CA6577153
          SHA1:D86AEF020F30E5F401E660692CE300CD3E475CBA
          SHA-256:73EB0F251E2E9C443CCEA71D77C278A8595456E4E9ACDFD25DFC949944F78354
          SHA-512:20353BDBAFD4C6A23C2A4855EB971694023B57385790CA5F5A6AA537C3518CB0E99F892AC906B2230C3D8F7C57C952B8FABECDDCED13E4140280C031A4FB1EB7
          Malicious:false
          Reputation:low
          Preview:............e. ...h.)...i.:...j.F...k.U...l.`...n.h...o.m...p.z...r.....s.....t.....v.....w.....y....z....|....}...............................................#.....$.....%.....'.....J.....X.....e.....u.....|.....................................1.....C.....E.....I.....q....................................................................".....&.....)...........3.....G.....V.....j.................................................................*.....].....r..............................................%.....;.....@.....C.....N....._.....n................................................................................D.....p.....t...........................................................!.....6.....R.....i.....................................................*.....E.....P.....^... .f...".x...%.....(.....*.....+.....,.....-.......&.../.5...0.9...1.m...3.....4.....5.....6.....7.....8.....9.....;.(...<.1...=.>...>.S...?.[...@.l...A.....C.....D.....E.....F.....G.....H.(.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-ABOGG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):807489
          Entropy (8bit):4.465357369229439
          Encrypted:false
          SSDEEP:
          MD5:FFE42592623725D9ED992326C10ED28F
          SHA1:76CE293CB14300480DDE5C41ADE99765A7392725
          SHA-256:932A8ABD894F52B0CDE2B0EB311F1F87349CEACE5DA0D9CE3668C3F66B24F3BA
          SHA-512:4C4DF73DD8680F4D95046BB6C1736A7D3DEB917F477B362A47C81FF53BD6F6D520D7A0DD4885D63ECA3909AC564E53B24056663AFC0BD1CC62CF21BDC14FA509
          Malicious:false
          Reputation:low
          Preview:............e.*...h.3...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v....w....y....z....|....}...............................!.....(...../.....6.....7.....8.....=......................).....>.....~...........................d................................1.....g............................5.....X.....k................................../.....?.....\.......................L.........................................".....~................. .....6.....h.................[.............................<.....O.....R.....r...............................................).....B.....a.....x...........!.....-...........A.....c...........8.....r.................*.....3.....T.....`.....l.................4.....................................................+.....M.....u......... .....".....%.....(.E...*.....+.....,.....-.........../.A...0.i...1.....3.....4.....5.K...6.....7.....8.<...9.d...;.....<.....=.....>.....?.....@.@...A.....C.....D.....E.1...F.q...G.....H.....I.3.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-B2V3Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):399541
          Entropy (8bit):5.502595149275442
          Encrypted:false
          SSDEEP:
          MD5:CAAACDD2FD56DE8845ECD5DC138048BE
          SHA1:4F55AC03A2B676F4D365E1D619D1C75584E85CFA
          SHA-256:0F614CD9DC059CD1B1136A389E5BC22F8EDA7B6842CE61B6A513B55575AEB42E
          SHA-512:C7CD9191F3CAB345DC571F869AC477729A60993D506EC8796764D4068D50AEFA8B3820A89EB4F101E8C61F39873B478084FD63B9CDAFC2F964DA4EDFD3C7E4A2
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v.....w.....y.....z.....|.....}./.....7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....m..............................................2.....F.....Z.........................................................."...........=....._.....n.....t.....................................................................&.....G.....a.....i.....p.....x..............................................!.....7.....E.....k.............................................................".....8.....?.....B.....C.....N.....Z....._.....g.....s.......................H.....P...................................,.....=.....H.....R.....X.....m............................. .....1.....c.....w....................................... .....".....%.....(./...*.N...+.Q...,.o...-.........../.....0.....1.....3.....4.'...5.E...6.....7.....8.....9.....;.....<.....=.....>.....?.....@./...A.{...C.....D.....E.....F.....G.....H.....I.'.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-BBOQI.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):371596
          Entropy (8bit):5.253480749340823
          Encrypted:false
          SSDEEP:
          MD5:368EF927B9BA76F458F177F1A6A7E729
          SHA1:AE5B7FA23DFE1B3325DF496EC7E72F4626129127
          SHA-256:4AB32C0FA5850F7F8B778F925268D06BE9F0C3929B060CEC1AA6E04282DDE590
          SHA-512:2029D2151C660D73C20D1985A2B7BAD44217B237C4A0854074F88EADB795378B2C8C579D6AF4AAB1488B6015247173D5D8466A35BEAEC93849B2BCBD8598B4D7
          Malicious:false
          Reputation:low
          Preview:............e.F...h.O...i.W...j.c...k.r...l.}...n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....q.........................................!.....-.....;.....^..............................................................*.....F.....T.....[.....r....................................................................,.....:.....B.....I.....N.....Z.....h..................................................:.....W.....e.....n.....y........................................................................... .....+.....3.....9.....E.....r.....y.......................+.....<.....M.....o.....z.....................................................".....A.....U.....f................................................... .....".....%.0...(.I...*.c...+.f...,.....-.........../.....0.....1.....3.....4.9...5.L...6.....7.....8.....9.....;.....<.....=.....>.....?.!...@.6...A.^...C.y...D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-BQUB7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):959853
          Entropy (8bit):4.395797883613048
          Encrypted:false
          SSDEEP:
          MD5:510137C7CEA2FD958F0A163C96C766AA
          SHA1:52501530EE46AD9D8AD450E4143008D8454C5295
          SHA-256:F6FDF919FACF0E793C83D83EB4C6D8CF7BDAD7023F22C274FE9450D9E31E5273
          SHA-512:BDCB62DA7B9EEC2926030B289A0D7A02F825DDE66B0BF6F2959BF7C8566315EAD1D284649BBE663568BDD83C9698564E9F01622721634EE73F5F2B5491813F97
          Malicious:false
          Reputation:low
          Preview:............e.Z...h.c...i.t...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....d................O............................f.................T.....~..........................B.....i.....................3.......................U...................................*.....u.................j...........!.....O.....W.....^.....v.................,.....P................. .....D.................P.......................K.....n.............................S...............................................1.....M...........5.....S.......................Y.........................................9.....H.....W...........,...........".....A.................n.......................J.....u............... .....".....%.....(.....*.d...+.g...,.....-.........../.:...0.J...1.....3.....4.D...5.....6.>...7.....8.....9.D...;.....<.....=.....>.....?.....@.A...A.....C.....D.,...E.....F.....G.c...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-DGR7L.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):367607
          Entropy (8bit):5.501077454209048
          Encrypted:false
          SSDEEP:
          MD5:B6E1CDD1A155A5139EFEE589E334B0F1
          SHA1:31D9670D8BE4246ACB5721332925C06A265BE650
          SHA-256:0008317B8A3CBE481ABA4F6CEB8D9954D8E26C3AB4874DB536A5EAF47C5F5A54
          SHA-512:6283F63F43704EB6B1FFA3183B610540BCAFBE28CE769CBD993581222F340A3CCFD38F3B716A3D0D6AFC20BB5A02C89FA817FA9068D450513B8CEE3EE5B57222
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...r.j...s.{...t.....v.....w.....y.....z.....|.....}....................................................................;.....L.....^.....r.....z.....................................G.....[.....].....a..............................................................2.....D.....T.....X.....b.....i.....o........................................%.....-.....4.....:.....G.....Y.....p.....x............................................=.....E.....R.....].....h.....n.....q............................................................................3.....?.............................-.....=.....f.....q...........................................................1.....P.....a................................................... .....".....%.....(.8...*.X...+.[...,.y...-.........../.....0.....1.....3.....4.4...5.I...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.5...C.T...D.e...E.....F.....G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-DKJOB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):608035
          Entropy (8bit):4.909746400883508
          Encrypted:false
          SSDEEP:
          MD5:B8F9E1B4511ADAF2087B891795C99D06
          SHA1:DCBEC6A393872F36057E6F7D8A76F5ACEB0C5A4C
          SHA-256:0EFDA8E4F7181DB23772062D656833059725091BCBF3C0171C8CF3EDBFC75AF0
          SHA-512:DA66A2827997B27F1F0FC1599ED57837180B1276BE37205096CF09D6718FA9A7C904FD23AC3BAE259CE87CF25F46D8AA9655606C9EEEC0FFF2D3D38C7817FD2B
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v.....w.....y.....z.....|.....}./.....7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....m............................H............................"....._............................................./.....R.....i.................................$.....?.....I.....Y.....e.....q............................=.....n...............................................!.....D...................................M...............................................$.....E.....h.............................................................................?.................o.......................'.....S.....a.....m.............................2.....~.......................;.....g.....s................................. .....".-...%.h...(.....*.....+.....,.....-.......9.../.e...0.n...1.....3.....4.#...5.T...6.....7.....8.....9.G...;.Z...<.r...=.....>.....?.....@.....A.T...C.....D.....E.....F.....G.5...H.o...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-E73OS.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):393037
          Entropy (8bit):5.40415672111163
          Encrypted:false
          SSDEEP:
          MD5:5CB46C6DEB8162404219CFCA8E0D2E59
          SHA1:762B7E1943395472592AA0991E87B8F0005E553C
          SHA-256:2DF276E1BEB68B6B013FDB5634BC9A916E79D8228CE19E95D0EB9C359E907C68
          SHA-512:05552CB0D11C9CE191293FA6437EC389F0EE6C0BFCBB82EF6C03592F587439642B824B3FC766C4142C2C38502124A2B95108F1920157C52AB75E9F236C2C80B8
          Malicious:false
          Reputation:low
          Preview:............e.`...h.i...i.z...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....j.......................................&.....C.....O.....W........................................................&...../.....=.....`.....z.........................................................................=.....^.....q.....y..........................................................0.....=.....l..................................................................0.....7.....:.....;.....D.....M.....V.....].....m...................................].....r........................................................... .....4.....e.....................................................1.....<.....J... .N...".a...%.....(.....*.....+.....,.....-.........../.....0.$...1.R...3.e...4.....5.....6.....7.....8.....9.....;.)...<.3...=.?...>.T...?._...@.t...A.....C.....D.....E.....F.%...G.J...H.d...I.}...J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-EJ573.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):337993
          Entropy (8bit):6.754503390607848
          Encrypted:false
          SSDEEP:
          MD5:DC29DF7F31B87A0048F9F52B33856B06
          SHA1:61F28AAAD1C41CBDB056907D0D6F40AEF36BF272
          SHA-256:03B94FDE0397973E16AAFCD76A46B364B16FCED85DB63B488DF10F84B7B30AA2
          SHA-512:AAB13DA7644DBD7A71EB2330964291A3BC6D39F01CD9104B586018E29C862497377C648F89D5731EDBE8339F7BCDD55D53F6BA298F0BF326AB6D7A80B6664D56
          Malicious:false
          Reputation:low
          Preview:........@.k.e.>...h.G...i.X...j.\...k.k...l.v...n.~...o.....p.....r.....s.....t.....v.....w....y....z....|....}.....................................%.....,...........3.....k.....t.............................................".....L.....v..................................................................&.....,.....>.....J.....V.....\.....b.....h.....n.........................................................................0.....<.....H.....u................................................... .....2.....8.....;.....G.....Y.....k................................................................................I.....v.....|.............................................!.....'.....-.....?.....i...............................................#.....).....5.....I.....R.....`... .l...".~...%.....(.....*.....+.....,.....-.......>.../.V...0._...1.....3.....4.....5.....6.....7. ...8.2...9.>...;.P...<.`...=.p...>.....?.....@.....A.....C.....D.....E.(...F.F...G.m...H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-ETR4T.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):379802
          Entropy (8bit):5.420267481416249
          Encrypted:false
          SSDEEP:
          MD5:6D3E1592E524BD5E4B44230F9285B36A
          SHA1:93E585E78F03CF406BB760ACCEE26E20E11C8305
          SHA-256:B03F03602FA4B3137ED5612AFC8A54DCB01502356BEAA89572B4F3041F12C75E
          SHA-512:D2B0806B1DC3A71BE3187A18445C0DC71637E62258BC22F39876EFBAA15164A3423C19B8148120EF4682C6D38DAC74A782CC86AD9EF62E7502446F5469C4AB3F
          Malicious:false
          Reputation:low
          Preview:............e.H...h.Q...i.b...j.n...k.}...l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}...................&...........6.....=.....D.....K.....L.....M.....O.....x....................................................".....Q.....{.............................................................7.....H.....N....._.....m.....{.........................................................).....3.....;.....B.....F.....R.....a.....s.....{.......................................5.....Q.....Z.....f.....o.....{.....~..................................................................................@.....G...................................-.....R.....\.....k.....p.....z.....|.........................................".....3.....g.....~....................................... .....".....%.....(.....*.B...+.E...,.c...-.s........./.....0.....1.....3.....4.....5.!...6.S...7.d...8.w...9.....;.....<.....=.....>.....?.....@.....A.....C.&...D.0...E.S...F.w...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-F021I.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):432568
          Entropy (8bit):5.348241694698998
          Encrypted:false
          SSDEEP:
          MD5:AA42FE509CAB8BEAABE96AEF7A3AD1B1
          SHA1:6037656E73928B66D2BD1DE555E8B07D739FD1BA
          SHA-256:0FF54E5333F563563706A6784A2F781D1BFBA37F5C06E2A4972313364AE3A9FE
          SHA-512:E281F549E5E5743A41ECF4D3CFC626820FAEB5C82E995048F3EB71B3B2120B94EE4390E0B50FD382611B1457942040758F199273EB4FEF5A32EDFDD327548CD4
          Malicious:false
          Reputation:low
          Preview:............e.,...h.5...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w....y....z....|....}.....................................!.....(...../.....0.....1.....3.....X.....h.....v.............................................?.....i.....x.....z.....~............................................1.....C.....E.....].....q..........................................................8.....J.....R.....Y....._.....m..............................................$.....8.....w.......................................................'.....>.....V.....].....`.....a.....i.....q.....z.............................(.....^.....e...................................&.....-.....7.....@.....D.....^.............................#.....4.....j............................................. .....".....%.#...(.6...*.R...+.U...,.s...-.........../.....0.....1.....3.1...4.O...5.o...6.....7.....8.....9.....;.....<.....=.-...>.U...?.`...@.r...A.....C.....D.....E.....F.2...G.c...H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-GCI4L.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):458720
          Entropy (8bit):5.80096726690351
          Encrypted:false
          SSDEEP:
          MD5:F3C0B2967BAAA60AAA2B17BBAD508A52
          SHA1:A22212E28B5573D65EC52A8E582603DE4647E5D5
          SHA-256:4642BE19A5DFEE202D2DA41A4A8D1FAE99AF8007399AEDBC146F824ECEFAE0E8
          SHA-512:599626C6BA0AB7B08900823944E6F9A902C64EA22A9FEACE9F46CB4D4A10C2B52EA82F6ABE9EC988FB40627FA5CB8ABD7BEA8BCE0CDB7D67457C986D776718EB
          Malicious:false
          Reputation:low
          Preview:..........*.e.....h....i....j....k.....l.....n.....o.....p.#...r.)...s.:...t.C...v.X...w.e...y.k...z.z...|.....}.....................................................................................>.....K.......................................".....A.....C.....G.....o............................................).....-.....D.....U.....n.....r.....u.....y.....~..................................<.....L.....T.....[.....`.................................4.....E.....R.....r............................ ...........A.....G.....J.....[.....q.......................................................................5.....?...................................@.....u............................................... .....C.....}.........................................!.....7.....V.....a.....o... .{...".....%.....(.....*.....+.....,.*...-.F.....j.../.....0.....1.....3.....4.....5.....6.<...7.Y...8.....9.....;.....<.....=.....>.....?.....@.....A.8...C.e...D.~...E.....F.....G.....H.....I.).

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-HCQKU.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):331458
          Entropy (8bit):5.46078324322181
          Encrypted:false
          SSDEEP:
          MD5:21992BD8FAD811D18229A475F0091DD9
          SHA1:AB86CA3D7AFD8A72367CC1D9A838B89F91976DFE
          SHA-256:98B0C1437D1C97F8CDE708308B63E7C53BFD9371B31104503372857B850E8B0F
          SHA-512:7F03D4B0E32CA6ABEF5B8CF882D5950935BC26DB78BE1A73283FB56096B2EC7B3230B1982710765220055D1AEF89C77F768906F2CF8DAB07C9F8EDED0759950C
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i....j....k....l....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...|.j...}.|...................................................................................................X.....a.....x.................................................$.....(.....3.....C.....J.....V.....q.....................................................................................1.....=.....E.....L.....Q.....Z.....e..................................................2.....S.....\.....e.....o.....}...............................................................................................>.....B.....o...........................................................&.....+...../.....?.....Z.....s...............................................#...........@.....H.....V... .Z...".c...%.....(.....*.....+.....,.....-.........../.....0. ...1.T...3.b...4.v...5.....6.....7.....8.....9.....;.....<.....=.....>.*...?.2...@.A...A.j...C.....D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-HEPP0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):376779
          Entropy (8bit):5.33652480886364
          Encrypted:false
          SSDEEP:
          MD5:EF04FF1C62FDB5791EE5AD0671A9B776
          SHA1:C9410173E4BE3642D68D71ED1B04C9E4850327F3
          SHA-256:79EE81F67B4D81BCD2B87587CD935FBC93031FD8E1D5AB9101BACEBBBEC6F033
          SHA-512:8060CB21F30C4027C0E869BC2BD0509D6EDE402D5AC32952F00C0BF0260CABA312D1F9E0D039304D003AE6A2C90CDB14F2DCE5C3807C9A2EBD52358A23551E22
          Malicious:false
          Reputation:low
          Preview:............e.&...h./...i.@...j.L...k.[...l.f...n.n...o.s...p.....r.....s.....t.....v.....w....y....z....|....}..........................................".....).....*.....+.....-.....[.....g.....w.............................................(.....R.....d.....f.....j..................................................(.....-.....B.....W.....m.....q.....t.............................................+.....7.....?.....F.....L.....Z.....j............................................!.....H.....k.....~..............................................................".....%.....&.....3.....@.....J.....T.....e.......................).....0.....l.................................................................4.....Q.....t...........................................................6.....D... .H...".U...%.q...(.....*.....+.....,.....-.........../.....0.....1.U...3.a...4.|...5.....6.....7.....8.....9.....;.#...<.1...=.?...>.V...?.c...@.r...A.....C.....D.....E.....F.....G.A...H.W...I.h.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-HP4E4.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):401291
          Entropy (8bit):5.253852654772365
          Encrypted:false
          SSDEEP:
          MD5:46EDC6357BBDEF4FC20C7B503AEFEFCB
          SHA1:175B0BF410C5D9DC8D8B5F240CBB381CD56A10AB
          SHA-256:280947358816923117CC720768B2F00920DBFC51734E5592B8F0DA0B242744AF
          SHA-512:EDF6587E5D2E1EC5B809A692DCD8AE98EEA02F1FE6465CC08FA0C6B63C2F84CEF90DCF2D6BD582A82A8B1EB8559D52098BC17C84DA95B01F552DBAF79294C79C
          Malicious:false
          Reputation:low
          Preview:............e.T...h.]...i.n...j.z...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....[..............................................,.....4.....<.....a....................................................................;.....M.....Q.....k.........................................................".....G.....W....._.....f.....k.....u....................................................-.....W.....~...............................................................#.....*.....-...........<.....G.....Q.....W.....g.......................A.....G.................................................................1.....Q.....j...................................0.....5.....=.....T.....r.....~......... .....".....%.....(.....*.....+.....,.....-.#.....G.../._...0.d...1.....3.....4.....5.....6.N...7.^...8.q...9.....;.....<.....=.....>.....?.....@.....A.....C.Q...D.Z...E.....F.....G.....H.....I.....J.&.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-I34VK.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):401109
          Entropy (8bit):5.323944677515716
          Encrypted:false
          SSDEEP:
          MD5:B3C8636122A5C08ACD8650A8DFD9E7AD
          SHA1:1A9469AD88C622E25125F99EFBDC0F5B12B2DA0C
          SHA-256:69AF131577E9C69606B32BB42FF49C1B72413D9723FEF8F204D1C99D1CC8E579
          SHA-512:A3D682E0562290683721BF31E4815B378E8D6A3FABB5B51788AAF5B84163958543744A8ED8D61C426217E9462EFECA3AD18B96796442EAD9AA9237F5891B674F
          Malicious:false
          Reputation:low
          Preview:............e.J...h.S...i.[...j.g...k.v...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................'...../.....6.....=.....D.....E.....F.....H.....w.........................................(.....3.....;....._.........................................................!...........Q.....a.....f...............................................................8.....[..............................................................6.....G.....T.....m........................................................&.....9.....L.....d.....|.................................................................^.............................5.....i.....x.....................................................<.....[.....u.....................................................*... .6...".J...%.f...(.....*.....+.....,.....-.........../.....0."...1.W...3.k...4.....5.....6.....7.....8.....9.,...;.=...<.L...=.Z...>.v...?.....@.....A.....C.....D.....E.....F.I...G.w...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-J425J.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):416392
          Entropy (8bit):5.778044199549979
          Encrypted:false
          SSDEEP:
          MD5:67C7BE2807443BF02D8D3090DCBCA456
          SHA1:6116CB4B7301247A7844E6A6143E0FD389F78092
          SHA-256:B007B60A0E71E4614F907112BA10FDC49BE5BE81747565EE12BEFD0671E5E3BF
          SHA-512:DAB1F3F294EFE816D11FCEEBEFB4DCC998C004B46DF03C1E5EBD561F329A0036A97F0475A85A34B0BF1E85DB86337934923917E51C9FB374D769D223A71AF5D1
          Malicious:false
          Reputation:low
          Preview:............e.J...h.S...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...............................................*.....9.....N.....}...................................................'.....2.....G.....y............................................................#.....5.....Q.....i..............................................................C.....W.....c...............................................................1.....?.....P.....`.....s.....z.....}.....~.........................................h.......................-.....M...........................................................8.....h.........................................$.....2.....L.....V.....d... .n...".....%.....(.....*.....+.....,.....-.......8.../.Q...0.[...1.....3.....4.....5.....6.....7.)...8.@...9.X...;.i...<.u...=.....>.....?.....@.....A.....C.....D.$...E.D...F.k...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-J7VEM.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):400967
          Entropy (8bit):5.33908966102681
          Encrypted:false
          SSDEEP:
          MD5:5F05BB2E16AA1D2B080523AB8EE95A9C
          SHA1:A3F34B00C5543BD9BA73E16E83F6D94964703FC9
          SHA-256:A8E63322631913B20FAE4AC211CC1D8BD0224C525BF84B2C6DC332E40127D46F
          SHA-512:C2C89F20A6D4967D223F4706F0A207607FED2D8517168E8B3062F7A48072E92D9ED50B0ED3AE42C0A36CF696737743AEDF4BDAAB137DD93240D3DC7A370D5172
          Malicious:false
          Reputation:low
          Preview:............e.N...h.W...i.`...j.l...k.{...l.....n.....o.....p.....r.....s.....t.....v....w....y....z.....|.....}...................$.....,.....4.....;.....B.....I.....J.....K.....M.....s......................................... .....*.....2.....V..............................................................%.....F.....W.....\.....u.........................................................,.....P.....u........................................................,.....=.....J.....f.....r.............................................................A.....Y.....q.....x.....{.....|...............................................H...................................K.....Z.....t............................................... .....?.....a.....r................................................... .'...".;...%._...(.x...*.....+.....,.....-.........../.....0.&...1.\...3.p...4.....5.....6.....7.....8."...9.4...;.C...<.R...=.`...>.|...?.....@.....A.....C.....D.....E.#...F.M...G.z...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-JI6K4.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):569449
          Entropy (8bit):5.047548033002916
          Encrypted:false
          SSDEEP:
          MD5:276131F1EB9A32C9F626764606883BAB
          SHA1:ABA73B61A6BF210E688801367A947355BA06A089
          SHA-256:0B67C53128AA7B1D16D67EDE3A663C872AD69B3568D33223D8606C5977F44F20
          SHA-512:3C25DF3FF3728D1455F758B77964424DEC561E2A51208B1549CABBE6D8CD74CFE841AC7475F899E2AF159F87E7CCAEE130F4136789B71DD48C5C0DF3090F8DE2
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.R...j.^...k.m...l.x...n.....o.....p.....r.....s.....t.....v....w....y....z....|....}...............................&.....-.....4.....;.....<.....=.....B.....n...........................!.....9.....c.....v.....~.................................:.....V.....b..................................-.....?.....c.....y..............................................*.....f................................................M.....\.....u.............................7...................................-.....3.....6.....h...............................................#.....,.....H.....O.....f.......................f.....s.......................?.....O.....l.....u.........................................k.............................5.....;.....C.....Y.....{............... .....".....%.....(.<...*.l...+.o...,.....-.........../.....0.....1.Z...3.v...4.....5.....6.H...7.p...8.....9.....;.....<.....=.....>.<...?.F...@.f...A.....C.....D.....E.!...F.Q...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-KKU6F.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):509697
          Entropy (8bit):4.788508517234622
          Encrypted:false
          SSDEEP:
          MD5:6F3FF3F77DD97BBD3A43AFFEEE86BDCD
          SHA1:85092E20777658B07227AFCABAA940FEDB43E4C1
          SHA-256:5F2A690FA7C44EE3EB5A2197F16D845DE9C8E1A05728100C52ED504500691FDA
          SHA-512:BE4163711355CC1C316F2AFAC66EA8E6A9F55D44F0810F21E644A8E6150C31CC23B4A1B7A2A66F1D6FE9C37291A1DABEFB35FD732EB02BEF8060BB961B2DEAFE
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.&...k.5...l.@...n.H...o.M...p.Z...r.`...s.q...t.z...v.....w.....y.....z.....|.....}...................................................................W.....n..................................,.....4.....@.....b...................................................<.....U.....n.................................-.....1.....B.....J.....T............................!.....R.....g.....o.....v.......................................5.....H.....d...................................C....._.....z.............................................................................&.....1.....E...............................................+.....c.....v...............................................*.....^.....}...................................%.....6.....].....h.....v... .....".....%.....(.....*.....+.....,.3...-.D.....h.../.....0.....1.....3.....4.....5.:...6.~...7.....8.....9.....;.....<.....=.....>.....?./...@.H...A.....C.....D.....E.5...F.k...G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-L6JNH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):410020
          Entropy (8bit):5.447503544872608
          Encrypted:false
          SSDEEP:
          MD5:93B789221A7C1FE5AD979FD0D8A0268E
          SHA1:DDE427AA43632A0D2D0C9035CBF95C43595E7DD1
          SHA-256:10BCD30939DDBBDBC45B1BA17B43C90B0998A49EAB9E543EB5CAFB13C3B881D3
          SHA-512:A8A80B74189D4E5FB7C247871CF3A178922E986DA667EB91D966444D3A1A464D31A05EF2789F0DABCB49293114EECC8C75FE301F905CB46CD446C0FE1C3D7EEB
          Malicious:false
          Reputation:low
          Preview:........s.8.e.....h.....i.....j....k....l....n....o....p.....r.....s.....t.....v.3...w.@...y.F...z.U...|.[...}.m.....u.....z..................................................................................".....b.....k....................................................).....>.....Q.....f.....p.....y.....................................................................6.....M.....f.........................................................3.....:.....O.......................................,.....:.....J.....Y.....l.....v.....y..................................................................$.....5.....|.............................Q.....g...........................................................$.....E.....l...............................................).....?.....H.....V... .Z...".g...%.....(.....*.....+.....,.....-.......%.../.;...0.C...1.h...3.v...4.....5.....6.....7.....8.-...9.;...;.K...<.U...=.c...>.z...?.....@.....A.....C.....D.....E.....F.7...G.a...H.|...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-MCPES.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):643874
          Entropy (8bit):4.975651045999998
          Encrypted:false
          SSDEEP:
          MD5:ACAD82CC054651D668DEACD3648BD15D
          SHA1:4B2DDB23AFAF9CCEFBF86D6015F83E48ACE0E47F
          SHA-256:1C60EF7A61802F6C99FA090F844C15B6851ED8A80915DA9E17931DE3320FA9BE
          SHA-512:BCB28DB0BDF5214A76C82F497C2BE7C81A076A540EE557C78F7C1DA87B3B62525412EEF3023E31877188E242AA04B8BC8E9865DEE4BCFF54100F8817BF4955AB
          Malicious:false
          Reputation:low
          Preview:........7.t.e.,...h.5...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w....y....z....|....}.....................................!.....(...../.....0.....1.....3.................................4.....Z..................................'.....).....-.....U.....l.....x.................................0.....<.....f.....{..............................................X....................................../.....I.....m.....}............................>....._.............................-.....;.....>....._.....~.....................................................(.....=.....U.................f.................~.......................(.....[.....z...................................P.............................k.........................................!... ./...".N...%.....(.....*.....+.....,.9...-.V.....z.../.....0.....1.....3.1...4.d...5.....6.....7./...8.]...9.z...;.....<.....=.....>.....?.....@.#...A.....C.....D.....E.'...F.d...G.....H.....I.....J.J...K.[.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-MMBLH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):365390
          Entropy (8bit):5.44498953062638
          Encrypted:false
          SSDEEP:
          MD5:6826245481412E9E7BF98A452528C225
          SHA1:A017AAAB28D26487502BC22FD9F5623B7893796F
          SHA-256:FA7A7EE221C8726511D67E2C1A88FF43BE73EEB4EF75CB72A082CAC0EDE1DBEC
          SHA-512:DBA7D0261A8E45287066EA3414B6CD46FBF956525D8B5BCA9C1724FA52016256F6D6833CDC0459AAAAC919721562063BDD3AB93E4489D25F678603847A1DF9E0
          Malicious:false
          Reputation:low
          Preview:............e.V...h._...i.p...j.|...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......'.....,.....4.....<.....D.....K.....R.....Y.....Z.....[.....].............................................8.....B.....X..................................................*.....9.....E.....P.....t.......................................................................*.....>.....S.....j.....r.....y.........................................................&.....4.....Z.....|..........................................................................!.....".....+.....5.....;.....C.....N...................................J.....b.....{...........................................................(.....M.....l.....}....................................................."... .,...".?...%.g...(.....*.....+.....,.....-.........../.$...0.1...1.Z...3.e...4.|...5.....6.....7.....8.....9.....;.*...<.7...=.@...>.S...?.[...@.j...A.....C.....D.....E.....F.'...G.E...H.]...I.s.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-NGNTQ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):396690
          Entropy (8bit):5.379575909508647
          Encrypted:false
          SSDEEP:
          MD5:2D1B268095A609CCE823C4127751F401
          SHA1:C8BC16AF0B5D9E992FC4559B9634C5B57F40BE94
          SHA-256:583E2F7B23B48EEC21C7018175181F5D7B9E42F4E5FBA8E834C0FBEEE84C15EB
          SHA-512:EAFB20E0A1E33C6904AF94E69092AF1C887406F35F229C1E7B64221A0FB795B1E08A70551371F7B8087E4A8151E8557EBBD2BABA997FAB24AA3DAE5F5343C68B
          Malicious:false
          Reputation:low
          Preview:............e.j...h.s...i.....j.....k.....l.....n.....o.....p....r....s....t....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....t.................................$.....-.....J.....V.....^................................................................,.....:.....^.....q.....{....................................................................>.....`.....p.....x................................................................3.....B.....o.............................................................$.....;.....B.....E.....F.....O.....X.....a.....h.....y.......................5.....=.....y...........................................................+.....L.....c...................................(...........6.....B.....`.....h.....v... .z...".....%.....(.....*.....+.....,.....-.......8.../.S...0.^...1.....3.....4.....5.....6./...7.C...8.Y...9.h...;.|...<.....=.....>.....?.....@.....A.....C.7...D.G...E.q...F.....G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-NLSHO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):569830
          Entropy (8bit):5.289692143986535
          Encrypted:false
          SSDEEP:
          MD5:461ADF3A70A931ECF328DED0FD18100D
          SHA1:FAE0D50A06BA322FB96E5101BE9787F6FBC7AB57
          SHA-256:EAADC87C2AFD6234C417A052FC021A7E19BD9AE9FC4B63AF267000A9143680AE
          SHA-512:E7B5520292827339DD13BD96B43D09BC69C535679061DA3B55DBB52E8B3693B654C38570BA6DF3264F3C7E4C41B3407B18849D98EF3684819D059C12F1A259BF
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.O...j.[...k.j...l.u...n.}...o.....p.....r.....s.....t.....v....w....y....z....|....}...............................#.....*.....1.....8.....9.....:.....?.................................Q.....b..................................1.....4.....8.....`.......................................O.....u....................................................G.....r............................R.....Z.....a.....u...................................\.....o.......................4.....d.....s.....................................................6.....T.....[.....^....._.....r.............................-.....7.................#.........................................#.....1.....E.....K.....o.................>.....]...................................%.....>.....l.....}......... .....".....%.....(.....*.2...+.5...,.S...-.u........./.....0.....1."...3.<...4.i...5.....6.....7.#...8.^...9.w...;.....<.....=.....>.....?.....@.....A.(...C.b...D.t...E.....F.....G.....H.G...I.b.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-P0P91.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):410257
          Entropy (8bit):5.803685977178117
          Encrypted:false
          SSDEEP:
          MD5:2E893C00A29409501E7AB9FEDF2FFFFE
          SHA1:E1D692A85ECE792F80272F379998627F67C796DA
          SHA-256:8917EE9C1C441E56EAFE8F7E95B7244BB5E5CEEFCEC6B76AE1507675DE5CE7ED
          SHA-512:AC63ECBD201AC1F6E15556081BC3182CC3F126F69A2C08FF0E2352974567DBF41201FD55825A774F1B8293A5D9BF70A44E946B528EF2A09FEB1E3A966DA2A3F3
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...r.U...s.f...t.o...v.....w.....y.....z.....|.....}..................................................................6.....F.....X.....j.....s.................................O.....y..............................................................C.....S.....Y.....t...............................................................'.....<.....T.....\.....c.....i.....y........................................!.....@.....K.....z...................................................................$.....+.........../.....<.....I.....P.....[.....g.......................;.....A...................................).....;.....H.....Q.....[.....q...................................*....._.....{....................................... .....".....%.....(.*...*.G...+.J...,.h...-.........../.....0.....1.....3.....4.0...5.Q...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.]...C.....D.....E.....F.....G.....H.%...I.8...J.\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-PJ6KD.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):384706
          Entropy (8bit):5.329761994798793
          Encrypted:false
          SSDEEP:
          MD5:516C78FF4F576848C86F188C0B8CF1D1
          SHA1:F9BDAF6640AE803CE79A506CA9953F728C51CD37
          SHA-256:1617582396674404F159E538A827A1B80721F1A74A66B7E482C241D1CC1CE598
          SHA-512:0A9AD87F15632E5E0D7F65BBF846468EEF5E1266D4C457D1BA983592D9C06D7E44DB8FE17D06F24382CE97360D0F9FAEF49AA5537E369B025C97D6D54A7620BF
          Malicious:false
          Reputation:low
          Preview:............e.F...h.O...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................&...........5.....<.....C.....D.....E.....J.....n....................................................&.....K.....u..............................................................:.....E.....O.....d.....x.........................................................%.....I.....W....._.....f.....p.....}........................................$.....C.....X........................................................!.....4.....H.....^.....e.....h.....i.....v.....}...............................................;.....@.....y...........................................................%.....B.....`...............................................'.....B.....b.....m.....{... .....".....%.....(.....*.....+.....,.....-.......R.../.g...0.j...1.....3.....4.....5.....6.'...7.>...8.Z...9.d...;.s...<.....=.....>.....?.....@.....A.....C.....D.#...E.;...F.T...G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-PQGCU.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):415799
          Entropy (8bit):5.7209592390734345
          Encrypted:false
          SSDEEP:
          MD5:AED8F2DE694D0B6DBF07622F9969DEDC
          SHA1:61D25F8C4E0F6081B9E09FE83C8829024E6709A7
          SHA-256:B4DBBF6E1D169A88325F8B928D871EF66516838E6EEFC1A5AA6DF465CA66C74A
          SHA-512:8D37BC2918D0FCA918377394A2261F9F59999A60272FA5470AE49751EA31E01400CF614F434DCC58515CB1D6FC7565504707B56583275D1B58A76BE790E2604A
          Malicious:false
          Reputation:low
          Preview:............e.P...h.Y...i.j...j.t...k.....l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}.............$.....,.....4.....<.....C.....J.....Q.....R.....S.....U...............................................+.....7.....?.....g........................................................%.....1.....Q.....`.....f.....z...............................................................#.....?.....Q.....Y.....`.....f.....r..............................................%.....2.....X..........................................................................!.....$.....%.....0.....<.....F.....M.....^.......................>.....C...................................0.....?.....K.....U.....Z.....o...................................+.....e.....|....................................... .....".....%.....(.*...*.J...+.M...,.k...-.........../.....0.....1.....3.....4.6...5.T...6.....7.....8.....9.....;.....<.....=.....>.....?.....@."...A.f...C.....D.....E.....F.....G.....H.....I.-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-QN2OT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):707149
          Entropy (8bit):4.886649691100473
          Encrypted:false
          SSDEEP:
          MD5:E4969DEE878AECA3A73DB1C6C60D0FC1
          SHA1:40A68656E0562E9E5F069E8658AA3C7D03D006A9
          SHA-256:72AB077FF4CF6ED0EDFFC117D97AAAF1F583BFB2D80D55E59CC22BF401BC9B2E
          SHA-512:16D86DEB84DE54061C27891121042243C57FC1426072B7A736299838896EC5AD2E32B64FF4E778E5B545F62E3DE58F4BACE22FEAF895E9DCE4B563FD87D7E826
          Malicious:false
          Reputation:low
          Preview:............e.....h.7...i.?...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y....z....|....}................................................&.....'.....(.....*............................%.....e.................................;.....t.....v.....z...........................8.....M.....d......................6.....]..............................................I.................4.....Q.....Y.....`...................................1.............................0.............................+.....G.....W.....Z.....}.............................$.....'.....(.....D.....^.....p.................5.....=...........a.....q...........G.......................@.....Y.....m.............................8.............................z.............................@.....U.....c... .v...".....%.....(.&...*.k...+.n...,.....-.........../.(...0.O...1.....3.....4.=...5.{...6.....7.....8.Y...9.x...;.....<.....=.....>.(...?.9...@.Z...A.....C.....D.....E.N...F.....G.....H.<...I.l.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-R16UH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):405046
          Entropy (8bit):6.1762309945451905
          Encrypted:false
          SSDEEP:
          MD5:4625BDF275276EBE2A78FED4A8443D63
          SHA1:9B8709DBA93EC32B137248A1A74F20897238F5BC
          SHA-256:7CDB1F7EA1863C72D8744A14215D9425BA573C62F08280656522959309093EA1
          SHA-512:EF4F7EB66B18E1B595C67B2B054491385BB5CEE3D9FAEAF6C1CF7E7F3115C17423C5D93A6610FBECD7C59425F8E223280CD72D64AB62D5927ACB702FB3C108D6
          Malicious:false
          Reputation:low
          Preview:............e....h.....i.....j.....k.....l.&...m.....o.4...p.;...r.A...s.R...t.[...y.p...z.....|.....}...................................................................$.....0.....@.....S.....\................................ .....J.....Z.....\.....`........................................................ .....6.....I.....\.....b.....e.....k.....q........................................4.....<.....C.....L.....Y.....p........................................6.....S...............................................................*.....C.....Y.....`.....c.....l.....u.....{............................h.................J.....].....p...........................................................+.....W.....v...............................................&.....3.....A... .D...".N...%.u...(.....*.....+.....,.....-.&.....J.../.g...0.s...1.....3.....4.....5.....6.F...7.\...8.s...9.....;.....<.....=.....>.....?.....@.....A.$...C.?...D.O...E.p...F.....G.....H.....I.....J.....K.....L.".

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-S57H2.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):791265
          Entropy (8bit):4.440435509307849
          Encrypted:false
          SSDEEP:
          MD5:8656668829520556DB8B52ED2DA25D61
          SHA1:F5D4926C384C2B136BF968CD1BA56001A7F8CCC9
          SHA-256:5CCF85DBDE51446372DB734DF8C152770D0E32E99F5850DD3E103853D0082DF3
          SHA-512:D1B6733B463AF4F153B943ED3C41683DBF2DEAE9EDA421A3B4319B54490C0520A27F7DAEB7024DA52CB15E8A039CF32551B4DDFB79D5BC5E0D4C66CB252CBC80
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}...............................................................................................B.....^.............................D........................................J.....|......................2.....N............................................@.....x.......................z.........................................C.....R.............................j.................V.....l................................... .....<.....[.....|.....................................................-.................y...................................o...............................................d...........!.....@.....o.............................M.....p..................... .....".....%.k...(.....*.....+.....,.....-.B.....f.../.....0.....1.%...3.<...4.y...5.....6.....7.L...8.....9.....;.....<.!...=.>...>.j...?.}...@.....A.....C.G...D.]...E.....F.....G.1...H.g...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-S5II7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):414085
          Entropy (8bit):5.186625368112207
          Encrypted:false
          SSDEEP:
          MD5:1C80EA93527607FA9B191386F0753A09
          SHA1:0001E2586F87303DF162314B8024FEC6C37DBB67
          SHA-256:457031341B2B54FE158F9D2224D978F71F517008EC1A220C94A7AFA3B17E502A
          SHA-512:D0CD751CB1B6A521066783C01354AF8A82A5C12C49FBEC20FFB53A33C1473AA9D0D8BCB0B6F1B5C8D050C2C9F5BDDD97B31C610FAE37C4F0BB26CA43BB309298
          Malicious:false
          Reputation:low
          Preview:............e....h....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}....................................................................................D.....K.............................................2.....4.....8.....a.....t.....z...................................................+.....>.....F.....I.....O.....Y.....q.........................................................0.....>.....[.....f......................................:.....c.....s........................................................... .....'.....*.....+.....5.....?.....I.....T.....].....n.......................N.....V...............................................).....3.....9.....R.....x...................................M.....l.....s.....~........................... .....".....%.....(./...*.M...+.P...,.n...-.........../.....0.....1.....3.....4.+...5.L...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.1...A.f...C.....D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-SGKS0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):745318
          Entropy (8bit):4.501807684413448
          Encrypted:false
          SSDEEP:
          MD5:B8C729A0A8F89E51D5B37C0EF99AFAF0
          SHA1:4C01FC811416D251F928EB95533149D55885C78C
          SHA-256:9577950C3C3E0EF8AA2E04FCC2DDE60E4E5F973DF1BB6099BF93A8EA82117CC1
          SHA-512:4013A53A17A3EA8A1055EF149D542CD98EDF91080A1FBCFA4F17AE85AC53A539D74A6FDC6CBAFB48B67B418519DD896B7C25F86384BB1C6E84747103DFE3DB56
          Malicious:false
          Reputation:low
          Preview:..........}.e.....h.#...i.+...j.6...k.E...l.K...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.................................................................... .....k.............................n...........................K.....u..................................'.....N.....x.............................2....._..............................................0.....]..................................!.....0.....Q.....p.......................Q.............................z.............................[.....d.....g.............................................../.....P.....b.....u...........%.....1...........L.....^.................].......................#.....;.....V.....}.................4.....~.......................Y...................................?.....M... .V...".k...%.....(.....*.I...+.L...,.]...-.........../.....0.....1.....3.....4.....5.4...6.....7.....8.....9.B...;.]...<.v...=.....>.....?.....@.6...A.p...C.....D.....E.....F.C...G.....H.....I.....J.n.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-SGP6A.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):411650
          Entropy (8bit):5.356567176627367
          Encrypted:false
          SSDEEP:
          MD5:642D94154BB2783BB7089B8667630F60
          SHA1:4419727691E825AE78DF349E6CAE45609531984A
          SHA-256:043675A484981BD3CD4DF53A9464EF930F3DD5A10B00D9F438644BBA7B254D63
          SHA-512:F88E4D56EC42CF4EA96857C7B05BCAB4E481878CE8F3841FC66D4ED4026DE4981E8905D42EB09336B958C4156850B47E7AE047E3EAD7D5A15D432EF21BE304F3
          Malicious:false
          Reputation:low
          Preview:............e.*...h.3...i.;...j.G...k.V...l.a...n.i...o.n...p.{...r.....s.....t.....v.....w.....y....z....|....}...............................................$.....%.....&.....(.....Q.....k..............................................5.....[..............................................................,.....J.....Z.....].....y...............................................................4.....O.....c.....k.....r....................................................(.....F.....U.............................................................2.....G.....].....d.....g.....h.....q.....z...................................$.....f.....n.......................(.....8.....O.....T.....^.....i.....n...................................7.....H.....w............................................. .....".....%.,...(.H...*.e...+.h...,.....-.........../.....0.....1.,...3.<...4.[...5.x...6.....7.....8.....9.....;.....<.....=.....>.0...?.:...@.M...A.....C.....D.....E.....F.....G.B...H.g...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-T12R0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):360735
          Entropy (8bit):5.375626358845348
          Encrypted:false
          SSDEEP:
          MD5:1E678514F81FC298A2C1687F6A455DD2
          SHA1:77F78ABF9479D945108245C276EA1B2B02F70529
          SHA-256:CC6F3DD5015A9836E1D273462A3B914A9921E4B2E9173DEEEEEEA932731B0FC2
          SHA-512:3053040ED28F7530BF81B44ED3C20CE050B16B030DF05EAB1A7AFC9BD4E0BF056E2EEE3A287736378ADDFA839CEEE310D77DCD74C703E6B6818EDF4B9E5F508F
          Malicious:false
          Reputation:low
          Preview:............e.(...h.1...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z....|....}...............................................".....#.....$.....).....V.....c.....r............................................).....S.....f.....h.....l..............................................................4.....C.....P.....T.....W....._.....i............................................................... .....0.....F.....R.....c.......................................!.....*.....6.....B.....Q.....Y.....^.....o......................................................................,.....1.....m...................................%.....,.....A.....E.....Q.....Y.....].....l.........................................'.....B.....G.....Q....._.....p.....y......... .....".....%.....(.....*.....+.....,. ...-.:.....^.../.m...0.z...1.....3.....4.....5.....6.#...7.4...8.I...9.X...<.k...=.w...>.....?.....@.....A.....C.....D.....E.&...F.@...G.k...H.{...I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-U2HQT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):429941
          Entropy (8bit):5.610661773416604
          Encrypted:false
          SSDEEP:
          MD5:22E780A6EA6695F12F3CA8EA5B946885
          SHA1:EAF00F300721E6EA0F07DF26DB5E23440A9279EA
          SHA-256:F8E6B59D8B8021C3AE062178CB07D3B66F2DDB1CD524FFF3C2904555EE7D8DB0
          SHA-512:066A5047D9B98310FB09FBF2446180AC046318ED43881D6812286119917B5AFE04BF06D9213F4C096EE3C023ED480094119A12674A90BA4692971260465DA18A
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.X...j.d...k.s...l.~...n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................$.....,.....3.....:.....A.....B.....C.....E.....s........................................1.....=.....R.....q................................................................B.....r..............................................................6.....S..................................................0.....H.....[.....i.............................................'.....9.....D.....U.....^.....a.....w.............................................................................V.....[.......................Z.....x...................................%.....).....0.....I.........................................P.....g.....n.....v........................... .....".....%.....(.0...*.Y...+.\...,.z...-.........../.....0.....1.....3.*...4.J...5.r...6.....7.....8.....9.....;.&...<.7...=.E...>.]...?.f...@.y...A.....C.....D.....E.&...F.C...G.r...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-V0878.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):365937
          Entropy (8bit):5.399391330007507
          Encrypted:false
          SSDEEP:
          MD5:519772C25B7F64D6973BF465F3D47C23
          SHA1:9B1E770D4C31B9A94861491FAFDE18BC19A59D14
          SHA-256:F23F1123A01CB6E2784942FEE75CD2C2CCC0034189624F69963C226343EDBEEF
          SHA-512:4AE1E7D2DFC858253A785A621F645FF046DA91DF60B4569592E88406DC7621BF2A4BA24BF454496E5E20D0921AFADA59AFE8C0A1F362CC4BCDA9B53F2379C60A
          Malicious:false
          Reputation:low
          Preview:............e.:...h.C...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................&...........5.....<.....C.....D.....E.....G.....n.....y.............................................#.....F.....p.............................................................-.....>.....D.....W.....g.....t.....x...................................................#...........6.....=.....C.....Q.....\.....q.....y.............................................3.....<.....J.....T.....`.....d.....g.....v....................................................................................g...................................C.....T.....d.....v.........................................................../.....X.....k.....o.....x........................... .....".....%.....(.....*.!...+.$...,.B...-.S.....w.../.....0.....1.....3.....4.....5.....6.....7.E...8.a...9.t...;.....<.....=.....>.....?.....@.....A.....C.....D.....E.$...F.7...G.V...H.f...I.y.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-V15R0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):479976
          Entropy (8bit):5.849735707591872
          Encrypted:false
          SSDEEP:
          MD5:D87851BE88C48463F20358571C00D99A
          SHA1:60BE4E767B5ED35297C66E2B5E220C91DCA237CA
          SHA-256:9047B32D599BC6684FEB3C012B10A456DD3A878485A09FC78FAFEC520C9A4673
          SHA-512:7AE3919EB1A88718BFC9FBDDB7C7AEC51A9977D803EF3E464412471AEA86FA3D233C783F84B2E016B24119B56346630B86A82C73CC4CAE5F89799178FA732374
          Malicious:false
          Reputation:low
          Preview:........5.v.e.(...h.1...i.<...j.E...k.V...l._...m.g...o.|...p.....v.....w.....y.....z.....|.....}.............................................................".....$.....).....e.....~..................................=.....R.....d..................................,.....V.....b.....q........................................#.....A....._.....e.....h.....n.....}......................*.....Z...............................................................X.....p......................0.....E.....Q.....i...............................................$.....+...........7.....@.....F.....S.....f.................B.......................6.....N...........................................................#....._.....~.................................../.....D.....d.....j.....x... .....".....%.....(.....*.8...+.;...,.]...-.y........./.....0.....1.....3. ...4.A...5.h...6.....7.....8.....9.....;./...<.B...=.^...>.....?.....@.....A.....C.....D.#...E.P...F.....G.....H.....I.....J.)...K.?...L.L.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-V5GPT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):429079
          Entropy (8bit):5.611127777147373
          Encrypted:false
          SSDEEP:
          MD5:E42C987B9E8F5E0141659AFB2A630670
          SHA1:2C85A6B71378FFC5E0F069038B0675DE81AA9B45
          SHA-256:516D4F6F97DE96717BD59BD9E53482433AE98F18F67989B826E744FFD38F1F26
          SHA-512:C999D6224951F05A369F5CEA17E8DACBC056C0081B4D1D3B9DF2C214ED1698506E013489267D25EDCA5757F049BDF337D5A021560A7D90285BBD0B084CCA6144
          Malicious:false
          Reputation:low
          Preview:............e.T...h.]...i.n...j.z...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....[..............................................:.....D.....L.....t..........................................................'.....9.....a.....y...................................................................).....?.....V.....o.....w.....~.......................................%.....5.....M.....g.....q.......................................#.....&.....7.....J.....\.....u.......................................................................h.......................,.....L.................................................................L.....k..............................................."...../.....=... .F...".W...%.}...(.....*.....+.....,.....-.........../.6...0.F...1.....3.....4.....5.....6.....7.&...8.:...9.L...<.W...=.a...>.....?.....@.....A.....C.....D.....E.2...F.]...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\is-VH5LH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):952338
          Entropy (8bit):4.180936917431103
          Encrypted:false
          SSDEEP:
          MD5:F7BB28FC72D9B3BE1A729A4098704AC5
          SHA1:D5E4F809255A99B6EBF6E3572D30EA353F35988C
          SHA-256:BD37BFE7D580732AD9B15B3F7AA47F298577792024719A6198D6EB61253FA990
          SHA-512:2809441C1C601FD8774D96CD3355E03119F0AC706220A013E4AFAEB300EC710CB2530352205E6AECA6E36D7D938DB36B66276A73DAAD0C76911D4005B6B541E3
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j."...k.1...l.<...n.D...o.I...p.V...r.\...s.m...t.v...v.....w.....y.....z.....|.....}...................................................................................<.....Z.............................-................+.....-.....1.....Y......................$.....C.......................3...................................0.....L.......................1...................................;.....c.......................(.............................;...........0.....U.........................................n.......................!.....$.....%.....C.....a.....v.............................W.....2.....W...........,.....g...........(.....l...................................r...........U.....t.................D.............................(.....L.....Z... .i...".....%.....(.r...*.....+.....,.....-.0.....T.../.s...0.....1."...3.Q...4.....5.0...6.....7.....8.f...9.....;.....<.....=.....>.V...?.i...@.....A.....C.L...D.w...E.....F.6...G.....H.....I.A.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\it.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):401291
          Entropy (8bit):5.253852654772365
          Encrypted:false
          SSDEEP:
          MD5:46EDC6357BBDEF4FC20C7B503AEFEFCB
          SHA1:175B0BF410C5D9DC8D8B5F240CBB381CD56A10AB
          SHA-256:280947358816923117CC720768B2F00920DBFC51734E5592B8F0DA0B242744AF
          SHA-512:EDF6587E5D2E1EC5B809A692DCD8AE98EEA02F1FE6465CC08FA0C6B63C2F84CEF90DCF2D6BD582A82A8B1EB8559D52098BC17C84DA95B01F552DBAF79294C79C
          Malicious:false
          Reputation:low
          Preview:............e.T...h.]...i.n...j.z...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....[..............................................,.....4.....<.....a....................................................................;.....M.....Q.....k.........................................................".....G.....W....._.....f.....k.....u....................................................-.....W.....~...............................................................#.....*.....-...........<.....G.....Q.....W.....g.......................A.....G.................................................................1.....Q.....j...................................0.....5.....=.....T.....r.....~......... .....".....%.....(.....*.....+.....,.....-.#.....G.../._...0.d...1.....3.....4.....5.....6.N...7.^...8.q...9.....;.....<.....=.....>.....?.....@.....A.....C.Q...D.Z...E.....F.....G.....H.....I.....J.&.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ja.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):479976
          Entropy (8bit):5.849735707591872
          Encrypted:false
          SSDEEP:
          MD5:D87851BE88C48463F20358571C00D99A
          SHA1:60BE4E767B5ED35297C66E2B5E220C91DCA237CA
          SHA-256:9047B32D599BC6684FEB3C012B10A456DD3A878485A09FC78FAFEC520C9A4673
          SHA-512:7AE3919EB1A88718BFC9FBDDB7C7AEC51A9977D803EF3E464412471AEA86FA3D233C783F84B2E016B24119B56346630B86A82C73CC4CAE5F89799178FA732374
          Malicious:false
          Reputation:low
          Preview:........5.v.e.(...h.1...i.<...j.E...k.V...l._...m.g...o.|...p.....v.....w.....y.....z.....|.....}.............................................................".....$.....).....e.....~..................................=.....R.....d..................................,.....V.....b.....q........................................#.....A....._.....e.....h.....n.....}......................*.....Z...............................................................X.....p......................0.....E.....Q.....i...............................................$.....+...........7.....@.....F.....S.....f.................B.......................6.....N...........................................................#....._.....~.................................../.....D.....d.....j.....x... .....".....%.....(.....*.8...+.;...,.]...-.y........./.....0.....1.....3. ...4.A...5.h...6.....7.....8.....9.....;./...<.B...=.^...>.....?.....@.....A.....C.....D.#...E.P...F.....G.....H.....I.....J.)...K.?...L.L.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\kn.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):918792
          Entropy (8bit):4.36609517586862
          Encrypted:false
          SSDEEP:
          MD5:4A60B734EB8154377FDC4FF96DAD1EE7
          SHA1:59D7C7F5FDB2CE9F579CC68731852A8A82AAB63D
          SHA-256:7470A094660DDF102B11A18300C126ABAC660E5881051C863977BB1F878A1AD9
          SHA-512:CB2350776A1212F6396AD9B5D8B1D4919DEC01ABE44770E95CADFD9986FF5DC501C294F4E4EC8FFF0D20192209FBD60DC628E883555DC357F169CD412EC5F6B5
          Malicious:false
          Reputation:low
          Preview:............e.^...h.g...i.x...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....h...........1.....h.......................%.....y.................#.....M............................+.....F.....................6.......................8.....i...................................d.................b.............................$.....F.....e.......................u.......................@...........".....>.....l...................................Q.........................................#.....G.....e.....x...........9.....H...........s...........&.....Q.....y.............................;.....M.....Y.................\.................R.....c...........6.....K.....i........................... .+...".q...%.....(.....*.i...+.l...,.....-.........../.....0.5...1.....3.....4.3...5.....6.....7.0...8.....9.....;.....<.....=.1...>.^...?.q...@.....A.1...C.....D.....E.....F.q...G.....H.-...I.q...J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ko.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):405046
          Entropy (8bit):6.1762309945451905
          Encrypted:false
          SSDEEP:
          MD5:4625BDF275276EBE2A78FED4A8443D63
          SHA1:9B8709DBA93EC32B137248A1A74F20897238F5BC
          SHA-256:7CDB1F7EA1863C72D8744A14215D9425BA573C62F08280656522959309093EA1
          SHA-512:EF4F7EB66B18E1B595C67B2B054491385BB5CEE3D9FAEAF6C1CF7E7F3115C17423C5D93A6610FBECD7C59425F8E223280CD72D64AB62D5927ACB702FB3C108D6
          Malicious:false
          Reputation:low
          Preview:............e....h.....i.....j.....k.....l.&...m.....o.4...p.;...r.A...s.R...t.[...y.p...z.....|.....}...................................................................$.....0.....@.....S.....\................................ .....J.....Z.....\.....`........................................................ .....6.....I.....\.....b.....e.....k.....q........................................4.....<.....C.....L.....Y.....p........................................6.....S...............................................................*.....C.....Y.....`.....c.....l.....u.....{............................h.................J.....].....p...........................................................+.....W.....v...............................................&.....3.....A... .D...".N...%.u...(.....*.....+.....,.....-.&.....J.../.g...0.s...1.....3.....4.....5.....6.F...7.\...8.s...9.....;.....<.....=.....>.....?.....@.....A.$...C.?...D.O...E.p...F.....G.....H.....I.....J.....K.....L.".

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\lt.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):429941
          Entropy (8bit):5.610661773416604
          Encrypted:false
          SSDEEP:
          MD5:22E780A6EA6695F12F3CA8EA5B946885
          SHA1:EAF00F300721E6EA0F07DF26DB5E23440A9279EA
          SHA-256:F8E6B59D8B8021C3AE062178CB07D3B66F2DDB1CD524FFF3C2904555EE7D8DB0
          SHA-512:066A5047D9B98310FB09FBF2446180AC046318ED43881D6812286119917B5AFE04BF06D9213F4C096EE3C023ED480094119A12674A90BA4692971260465DA18A
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.X...j.d...k.s...l.~...n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................$.....,.....3.....:.....A.....B.....C.....E.....s........................................1.....=.....R.....q................................................................B.....r..............................................................6.....S..................................................0.....H.....[.....i.............................................'.....9.....D.....U.....^.....a.....w.............................................................................V.....[.......................Z.....x...................................%.....).....0.....I.........................................P.....g.....n.....v........................... .....".....%.....(.0...*.Y...+.\...,.z...-.........../.....0.....1.....3.*...4.J...5.r...6.....7.....8.....9.....;.&...<.7...=.E...>.]...?.f...@.y...A.....C.....D.....E.&...F.C...G.r...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\lv.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):429079
          Entropy (8bit):5.611127777147373
          Encrypted:false
          SSDEEP:
          MD5:E42C987B9E8F5E0141659AFB2A630670
          SHA1:2C85A6B71378FFC5E0F069038B0675DE81AA9B45
          SHA-256:516D4F6F97DE96717BD59BD9E53482433AE98F18F67989B826E744FFD38F1F26
          SHA-512:C999D6224951F05A369F5CEA17E8DACBC056C0081B4D1D3B9DF2C214ED1698506E013489267D25EDCA5757F049BDF337D5A021560A7D90285BBD0B084CCA6144
          Malicious:false
          Reputation:low
          Preview:............e.T...h.]...i.n...j.z...k.....l.....n.....o.....p.....r.....s....t....v....w....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....[..............................................:.....D.....L.....t..........................................................'.....9.....a.....y...................................................................).....?.....V.....o.....w.....~.......................................%.....5.....M.....g.....q.......................................#.....&.....7.....J.....\.....u.......................................................................h.......................,.....L.................................................................L.....k..............................................."...../.....=... .F...".W...%.}...(.....*.....+.....,.....-.........../.6...0.F...1.....3.....4.....5.....6.....7.&...8.:...9.L...<.W...=.a...>.....?.....@.....A.....C.....D.....E.2...F.]...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ml.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):959853
          Entropy (8bit):4.395797883613048
          Encrypted:false
          SSDEEP:
          MD5:510137C7CEA2FD958F0A163C96C766AA
          SHA1:52501530EE46AD9D8AD450E4143008D8454C5295
          SHA-256:F6FDF919FACF0E793C83D83EB4C6D8CF7BDAD7023F22C274FE9450D9E31E5273
          SHA-512:BDCB62DA7B9EEC2926030B289A0D7A02F825DDE66B0BF6F2959BF7C8566315EAD1D284649BBE663568BDD83C9698564E9F01622721634EE73F5F2B5491813F97
          Malicious:false
          Reputation:low
          Preview:............e.Z...h.c...i.t...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....d................O............................f.................T.....~..........................B.....i.....................3.......................U...................................*.....u.................j...........!.....O.....W.....^.....v.................,.....P................. .....D.................P.......................K.....n.............................S...............................................1.....M...........5.....S.......................Y.........................................9.....H.....W...........,...........".....A.................n.......................J.....u............... .....".....%.....(.....*.d...+.g...,.....-.........../.:...0.J...1.....3.....4.D...5.....6.>...7.....8.....9.D...;.....<.....=.....>.....?.....@.A...A.....C.....D.,...E.....F.....G.c...H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\mr.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):791265
          Entropy (8bit):4.440435509307849
          Encrypted:false
          SSDEEP:
          MD5:8656668829520556DB8B52ED2DA25D61
          SHA1:F5D4926C384C2B136BF968CD1BA56001A7F8CCC9
          SHA-256:5CCF85DBDE51446372DB734DF8C152770D0E32E99F5850DD3E103853D0082DF3
          SHA-512:D1B6733B463AF4F153B943ED3C41683DBF2DEAE9EDA421A3B4319B54490C0520A27F7DAEB7024DA52CB15E8A039CF32551B4DDFB79D5BC5E0D4C66CB252CBC80
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}...............................................................................................B.....^.............................D........................................J.....|......................2.....N............................................@.....x.......................z.........................................C.....R.............................j.................V.....l................................... .....<.....[.....|.....................................................-.................y...................................o...............................................d...........!.....@.....o.............................M.....p..................... .....".....%.k...(.....*.....+.....,.....-.B.....f.../.....0.....1.%...3.<...4.y...5.....6.....7.L...8.....9.....;.....<.!...=.>...>.j...?.}...@.....A.....C.G...D.]...E.....F.....G.1...H.g...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ms.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):371596
          Entropy (8bit):5.253480749340823
          Encrypted:false
          SSDEEP:
          MD5:368EF927B9BA76F458F177F1A6A7E729
          SHA1:AE5B7FA23DFE1B3325DF496EC7E72F4626129127
          SHA-256:4AB32C0FA5850F7F8B778F925268D06BE9F0C3929B060CEC1AA6E04282DDE590
          SHA-512:2029D2151C660D73C20D1985A2B7BAD44217B237C4A0854074F88EADB795378B2C8C579D6AF4AAB1488B6015247173D5D8466A35BEAEC93849B2BCBD8598B4D7
          Malicious:false
          Reputation:low
          Preview:............e.F...h.O...i.W...j.c...k.r...l.}...n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....q.........................................!.....-.....;.....^..............................................................*.....F.....T.....[.....r....................................................................,.....:.....B.....I.....N.....Z.....h..................................................:.....W.....e.....n.....y........................................................................... .....+.....3.....9.....E.....r.....y.......................+.....<.....M.....o.....z.....................................................".....A.....U.....f................................................... .....".....%.0...(.I...*.c...+.f...,.....-.........../.....0.....1.....3.....4.9...5.L...6.....7.....8.....9.....;.....<.....=.....>.....?.!...@.6...A.^...C.y...D.....E.....F.....G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\nb.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):365937
          Entropy (8bit):5.399391330007507
          Encrypted:false
          SSDEEP:
          MD5:519772C25B7F64D6973BF465F3D47C23
          SHA1:9B1E770D4C31B9A94861491FAFDE18BC19A59D14
          SHA-256:F23F1123A01CB6E2784942FEE75CD2C2CCC0034189624F69963C226343EDBEEF
          SHA-512:4AE1E7D2DFC858253A785A621F645FF046DA91DF60B4569592E88406DC7621BF2A4BA24BF454496E5E20D0921AFADA59AFE8C0A1F362CC4BCDA9B53F2379C60A
          Malicious:false
          Reputation:low
          Preview:............e.:...h.C...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................&...........5.....<.....C.....D.....E.....G.....n.....y.............................................#.....F.....p.............................................................-.....>.....D.....W.....g.....t.....x...................................................#...........6.....=.....C.....Q.....\.....q.....y.............................................3.....<.....J.....T.....`.....d.....g.....v....................................................................................g...................................C.....T.....d.....v.........................................................../.....X.....k.....o.....x........................... .....".....%.....(.....*.!...+.$...,.B...-.S.....w.../.....0.....1.....3.....4.....5.....6.....7.E...8.a...9.t...;.....<.....=.....>.....?.....@.....A.....C.....D.....E.$...F.7...G.V...H.f...I.y.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\nl.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):376779
          Entropy (8bit):5.33652480886364
          Encrypted:false
          SSDEEP:
          MD5:EF04FF1C62FDB5791EE5AD0671A9B776
          SHA1:C9410173E4BE3642D68D71ED1B04C9E4850327F3
          SHA-256:79EE81F67B4D81BCD2B87587CD935FBC93031FD8E1D5AB9101BACEBBBEC6F033
          SHA-512:8060CB21F30C4027C0E869BC2BD0509D6EDE402D5AC32952F00C0BF0260CABA312D1F9E0D039304D003AE6A2C90CDB14F2DCE5C3807C9A2EBD52358A23551E22
          Malicious:false
          Reputation:low
          Preview:............e.&...h./...i.@...j.L...k.[...l.f...n.n...o.s...p.....r.....s.....t.....v.....w....y....z....|....}..........................................".....).....*.....+.....-.....[.....g.....w.............................................(.....R.....d.....f.....j..................................................(.....-.....B.....W.....m.....q.....t.............................................+.....7.....?.....F.....L.....Z.....j............................................!.....H.....k.....~..............................................................".....%.....&.....3.....@.....J.....T.....e.......................).....0.....l.................................................................4.....Q.....t...........................................................6.....D... .H...".U...%.q...(.....*.....+.....,.....-.........../.....0.....1.U...3.a...4.|...5.....6.....7.....8.....9.....;.#...<.1...=.?...>.V...?.c...@.r...A.....C.....D.....E.....F.....G.A...H.W...I.h.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\pl.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):415799
          Entropy (8bit):5.7209592390734345
          Encrypted:false
          SSDEEP:
          MD5:AED8F2DE694D0B6DBF07622F9969DEDC
          SHA1:61D25F8C4E0F6081B9E09FE83C8829024E6709A7
          SHA-256:B4DBBF6E1D169A88325F8B928D871EF66516838E6EEFC1A5AA6DF465CA66C74A
          SHA-512:8D37BC2918D0FCA918377394A2261F9F59999A60272FA5470AE49751EA31E01400CF614F434DCC58515CB1D6FC7565504707B56583275D1B58A76BE790E2604A
          Malicious:false
          Reputation:low
          Preview:............e.P...h.Y...i.j...j.t...k.....l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}.............$.....,.....4.....<.....C.....J.....Q.....R.....S.....U...............................................+.....7.....?.....g........................................................%.....1.....Q.....`.....f.....z...............................................................#.....?.....Q.....Y.....`.....f.....r..............................................%.....2.....X..........................................................................!.....$.....%.....0.....<.....F.....M.....^.......................>.....C...................................0.....?.....K.....U.....Z.....o...................................+.....e.....|....................................... .....".....%.....(.*...*.J...+.M...,.k...-.........../.....0.....1.....3.....4.6...5.T...6.....7.....8.....9.....;.....<.....=.....>.....?.....@."...A.f...C.....D.....E.....F.....G.....H.....I.-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\pt-BR.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):393037
          Entropy (8bit):5.40415672111163
          Encrypted:false
          SSDEEP:
          MD5:5CB46C6DEB8162404219CFCA8E0D2E59
          SHA1:762B7E1943395472592AA0991E87B8F0005E553C
          SHA-256:2DF276E1BEB68B6B013FDB5634BC9A916E79D8228CE19E95D0EB9C359E907C68
          SHA-512:05552CB0D11C9CE191293FA6437EC389F0EE6C0BFCBB82EF6C03592F587439642B824B3FC766C4142C2C38502124A2B95108F1920157C52AB75E9F236C2C80B8
          Malicious:false
          Reputation:low
          Preview:............e.`...h.i...i.z...j.....k.....l.....n.....o.....p.....r.....s....t....v....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....j.......................................&.....C.....O.....W........................................................&...../.....=.....`.....z.........................................................................=.....^.....q.....y..........................................................0.....=.....l..................................................................0.....7.....:.....;.....D.....M.....V.....].....m...................................].....r........................................................... .....4.....e.....................................................1.....<.....J... .N...".a...%.....(.....*.....+.....,.....-.........../.....0.$...1.R...3.e...4.....5.....6.....7.....8.....9.....;.)...<.3...=.?...>.T...?._...@.t...A.....C.....D.....E.....F.%...G.J...H.d...I.}...J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\pt-PT.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):396690
          Entropy (8bit):5.379575909508647
          Encrypted:false
          SSDEEP:
          MD5:2D1B268095A609CCE823C4127751F401
          SHA1:C8BC16AF0B5D9E992FC4559B9634C5B57F40BE94
          SHA-256:583E2F7B23B48EEC21C7018175181F5D7B9E42F4E5FBA8E834C0FBEEE84C15EB
          SHA-512:EAFB20E0A1E33C6904AF94E69092AF1C887406F35F229C1E7B64221A0FB795B1E08A70551371F7B8087E4A8151E8557EBBD2BABA997FAB24AA3DAE5F5343C68B
          Malicious:false
          Reputation:low
          Preview:............e.j...h.s...i.....j.....k.....l.....n.....o.....p....r....s....t....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....t.................................$.....-.....J.....V.....^................................................................,.....:.....^.....q.....{....................................................................>.....`.....p.....x................................................................3.....B.....o.............................................................$.....;.....B.....E.....F.....O.....X.....a.....h.....y.......................5.....=.....y...........................................................+.....L.....c...................................(...........6.....B.....`.....h.....v... .z...".....%.....(.....*.....+.....,.....-.......8.../.S...0.^...1.....3.....4.....5.....6./...7.C...8.Y...9.h...;.|...<.....=.....>.....?.....@.....A.....C.7...D.G...E.q...F.....G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ro.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):406890
          Entropy (8bit):5.439813986042303
          Encrypted:false
          SSDEEP:
          MD5:195C2D7837F4134F3B066DB7CA411425
          SHA1:F347E67E6A14B07AD5E5363867B6473D6BC9347E
          SHA-256:D40B2CB8C13782AB3296BAA7E59E2C571BE6CD03ED89A5A9BD2E1CC4FAA6AD11
          SHA-512:A5D37142083E9BE9DFBE801B88E9B8BABBACA5D7F0AD931A051E7DDD1E0975D1B6A058255930FB5D735E26DAF7F4903B6D95A95A065B5E17C1A417CF46C78682
          Malicious:false
          Reputation:low
          Preview:............e.4...h.=...i.N...j.X...k.g...l.r...n.z...o.....p.....r.....s.....t.....v.....w....y....z....|....}............................... .....'...........5.....6.....7.....9.....t................................................... .....A.....k.....}........................................................D.....W....._..................................................).....T.....t.............................................................I.....X.....f.............................................(.....0.....3.....D.....V.....i.................................................................3.....:.......................<.....Q.....g...................................................../.....F.....t...................................%.....0.....G.....e.....q......... .....".....%.....(.....*.....+.....,.....-.*.....N.../.e...0.v...1.....3.....4.....5.....6.0...7.E...8.\...9.l...;.....<.....=.....>.....?.....@.....A.....C.-...D.:...E.V...F.p...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ru.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):643874
          Entropy (8bit):4.975651045999998
          Encrypted:false
          SSDEEP:
          MD5:ACAD82CC054651D668DEACD3648BD15D
          SHA1:4B2DDB23AFAF9CCEFBF86D6015F83E48ACE0E47F
          SHA-256:1C60EF7A61802F6C99FA090F844C15B6851ED8A80915DA9E17931DE3320FA9BE
          SHA-512:BCB28DB0BDF5214A76C82F497C2BE7C81A076A540EE557C78F7C1DA87B3B62525412EEF3023E31877188E242AA04B8BC8E9865DEE4BCFF54100F8817BF4955AB
          Malicious:false
          Reputation:low
          Preview:........7.t.e.,...h.5...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w....y....z....|....}.....................................!.....(...../.....0.....1.....3.................................4.....Z..................................'.....).....-.....U.....l.....x.................................0.....<.....f.....{..............................................X....................................../.....I.....m.....}............................>....._.............................-.....;.....>....._.....~.....................................................(.....=.....U.................f.................~.......................(.....[.....z...................................P.............................k.........................................!... ./...".N...%.....(.....*.....+.....,.9...-.V.....z.../.....0.....1.....3.1...4.d...5.....6.....7./...8.]...9.z...;.....<.....=.....>.....?.....@.#...A.....C.....D.....E.'...F.d...G.....H.....I.....J.J...K.[.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\sk.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):416392
          Entropy (8bit):5.778044199549979
          Encrypted:false
          SSDEEP:
          MD5:67C7BE2807443BF02D8D3090DCBCA456
          SHA1:6116CB4B7301247A7844E6A6143E0FD389F78092
          SHA-256:B007B60A0E71E4614F907112BA10FDC49BE5BE81747565EE12BEFD0671E5E3BF
          SHA-512:DAB1F3F294EFE816D11FCEEBEFB4DCC998C004B46DF03C1E5EBD561F329A0036A97F0475A85A34B0BF1E85DB86337934923917E51C9FB374D769D223A71AF5D1
          Malicious:false
          Reputation:low
          Preview:............e.J...h.S...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t....v....w....y....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...............................................*.....9.....N.....}...................................................'.....2.....G.....y............................................................#.....5.....Q.....i..............................................................C.....W.....c...............................................................1.....?.....P.....`.....s.....z.....}.....~.........................................h.......................-.....M...........................................................8.....h.........................................$.....2.....L.....V.....d... .n...".....%.....(.....*.....+.....,.....-.......8.../.Q...0.[...1.....3.....4.....5.....6.....7.)...8.@...9.X...;.i...<.u...=.....>.....?.....@.....A.....C.....D.$...E.D...F.k...G.....H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\sl.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):402872
          Entropy (8bit):5.467938560076162
          Encrypted:false
          SSDEEP:
          MD5:A7E0AF7CF48369548685EE6F15D1B162
          SHA1:24701D5EC6629473C9F8489B4A9B77E839377C90
          SHA-256:AA612E781C5055C9F4638CC5996D570F1867E789B8757FCBAAC52CA9405F16E9
          SHA-512:75196AC5F045F72993D76A670ED85E110C6F526FB2528D627B606D45C276DD3A06D48F4CC1F095A79ACD0596C54633F4B32B5B74B3CFA25593922046600E2F8D
          Malicious:false
          Reputation:low
          Preview:............e.....h.!...i.2...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z....|....}......................................................................G.....Y.....g.....w........................................J.....t.............................................................+.....8.....@.....V.....j.....}.........................................................3.....W....._.....f.....n.....~..............................................-.....@.....m...................................................................1.....8.....;.....<.....G.....O.....U.....].....h.......................A.....G............................. .....3.....8.....C.....O.....U.....h.........................................Q.....g.....n.....u........................... .....".....%.....(.....*.1...+.4...,.R...-.v........./.....0.....1.....3.....4.....5.2...6.l...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.h...C.....D.....E.....F.....G.....H.....I.-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\sr.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):608035
          Entropy (8bit):4.909746400883508
          Encrypted:false
          SSDEEP:
          MD5:B8F9E1B4511ADAF2087B891795C99D06
          SHA1:DCBEC6A393872F36057E6F7D8A76F5ACEB0C5A4C
          SHA-256:0EFDA8E4F7181DB23772062D656833059725091BCBF3C0171C8CF3EDBFC75AF0
          SHA-512:DA66A2827997B27F1F0FC1599ED57837180B1276BE37205096CF09D6718FA9A7C904FD23AC3BAE259CE87CF25F46D8AA9655606C9EEEC0FFF2D3D38C7817FD2B
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v.....w.....y.....z.....|.....}./.....7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....m............................H............................"....._............................................./.....R.....i.................................$.....?.....I.....Y.....e.....q............................=.....n...............................................!.....D...................................M...............................................$.....E.....h.............................................................................?.................o.......................'.....S.....a.....m.............................2.....~.......................;.....g.....s................................. .....".-...%.h...(.....*.....+.....,.....-.......9.../.e...0.n...1.....3.....4.#...5.T...6.....7.....8.....9.G...;.Z...<.r...=.....>.....?.....@.....A.T...C.....D.....E.....F.....G.5...H.o...I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\sv.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):367607
          Entropy (8bit):5.501077454209048
          Encrypted:false
          SSDEEP:
          MD5:B6E1CDD1A155A5139EFEE589E334B0F1
          SHA1:31D9670D8BE4246ACB5721332925C06A265BE650
          SHA-256:0008317B8A3CBE481ABA4F6CEB8D9954D8E26C3AB4874DB536A5EAF47C5F5A54
          SHA-512:6283F63F43704EB6B1FFA3183B610540BCAFBE28CE769CBD993581222F340A3CCFD38F3B716A3D0D6AFC20BB5A02C89FA817FA9068D450513B8CEE3EE5B57222
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...r.j...s.{...t.....v.....w.....y.....z.....|.....}....................................................................;.....L.....^.....r.....z.....................................G.....[.....].....a..............................................................2.....D.....T.....X.....b.....i.....o........................................%.....-.....4.....:.....G.....Y.....p.....x............................................=.....E.....R.....].....h.....n.....q............................................................................3.....?.............................-.....=.....f.....q...........................................................1.....P.....a................................................... .....".....%.....(.8...*.X...+.[...,.y...-.........../.....0.....1.....3.....4.4...5.I...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.5...C.T...D.e...E.....F.....G.....H.....I...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\sw.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):384706
          Entropy (8bit):5.329761994798793
          Encrypted:false
          SSDEEP:
          MD5:516C78FF4F576848C86F188C0B8CF1D1
          SHA1:F9BDAF6640AE803CE79A506CA9953F728C51CD37
          SHA-256:1617582396674404F159E538A827A1B80721F1A74A66B7E482C241D1CC1CE598
          SHA-512:0A9AD87F15632E5E0D7F65BBF846468EEF5E1266D4C457D1BA983592D9C06D7E44DB8FE17D06F24382CE97360D0F9FAEF49AA5537E369B025C97D6D54A7620BF
          Malicious:false
          Reputation:low
          Preview:............e.F...h.O...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v....w....y....z....|.....}.........................&...........5.....<.....C.....D.....E.....J.....n....................................................&.....K.....u..............................................................:.....E.....O.....d.....x.........................................................%.....I.....W....._.....f.....p.....}........................................$.....C.....X........................................................!.....4.....H.....^.....e.....h.....i.....v.....}...............................................;.....@.....y...........................................................%.....B.....`...............................................'.....B.....b.....m.....{... .....".....%.....(.....*.....+.....,.....-.......R.../.g...0.j...1.....3.....4.....5.....6.'...7.>...8.Z...9.d...;.s...<.....=.....>.....?.....@.....A.....C.....D.#...E.;...F.T...G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ta.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):952338
          Entropy (8bit):4.180936917431103
          Encrypted:false
          SSDEEP:
          MD5:F7BB28FC72D9B3BE1A729A4098704AC5
          SHA1:D5E4F809255A99B6EBF6E3572D30EA353F35988C
          SHA-256:BD37BFE7D580732AD9B15B3F7AA47F298577792024719A6198D6EB61253FA990
          SHA-512:2809441C1C601FD8774D96CD3355E03119F0AC706220A013E4AFAEB300EC710CB2530352205E6AECA6E36D7D938DB36B66276A73DAAD0C76911D4005B6B541E3
          Malicious:false
          Reputation:low
          Preview:............e.....h.....i.....j."...k.1...l.<...n.D...o.I...p.V...r.\...s.m...t.v...v.....w.....y.....z.....|.....}...................................................................................<.....Z.............................-................+.....-.....1.....Y......................$.....C.......................3...................................0.....L.......................1...................................;.....c.......................(.............................;...........0.....U.........................................n.......................!.....$.....%.....C.....a.....v.............................W.....2.....W...........,.....g...........(.....l...................................r...........U.....t.................D.............................(.....L.....Z... .i...".....%.....(.r...*.....+.....,.....-.0.....T.../.s...0.....1."...3.Q...4.....5.0...6.....7.....8.f...9.....;.....<.....=.....>.V...?.i...@.....A.....C.L...D.w...E.....F.6...G.....H.....I.A.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\te.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):880306
          Entropy (8bit):4.4340834386921
          Encrypted:false
          SSDEEP:
          MD5:094A23F7314CFFCBC568C6150A0F556A
          SHA1:D1AE13E481FC8B4D1EC01D991FA7E8D78EAB59F8
          SHA-256:70F52D1FA46DFB6F380EEA839E58D67C2CEB156DA0E4B570F16232D2556AF482
          SHA-512:53050D187CDF37C97E31157069068AA66DCBC046B6AF727B5083C5359CB11016FEF60F4C07B4B8E41C3F20829BEBBE10FF53F81DD9899C3F24861CD5CB752559
          Malicious:false
          Reputation:low
          Preview:............e.z...h.....i.....j.....k.....l....n....o....p....r....s.....t.....v.....w.....y.%...z.4...|.:...}.L.....T.....Y.....a.....i.....q.....x.........................................D.....x......................,.....p.................3.....]............................+.....G.....~................1.......................=.........................................q.................o...........>.....s.....{.............................P.....e.................4.....O.................V.......................".....K.....c.....f.............................D.....K.....N.....P.....u.............................#.......................M.....h.....0.....u...........6....._...................................;...........................................................8.....x..................... .....".(...%.....(.....*.4...+.7...,.U...-.........../.....0.%...1.....3.....4.$...5.x...6.....7.*...8.....9.....;.....<.....=.'...>.Z...?.m...@.....A.....C.K...D.p...E.....F.-...G.....H...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\th.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):745318
          Entropy (8bit):4.501807684413448
          Encrypted:false
          SSDEEP:
          MD5:B8C729A0A8F89E51D5B37C0EF99AFAF0
          SHA1:4C01FC811416D251F928EB95533149D55885C78C
          SHA-256:9577950C3C3E0EF8AA2E04FCC2DDE60E4E5F973DF1BB6099BF93A8EA82117CC1
          SHA-512:4013A53A17A3EA8A1055EF149D542CD98EDF91080A1FBCFA4F17AE85AC53A539D74A6FDC6CBAFB48B67B418519DD896B7C25F86384BB1C6E84747103DFE3DB56
          Malicious:false
          Reputation:low
          Preview:..........}.e.....h.#...i.+...j.6...k.E...l.K...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.................................................................... .....k.............................n...........................K.....u..................................'.....N.....x.............................2....._..............................................0.....]..................................!.....0.....Q.....p.......................Q.............................z.............................[.....d.....g.............................................../.....P.....b.....u...........%.....1...........L.....^.................].......................#.....;.....V.....}.................4.....~.......................Y...................................?.....M... .V...".k...%.....(.....*.I...+.L...,.]...-.........../.....0.....1.....3.....4.....5.4...6.....7.....8.....9.B...;.]...<.v...=.....>.....?.....@.6...A.p...C.....D.....E.....F.C...G.....H.....I.....J.n.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\tr.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):390683
          Entropy (8bit):5.592198994295706
          Encrypted:false
          SSDEEP:
          MD5:DBBEDA89B6B155C560F862A709D180FE
          SHA1:1F241CF4BB49F8B99CD0D37A54F95BCB02C5CCF1
          SHA-256:58AE2CA3CFE1DE78034F6C479C31DE268D37825ACA919204997BB4B9CA3BFE98
          SHA-512:9D654890491B7590E352CB78FB8E3CCC827F4D195FB52825FFF36F92A0703A10A3302E844F97C2575D5717D0A6C4C53634FDCB594FE3CCF869684B0B587EEF05
          Malicious:false
          Reputation:low
          Preview:............e.f...h.o...i.....j.....k.....l.....n.....o.....p.....r....s....t....v....w.....y.....z.....|.....}.-.....5.....:.....B.....J.....R.....Y.....`.....g.....h.....i.....k.................................4.....B.....`.....m...........................................'...........C.....V.....`.....y..................................................................+.....;.....`.....z...............................................................K.....[.....h.............................................#.....(.....+.....;.....K.....].....t............................................................................._...................................<.....J.....Z.....c.....m.....v.....}.............................(.....E.....V................................................... .....".....%.*...(.@...*.^...+.a...,.....-.........../.....0.....1.....3.....4.4...5.W...6.....7.....8.....9.....;.....<.....=.....>.$...?.-...@.;...A.g...C.....D.....E.....F.....G.....H.!.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\uk.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):645045
          Entropy (8bit):5.0078281328581875
          Encrypted:false
          SSDEEP:
          MD5:B91DF29BB623BC49F7D695BEC6A8DA33
          SHA1:E9CF5F1975363B20FBE52C248EDC038C179997FF
          SHA-256:528FA675B2E7A3FF543CF162652A0795ABDB6DD0A0826E2FFDB9426311DC9ABF
          SHA-512:A4A0B8850FD08187080F36EBF7838FC0634E4E726BF01686EEF2CC07041918B96E138286928733DC43A6F48E79C685D9BB7A77D8C04BD38720BB5D0EFB276B88
          Malicious:false
          Reputation:low
          Preview:..........".e....h....i....j.....k.....l.....n.....o.....p.*...r.0...s.A...t.J...v._...w.l...y.r...z.....|.....}...................................................................@.....].....v.............................+.....9.....`..................................=.....X.....j..................................9.....E.....q.............................................".....9.....r.................................&.....M.....m...................................(....._.....v...................................N.....\....._.....................................................-.....?.....Q.....d.....z............................. .......................s.........................................G.............................P.....a............................./....._.....p.....~... .....".....%.....(.&...*.s...+.v...,.....-.........../.*...0.<...1.....3.....4.....5.!...6.v...7.....8.....9.....;.....<.....=.....>.e...?.t...@.....A.....C.M...D.f...E.....F.....G.$...H.S...I.w.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\ur.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):569830
          Entropy (8bit):5.289692143986535
          Encrypted:false
          SSDEEP:
          MD5:461ADF3A70A931ECF328DED0FD18100D
          SHA1:FAE0D50A06BA322FB96E5101BE9787F6FBC7AB57
          SHA-256:EAADC87C2AFD6234C417A052FC021A7E19BD9AE9FC4B63AF267000A9143680AE
          SHA-512:E7B5520292827339DD13BD96B43D09BC69C535679061DA3B55DBB52E8B3693B654C38570BA6DF3264F3C7E4C41B3407B18849D98EF3684819D059C12F1A259BF
          Malicious:false
          Reputation:low
          Preview:............e.>...h.G...i.O...j.[...k.j...l.u...n.}...o.....p.....r.....s.....t.....v....w....y....z....|....}...............................#.....*.....1.....8.....9.....:.....?.................................Q.....b..................................1.....4.....8.....`.......................................O.....u....................................................G.....r............................R.....Z.....a.....u...................................\.....o.......................4.....d.....s.....................................................6.....T.....[.....^....._.....r.............................-.....7.................#.........................................#.....1.....E.....K.....o.................>.....]...................................%.....>.....l.....}......... .....".....%.....(.....*.2...+.5...,.S...-.u........./.....0.....1."...3.<...4.i...5.....6.....7.#...8.^...9.w...;.....<.....=.....>.....?.....@.....A.(...C.b...D.t...E.....F.....G.....H.G...I.b.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\vi.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):458720
          Entropy (8bit):5.80096726690351
          Encrypted:false
          SSDEEP:
          MD5:F3C0B2967BAAA60AAA2B17BBAD508A52
          SHA1:A22212E28B5573D65EC52A8E582603DE4647E5D5
          SHA-256:4642BE19A5DFEE202D2DA41A4A8D1FAE99AF8007399AEDBC146F824ECEFAE0E8
          SHA-512:599626C6BA0AB7B08900823944E6F9A902C64EA22A9FEACE9F46CB4D4A10C2B52EA82F6ABE9EC988FB40627FA5CB8ABD7BEA8BCE0CDB7D67457C986D776718EB
          Malicious:false
          Reputation:low
          Preview:..........*.e.....h....i....j....k.....l.....n.....o.....p.#...r.)...s.:...t.C...v.X...w.e...y.k...z.z...|.....}.....................................................................................>.....K.......................................".....A.....C.....G.....o............................................).....-.....D.....U.....n.....r.....u.....y.....~..................................<.....L.....T.....[.....`.................................4.....E.....R.....r............................ ...........A.....G.....J.....[.....q.......................................................................5.....?...................................@.....u............................................... .....C.....}.........................................!.....7.....V.....a.....o... .{...".....%.....(.....*.....+.....,.*...-.F.....j.../.....0.....1.....3.....4.....5.....6.<...7.Y...8.....9.....;.....<.....=.....>.....?.....@.....A.8...C.e...D.~...E.....F.....G.....H.....I.).

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\zh-CN.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):340166
          Entropy (8bit):6.746362730548477
          Encrypted:false
          SSDEEP:
          MD5:F6285E00C3F48B24CE87D043F3A0F863
          SHA1:38038C85551C8C7206626D8505652D3F18DA2937
          SHA-256:DE2989812210243AA3A13E8C4AE632D63031B5C99649EA8D484AE2AB7A60B90B
          SHA-512:CFBF4E7650FBFC1B273409001136E7311874D364CDD17F8863CFBFFDAE1779974EFFDD35BC78C7B89296B4FEA48D37AD338EE27FD21D9E334B487F148EE9ADC6
          Malicious:false
          Reputation:low
          Preview:........W.T.e.l...h.u...i.}...j.....k.....l.....m.....o.....p.....r.....s.....t....v....w....|....}.........................&.....5.....:.....B.....I.....P.....R.....W....................................................".....,.....V...................................................................I.....U.....[.....j.....|...............................................................3.....?.....G.....N.....Z.....f.....r............................................).....M.....k.....z................................................................................ .....).....2.....8.....B.....L.....y...........................<.....N.....`.......................................................................<.....N....._................................................... .....".....%.....(./...*.D...+.G...,.t...-.........../.....0.....1.....3.....4.!...5.B...6.x...7.....8.....9.....;.....<.....=.....>.....?.(...@.@...A.z...C.....D.....E.....F.....G.....H.-...I.@...J.X.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\Locales\zh-TW.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):337993
          Entropy (8bit):6.754503390607848
          Encrypted:false
          SSDEEP:
          MD5:DC29DF7F31B87A0048F9F52B33856B06
          SHA1:61F28AAAD1C41CBDB056907D0D6F40AEF36BF272
          SHA-256:03B94FDE0397973E16AAFCD76A46B364B16FCED85DB63B488DF10F84B7B30AA2
          SHA-512:AAB13DA7644DBD7A71EB2330964291A3BC6D39F01CD9104B586018E29C862497377C648F89D5731EDBE8339F7BCDD55D53F6BA298F0BF326AB6D7A80B6664D56
          Malicious:false
          Reputation:low
          Preview:........@.k.e.>...h.G...i.X...j.\...k.k...l.v...n.~...o.....p.....r.....s.....t.....v.....w....y....z....|....}.....................................%.....,...........3.....k.....t.............................................".....L.....v..................................................................&.....,.....>.....J.....V.....\.....b.....h.....n.........................................................................0.....<.....H.....u................................................... .....2.....8.....;.....G.....Y.....k................................................................................I.....v.....|.............................................!.....'.....-.....?.....i...............................................#.....).....5.....I.....R.....`... .l...".~...%.....(.....*.....+.....,.....-.......>.../.V...0._...1.....3.....4.....5.....6.....7. ...8.2...9.>...;.P...<.`...=.p...>.....?.....@.....A.....C.....D.....E.(...F.F...G.m...H.....I.....J...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):173270528
          Entropy (8bit):6.967835963788567
          Encrypted:false
          SSDEEP:
          MD5:589BE275B0215DF58DB3E9331EB94105
          SHA1:9675281E4D68861B4B6281123FBF4E47B9D669E2
          SHA-256:C790CE531CAFE0D0A73895FE0588D02ADA45276E969B6BA2A6967E9520EC9EA2
          SHA-512:CC4BACED1EB9FC6DBF95869C464E5A9FE91E394B454C362BAF3BCB96705876B3ABDD87FB426BD203D8B7C1FB4FB5041DA2CCD9CD728F41A719125E2E6070A79E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!..........................................................z...........@A.........................?......!Q..........p.........................]..................................E...............\..D...|...`....................text...z........................... ..`.rdata..../..0..../.. ..............@..@.data...d.-.........................@....00cfg..............................@..@.rodata.`........................... ..`.tls................................@...CPADinfo(...........................@...malloc_h`........................... ..`.rsrc...p...........................@..@.reloc....].......].................@..B........................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_100_percent.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):611466
          Entropy (8bit):7.963284576933983
          Encrypted:false
          SSDEEP:
          MD5:7CB0C66C8641C297E9615D6043478199
          SHA1:58D6C93BB249EA3A99717DDACE98702BFFFCB12D
          SHA-256:C92660E7910F4166881FE2BC2CC11AF28B0FD70FFD4775D3E7C68C34755EFE40
          SHA-512:2FEF0B87CF39EFE929AF618AE1FC92028BD38A739796F435900A2B36643B47E2B32860C009C0A533FB2E3DC69B94BEEC3CEC799B8A29B366702222C300D1DBF6
          Malicious:false
          Reputation:low
          Preview:........j.+...:.....^...........y...!.....#.`...$.....&.\...).....:......3.....3.....3....3\....3....30....3.....3....3F....3.....3.....3Y....3.....3.....3n....3.....3.....3j....3....3.....3....3.....3....3;....36....3C....3.....3j....3.....3.....3.....3.....3.....3{....34....3.....3.....3.....3@....3.....3.....3.....3.....3.....3U....3.....3.....37....3f....3.....3.#...3q7...3.8...3.;...3.?...3.I...3gS...3.Z...3.`...3.f...3.k...3.q...3.v...3.|...3.....3....3G....36....4\....4.....4....4....4e....4k....4.....4.....4<....4 ....4x....4.....43....4.....4,....4q....4Y6...4.O...4As...4.....4....4.....4.....4.....49....4.....4.6...4RK...4.d...4.o...4.~...4... 4]...!46..."4....#4....$4K...%4o...&4d...'4....(4....)4=...*4....+4.+..,4M5..04J9..14.=..24.C..34vT..44.e..54Sy..64....74....84....94C...:4F...;4....<4....=4....>4....?4....@4....A4....G4....H4.)..I4.7..J4.8..Z4.8..[4.<..\4.B..]4.H..^4{O.._4.U..`4.Z..a4._..b4hf..c4.k..d4....e4....f4z...h4X...i4....j4.....7...bRb...cRV...dR..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_200_percent.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):919742
          Entropy (8bit):7.94848954022467
          Encrypted:false
          SSDEEP:
          MD5:71BAE6B099A751B69E698DE539FC6EC3
          SHA1:99179EEF2A97969A7381BDF7F2F05C7D8384AA86
          SHA-256:F72876E7CBE4CA1E86D76AB224F7F353769B2DFFDB65B9FCE238104BDF8A36B3
          SHA-512:8EBD017A41CFB00A0C124CB373D5BDB1934D94BC7D010847D1C3418C055F9861096B34A584E45CA43D47208A76C0753D8BAB5D340EF2B5FCCEB9186811AA632F
          Malicious:false
          Reputation:low
          Preview:........j.+...:...........9.........!.J!..#.."..$.."..&.v#..)..$..:..%...3c'...3....3R....3....3>....3.....3.....3.....3....3a....3....3%....3.....3....3^....3.....3"....3~....3....3.....3l....3....39....3.....3.....3k....3.....310...3.0...3"2...3.9...32:...3.<...3.>...35@...3.B...38E...3.J...3.O...3bP...3.Z...3.e...3Bf...3.f...3.h...3.h...3Qi...3.|...3.....3.....3T....3|....3+....3.....31....3.....3^-...3.4...3.D...3(T...3.c...3as...3.....3O....3.....3n....3.....3.....4.....4p....4.....4.*...4TB...4.^...4mu...47....4s....4C....4.....4.....4.....4.....4{)...4w,...4kJ...4.c...4k....42....4.....4.....4K....4.....4.....4m"...4kK...4._...4.x...4g....4.....4.... 4/...!4...."4k...#4....$4M...%4}...&4~...'4....(4C'..)4{/..*4.4..+4d@..,4.J..04zR..14.[..24]d..34...44....54....64H...74H*..84.J..94.s..:4...;4...<4....=4f...>4t...?4....@4.(..A4Q)..G4.*..H4.M..I4.g..J4.j..Z4ak..[4.s..\4.~..]4....^4..._4...`4s...a4-...b4....c4;...d4.)..e4d-..f4I3..h4w;..i4.H..j4mU...78n..bR.{..cR....dR\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_elf.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):885760
          Entropy (8bit):6.771714416631459
          Encrypted:false
          SSDEEP:
          MD5:37EEEBBF586B7906F00F3851DD9473E9
          SHA1:CD9E78A71E176ADA283E99726948185E199BF1E9
          SHA-256:0B732B52DC980FAE4C5A9C2B0C8081CBBCE1D8E85C11541847940DFF72C53AAC
          SHA-512:B4384371460EE57481FA134076D4CEDB27FAFA09A8ACA88D765E64F07A099D3BDCBB081BD709D469EEC0E30723F0E2EF65867565B3BF9308D7BA9B4BFFF75CE1
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!.........~.......~....................................................@A....................................P....p...........................w...}......................@}...... !...............................................text...U........................... ..`.rdata..4.... ......................@..@.data...0K.......B..................@....00cfg.......0......................@..@.crthunk@....@......................@..@.tls.........P......................@...CPADinfo(....`......................@....rsrc........p......................@..@.reloc...w.......x..................@..B................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chrome_proxy.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):677376
          Entropy (8bit):6.715049872604981
          Encrypted:false
          SSDEEP:
          MD5:D051097F902259602C7658127B1AE445
          SHA1:6DDF8D9C7850630C05A03DD786FD94C9D1ED6867
          SHA-256:51979968C5AA9B06CAADB0F7AC6F8F3ABF0F861B93EDDC2E7FBAEE6226B0D2C2
          SHA-512:C84764BA48C4C84BB91CB04A53E51AC7F9DDF1D1380DEEAB968A4E548171976DC1CB814C45408C617156E8586AE4D35EA73A4951C5C2489A87AD877B1434FEA3
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."......H........................@.......................................@.............................U............0.......................@...Z...x.......................w......8a..................\............................text....G.......H.................. ..`.rdata..la...`...b...L..............@..@.data... 8.......>..................@....00cfg..............................@..@.tls......... ......................@....rsrc........0......................@..@.reloc...Z...@...\..................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1943552
          Entropy (8bit):6.764011564175002
          Encrypted:false
          SSDEEP:
          MD5:AF515F194404CEDAC8B9BDE3A5932C1D
          SHA1:4C29D61D06166EC083A070169ADE2725B850F4EE
          SHA-256:EC2E5C36F016EF46D54B7636CC316F895BE0FC5BE7978DDF7AD6DEE3CEE64DBB
          SHA-512:399E5DB88496C48A11FCD00A22B472FDCCF33F6F933151D7D564BB1177504C155D81F7DEFEC6538837C33A7E51DD2EC572812BCEE68DB6CD3B134CECF60ACF26
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 5%
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."......d...@....................@.......................................@..........................%......(&..d........>...................0......,...............................8................*..........`....................text....b.......d.................. ..`.rdata...............h..............@..@.data....L...p...@...N..............@....00cfg..............................@..@.tls................................@...CPADinfo(...........................@....rsrc....>.......@..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium_base_version (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text
          Category:dropped
          Size (bytes):38
          Entropy (8bit):4.385956789702443
          Encrypted:false
          SSDEEP:
          MD5:DEFD558DB28B0D5A2E6107D41BEDE1BC
          SHA1:07D894BABFF435ABE969C5121B859E1F0688E2F6
          SHA-256:D5F5B3B772214EEDB714CCE4C4DE4FE9B95BEF8BE4846CE6D7346E75D210C66F
          SHA-512:A3C5F2B5E0B005E4F16FF4BC0318A2CF77F4A0093A0F6692AC3149EF6842F0BD8A965F4FF4472F227E9E3999CEC5D516C4B1A606D6A78ECA0C248555CC74F682
          Malicious:false
          Reputation:low
          Preview:MAJOR=112.MINOR=0.BUILD=5615.PATCH=49.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\chromium_ol_version (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):7
          Entropy (8bit):2.2359263506290326
          Encrypted:false
          SSDEEP:
          MD5:25A848A30E805E57E57C86DEDEF47AB2
          SHA1:6EDF5127158224309194E04C4AF1D92C1167A7E1
          SHA-256:91E40DE9BB10EF4CDCE4DECE95CCF939F18790794C119264E5E9CC6351088C36
          SHA-512:268835DA271CEE07D458119DD064FD4B8DC9B9177135E0ACC9B794EE6D121CD1F0D8F2AD4ED416924D04D3026C5CCC7C10331C3023F7D72F69F29138D03EFE08
          Malicious:false
          Reputation:low
          Preview:112.3.0

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\d3dcompiler_47.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4127200
          Entropy (8bit):6.577665867424953
          Encrypted:false
          SSDEEP:
          MD5:3B4647BCB9FEB591C2C05D1A606ED988
          SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
          SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
          SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\icudtl.dat (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):10542048
          Entropy (8bit):6.277141340322909
          Encrypted:false
          SSDEEP:
          MD5:D89CE8C00659D8E5D408C696EE087CE3
          SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
          SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
          SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
          Malicious:false
          Reputation:low
          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-18L3Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):226
          Entropy (8bit):4.933300084417082
          Encrypted:false
          SSDEEP:
          MD5:FFD21EC24483B86C638173D0214DD8FD
          SHA1:533E88F15BA15A5E3267D47BD4C259F6F2FC722C
          SHA-256:74AFB036E86DFAC77CE642D3CF619327D17CB402F1D43C847010C01C76317DE2
          SHA-512:0A07744E906D2986D214DD61BE164832E46F255D6985E3889F2CF0563F37A4108E918845E43D148A282940D60DE68D2348115B81199B8F4C991E1922FF776738
          Malicious:false
          Reputation:low
          Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='112.0.5615.49'.. version='112.0.5615.49'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-3PH97.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):7691983
          Entropy (8bit):7.9965373695793005
          Encrypted:true
          SSDEEP:
          MD5:6C621D00AB3DFA7ED042D963813D89E4
          SHA1:78819F26940ED0C2D1CDBEE7ED9FF7B42EED232E
          SHA-256:508221FB3F14CDC2487D91FD0935656C3CF57C0F801534DD95AAD6BC3CC2E60A
          SHA-512:54B498C047FFE5820563E56440235666CEA557E70C6CAB3ECA640768C8FC8CE98425963D23C48A9C10FEFB4B3E7784443C54141BB26976C8024EBAE740B1DB4C
          Malicious:false
          Reputation:low
          Preview:............f.26.....@....tC.....F..b3.Y..g3....h3....r3....s3....t3;...u3....v3q...w3....x3....y3....z3'&..{3.;..|3.Q..}3.f..~3.y...3.....3h....3J....3.....3s....3.....3.....3.+...3.B...3.[...3to...3.....3.....3.....4.....4.....4>....4O....4z....4.....4%....4.....4.....4.....4.....4.....4.....4%....4.....4.....4.....4#....4`....4F%...4.(...4.-...4rA...4hH...4|L...4.M...4}N...4HO...4EQ...4.R...4.W...4\b...4.e...4.o...45s...4|t...4\x...5.....5....v5....w5....x5....5....5....5.....5A....5.....5.....5.....5.....5g....5w....5.....5.....5,....5.....5:....5.....5.....5.....5.....5.....5D....5.....5.....5%....5.$...5.&...5.+...5y5..$6,8..%6.9..&6 =..'6.?...6.D../6.F..j6Jt..k6.u..l6.v..m6[}..n6...o6'...p6....q6.....7....7.....7.....7...Z<6...[<R...\<j...]<!...^<y..._<....`<....a<R...n<....x<t...y<....z<....{<i...|<.....<.....<J....<.....<.....<.....<.....<.....<r....<X....<O....<H"...<.&...<.)...<)-...<.5...<P8...<(9...<k;...<.@...<.G...<.I...<.J...<.M...=.T...=....=....=.....=j....=..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-4MSG8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1943552
          Entropy (8bit):6.764011564175002
          Encrypted:false
          SSDEEP:
          MD5:AF515F194404CEDAC8B9BDE3A5932C1D
          SHA1:4C29D61D06166EC083A070169ADE2725B850F4EE
          SHA-256:EC2E5C36F016EF46D54B7636CC316F895BE0FC5BE7978DDF7AD6DEE3CEE64DBB
          SHA-512:399E5DB88496C48A11FCD00A22B472FDCCF33F6F933151D7D564BB1177504C155D81F7DEFEC6538837C33A7E51DD2EC572812BCEE68DB6CD3B134CECF60ACF26
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."......d...@....................@.......................................@..........................%......(&..d........>...................0......,...............................8................*..........`....................text....b.......d.................. ..`.rdata...............h..............@..@.data....L...p...@...N..............@....00cfg..............................@..@.tls................................@...CPADinfo(...........................@....rsrc....>.......@..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-8SN83.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):523336
          Entropy (8bit):5.17325407403121
          Encrypted:false
          SSDEEP:
          MD5:A4F6BD692B95FBE83393062870FE6DF3
          SHA1:0C3EC91CBFD290BEA8D98BF75219563B5D8D5719
          SHA-256:496A3B3CDB7B4D3BE5D3B1809BAC1F5206B2AA562527059C13C3576C56DE495D
          SHA-512:C8817B5B8A6963552AECC6DB86D4514EF3A1D112643E9CE0360813073C146C67E3EB2FAB4F6D51B725952585E66A0E81DA66EDBAE795D6ED9A5A17DF566E3E1D
          Malicious:false
          Reputation:low
          Preview:.........0..11.2.214.9...........................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-BMPBK.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):777728
          Entropy (8bit):6.784089965380715
          Encrypted:false
          SSDEEP:
          MD5:4FEAC79FD307C915FB4C88AB408640C8
          SHA1:59973C27F2B8692FAD6290D8EDE3DE3D350BFD0D
          SHA-256:7CB78437A251AB9C8FE25AA2A2406D579095EBDFFE5A08A1CD49B366A6537747
          SHA-512:AE56CD8D2BEA6C85DACFBA391E6AF10C648FD515B70A1BFAC54B76474D3E1EFA32E313C8696489172B4DBDCEC3A8F102F7C047C45B05A18DF5DFCE46C30EE038
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!........................................................P............@A........................L...<!... ..P................................y..l................................................"...............................text...T........................... ..`.rdata..|T.......V..................@..@.data...h5...`.......@..............@....00cfg...............\..............@..@.tls.................^..............@....rsrc................`..............@..@.reloc...y.......z...d..............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-C5QVO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):360448
          Entropy (8bit):6.55904196384752
          Encrypted:false
          SSDEEP:
          MD5:8F7092A023C85458627279965B526607
          SHA1:9EED67D05283889A889653B5D7592123736AFCA9
          SHA-256:8555BDBEC6E642E1A899E17876886EB58DD1802F99F7EEE9280FAC831F64BE52
          SHA-512:04C50FF017EE5E9E0A3492E45D8AEDF8EEF1DBE9BB6C411272CDE90E0B17A7B0FA6808D380B4411A8688401988A60A26BB2E754010CC8FAF1AF3CBA7691CBA7F
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!..... ...\............................................................@A....................................(.......x........................:...................................0..................`............................text............ .................. ..`.rdata..,....0.......$..............@..@.data....3...0......................@....00cfg.......p.......:..............@..@.tls.................<..............@....rsrc...x............>..............@..@.reloc...:.......<...D..............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-DLUVT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):677376
          Entropy (8bit):6.715049872604981
          Encrypted:false
          SSDEEP:
          MD5:D051097F902259602C7658127B1AE445
          SHA1:6DDF8D9C7850630C05A03DD786FD94C9D1ED6867
          SHA-256:51979968C5AA9B06CAADB0F7AC6F8F3ABF0F861B93EDDC2E7FBAEE6226B0D2C2
          SHA-512:C84764BA48C4C84BB91CB04A53E51AC7F9DDF1D1380DEEAB968A4E548171976DC1CB814C45408C617156E8586AE4D35EA73A4951C5C2489A87AD877B1434FEA3
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."......H........................@.......................................@.............................U............0.......................@...Z...x.......................w......8a..................\............................text....G.......H.................. ..`.rdata..la...`...b...L..............@..@.data... 8.......>..................@....00cfg..............................@..@.tls......... ......................@....rsrc........0......................@..@.reloc...Z...@...\..................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-GC1LU.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):5731840
          Entropy (8bit):6.821334071190696
          Encrypted:false
          SSDEEP:
          MD5:92FCCAA00EA757E3F42B778410CEEDA5
          SHA1:3FE9666400E48F8B7432C724B4FE904ABDECC06C
          SHA-256:C2A6CD8EB4F3AFBE9FF1317895C038D1AAD202FF32FC217FB55F676CC34A2CB2
          SHA-512:5BAA84F0CA58C6A60C645D43135AE099E72144D562C2BBD742D06DCA1E86D15E63AA694DAC8595BDF7EC8C9D31249539AA2E1D0A2CC8AD949D3D247DD512B18B
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!......?.........P.=...................................... X...........@A........................._P......VQ.d....PT......................`T.......O.......................O.....P.?..............XQ.8....^P.@....................text.....?.......?................. ..`.rdata........?.......?.............@..@.data.........Q..*....Q.............@....00cfg.......0T.......S.............@..@.tls.........@T.......S.............@....rsrc........PT.......S.............@..@.reloc.......`T.......S.............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-GEOVC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):10542048
          Entropy (8bit):6.277141340322909
          Encrypted:false
          SSDEEP:
          MD5:D89CE8C00659D8E5D408C696EE087CE3
          SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
          SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
          SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
          Malicious:false
          Reputation:low
          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-JH4OC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):106
          Entropy (8bit):4.724752649036734
          Encrypted:false
          SSDEEP:
          MD5:8642DD3A87E2DE6E991FAE08458E302B
          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
          Malicious:false
          Reputation:low
          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-LQSIJ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3705344
          Entropy (8bit):6.607705291945878
          Encrypted:false
          SSDEEP:
          MD5:CAF2F0EB8EF5D7F592C274651B28A7AD
          SHA1:5E8641C17FC506BECE13F2E8B1CFCDD9119E19BA
          SHA-256:A97C1FB98BB04A1CAC260D97BB8F0413D6A03264E8F876000C482A5A07CDB5D3
          SHA-512:18A098A6F158E616E5319B902A58BE2B44A2612FA3BC47742328287DBB00F0544E314D43A9067915C01D97CDABBF2C45EE98EC683B1E09BDDA9E1C43B009BE00
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!......*..........\(.......................................9...........@A........................@.4.~.....5.P.....7.......................7....h.4.......................4.......+.............$.5..............................text...?.*.......*................. ..`.rdata...I....+..J....+.............@..@.data....M...`5..x...J5.............@....00cfg........7.......6.............@..@.tls....1.....7.......6.............@....rsrc.........7.......6.............@..@.reloc.......7.......6.............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-O8ID8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text
          Category:dropped
          Size (bytes):38
          Entropy (8bit):4.385956789702443
          Encrypted:false
          SSDEEP:
          MD5:DEFD558DB28B0D5A2E6107D41BEDE1BC
          SHA1:07D894BABFF435ABE969C5121B859E1F0688E2F6
          SHA-256:D5F5B3B772214EEDB714CCE4C4DE4FE9B95BEF8BE4846CE6D7346E75D210C66F
          SHA-512:A3C5F2B5E0B005E4F16FF4BC0318A2CF77F4A0093A0F6692AC3149EF6842F0BD8A965F4FF4472F227E9E3999CEC5D516C4B1A606D6A78ECA0C248555CC74F682
          Malicious:false
          Reputation:low
          Preview:MAJOR=112.MINOR=0.BUILD=5615.PATCH=49.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-Q0AIG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):173270528
          Entropy (8bit):6.967835963788567
          Encrypted:false
          SSDEEP:
          MD5:589BE275B0215DF58DB3E9331EB94105
          SHA1:9675281E4D68861B4B6281123FBF4E47B9D669E2
          SHA-256:C790CE531CAFE0D0A73895FE0588D02ADA45276E969B6BA2A6967E9520EC9EA2
          SHA-512:CC4BACED1EB9FC6DBF95869C464E5A9FE91E394B454C362BAF3BCB96705876B3ABDD87FB426BD203D8B7C1FB4FB5041DA2CCD9CD728F41A719125E2E6070A79E
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!..........................................................z...........@A.........................?......!Q..........p.........................]..................................E...............\..D...|...`....................text...z........................... ..`.rdata..../..0..../.. ..............@..@.data...d.-.........................@....00cfg..............................@..@.rodata.`........................... ..`.tls................................@...CPADinfo(...........................@...malloc_h`........................... ..`.rsrc...p...........................@..@.reloc....].......].................@..B........................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-Q5QA3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):696
          Entropy (8bit):4.449920176589978
          Encrypted:false
          SSDEEP:
          MD5:D88FD8440976BBBC610760EA4C793A60
          SHA1:18D1C03A3ED3834D037A559043CE8AC293E12EB0
          SHA-256:4551E154A4CAC3D46F0AED772D2CD2E7BFBF88FA854CE0D7A3F409DB10612071
          SHA-512:E981E790A26C53052B56C068507A68C25E31BC526560C72222E30138A8715DBC41D5B67157D0AC0FE7D86DC39FCAA80E20692C4BAE6140F84D2A2A2F50B7727F
          Malicious:false
          Reputation:low
          Preview:{. "browser" : { . "check_default_browser" : false. },. "distribution" : {. "skip_first_run_ui": true,. "welcome_page_on_os_upgrade_enabled": false,. "suppress_first_run_bubble": true,. "suppress_first_run_default_browser_prompt": true,. "do_not_create_desktop_shortcut": true,. "do_not_create_quick_launch_shortcut": true,. "make_chrome_default": false,. "make_chrome_default_for_user": false,. "import_autofill_form_data": false,. "import_bookmarks": true,. "import_history": false,. "import_home_page": false,. "import_saved_passwords": false,. "import_search_engine": false. },. "sync_promo": {. "show_on_first_run_allowed": false. }.}.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-QU4TH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4127200
          Entropy (8bit):6.577665867424953
          Encrypted:false
          SSDEEP:
          MD5:3B4647BCB9FEB591C2C05D1A606ED988
          SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
          SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
          SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-RU0FQ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):919742
          Entropy (8bit):7.94848954022467
          Encrypted:false
          SSDEEP:
          MD5:71BAE6B099A751B69E698DE539FC6EC3
          SHA1:99179EEF2A97969A7381BDF7F2F05C7D8384AA86
          SHA-256:F72876E7CBE4CA1E86D76AB224F7F353769B2DFFDB65B9FCE238104BDF8A36B3
          SHA-512:8EBD017A41CFB00A0C124CB373D5BDB1934D94BC7D010847D1C3418C055F9861096B34A584E45CA43D47208A76C0753D8BAB5D340EF2B5FCCEB9186811AA632F
          Malicious:false
          Reputation:low
          Preview:........j.+...:...........9.........!.J!..#.."..$.."..&.v#..)..$..:..%...3c'...3....3R....3....3>....3.....3.....3.....3....3a....3....3%....3.....3....3^....3.....3"....3~....3....3.....3l....3....39....3.....3.....3k....3.....310...3.0...3"2...3.9...32:...3.<...3.>...35@...3.B...38E...3.J...3.O...3bP...3.Z...3.e...3Bf...3.f...3.h...3.h...3Qi...3.|...3.....3.....3T....3|....3+....3.....31....3.....3^-...3.4...3.D...3(T...3.c...3as...3.....3O....3.....3n....3.....3.....4.....4p....4.....4.*...4TB...4.^...4mu...47....4s....4C....4.....4.....4.....4.....4{)...4w,...4kJ...4.c...4k....42....4.....4.....4K....4.....4.....4m"...4kK...4._...4.x...4g....4.....4.... 4/...!4...."4k...#4....$4M...%4}...&4~...'4....(4C'..)4{/..*4.4..+4d@..,4.J..04zR..14.[..24]d..34...44....54....64H...74H*..84.J..94.s..:4...;4...<4....=4f...>4t...?4....@4.(..A4Q)..G4.*..H4.M..I4.g..J4.j..Z4ak..[4.s..\4.~..]4....^4..._4...`4s...a4-...b4....c4;...d4.)..e4d-..f4I3..h4w;..i4.H..j4mU...78n..bR.{..cR....dR\.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-TLJMD.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):7
          Entropy (8bit):2.2359263506290326
          Encrypted:false
          SSDEEP:
          MD5:25A848A30E805E57E57C86DEDEF47AB2
          SHA1:6EDF5127158224309194E04C4AF1D92C1167A7E1
          SHA-256:91E40DE9BB10EF4CDCE4DECE95CCF939F18790794C119264E5E9CC6351088C36
          SHA-512:268835DA271CEE07D458119DD064FD4B8DC9B9177135E0ACC9B794EE6D121CD1F0D8F2AD4ED416924D04D3026C5CCC7C10331C3023F7D72F69F29138D03EFE08
          Malicious:false
          Reputation:low
          Preview:112.3.0

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-TQE26.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):611466
          Entropy (8bit):7.963284576933983
          Encrypted:false
          SSDEEP:
          MD5:7CB0C66C8641C297E9615D6043478199
          SHA1:58D6C93BB249EA3A99717DDACE98702BFFFCB12D
          SHA-256:C92660E7910F4166881FE2BC2CC11AF28B0FD70FFD4775D3E7C68C34755EFE40
          SHA-512:2FEF0B87CF39EFE929AF618AE1FC92028BD38A739796F435900A2B36643B47E2B32860C009C0A533FB2E3DC69B94BEEC3CEC799B8A29B366702222C300D1DBF6
          Malicious:false
          Reputation:low
          Preview:........j.+...:.....^...........y...!.....#.`...$.....&.\...).....:......3.....3.....3....3\....3....30....3.....3....3F....3.....3.....3Y....3.....3.....3n....3.....3.....3j....3....3.....3....3.....3....3;....36....3C....3.....3j....3.....3.....3.....3.....3.....3{....34....3.....3.....3.....3@....3.....3.....3.....3.....3.....3U....3.....3.....37....3f....3.....3.#...3q7...3.8...3.;...3.?...3.I...3gS...3.Z...3.`...3.f...3.k...3.q...3.v...3.|...3.....3....3G....36....4\....4.....4....4....4e....4k....4.....4.....4<....4 ....4x....4.....43....4.....4,....4q....4Y6...4.O...4As...4.....4....4.....4.....4.....49....4.....4.6...4RK...4.d...4.o...4.~...4... 4]...!46..."4....#4....$4K...%4o...&4d...'4....(4....)4=...*4....+4.+..,4M5..04J9..14.=..24.C..34vT..44.e..54Sy..64....74....84....94C...:4F...;4....<4....=4....>4....?4....@4....A4....G4....H4.)..I4.7..J4.8..Z4.8..[4.<..\4.B..]4.H..^4{O.._4.U..`4.Z..a4._..b4hf..c4.k..d4....e4....f4z...h4X...i4....j4.....7...bRb...cRV...dR..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\is-TS9G9.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):885760
          Entropy (8bit):6.771714416631459
          Encrypted:false
          SSDEEP:
          MD5:37EEEBBF586B7906F00F3851DD9473E9
          SHA1:CD9E78A71E176ADA283E99726948185E199BF1E9
          SHA-256:0B732B52DC980FAE4C5A9C2B0C8081CBBCE1D8E85C11541847940DFF72C53AAC
          SHA-512:B4384371460EE57481FA134076D4CEDB27FAFA09A8ACA88D765E64F07A099D3BDCBB081BD709D469EEC0E30723F0E2EF65867565B3BF9308D7BA9B4BFFF75CE1
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!.........~.......~....................................................@A....................................P....p...........................w...}......................@}...... !...............................................text...U........................... ..`.rdata..4.... ......................@..@.data...0K.......B..................@....00cfg.......0......................@..@.crthunk@....@......................@..@.tls.........P......................@...CPADinfo(....`......................@....rsrc........p......................@..@.reloc...w.......x..................@..B................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libEGL.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):360448
          Entropy (8bit):6.55904196384752
          Encrypted:false
          SSDEEP:
          MD5:8F7092A023C85458627279965B526607
          SHA1:9EED67D05283889A889653B5D7592123736AFCA9
          SHA-256:8555BDBEC6E642E1A899E17876886EB58DD1802F99F7EEE9280FAC831F64BE52
          SHA-512:04C50FF017EE5E9E0A3492E45D8AEDF8EEF1DBE9BB6C411272CDE90E0B17A7B0FA6808D380B4411A8688401988A60A26BB2E754010CC8FAF1AF3CBA7691CBA7F
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!..... ...\............................................................@A....................................(.......x........................:...................................0..................`............................text............ .................. ..`.rdata..,....0.......$..............@..@.data....3...0......................@....00cfg.......p.......:..............@..@.tls.................<..............@....rsrc...x............>..............@..@.reloc...:.......<...D..............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\libGLESv2.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):5731840
          Entropy (8bit):6.821334071190696
          Encrypted:false
          SSDEEP:
          MD5:92FCCAA00EA757E3F42B778410CEEDA5
          SHA1:3FE9666400E48F8B7432C724B4FE904ABDECC06C
          SHA-256:C2A6CD8EB4F3AFBE9FF1317895C038D1AAD202FF32FC217FB55F676CC34A2CB2
          SHA-512:5BAA84F0CA58C6A60C645D43135AE099E72144D562C2BBD742D06DCA1E86D15E63AA694DAC8595BDF7EC8C9D31249539AA2E1D0A2CC8AD949D3D247DD512B18B
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!......?.........P.=...................................... X...........@A........................._P......VQ.d....PT......................`T.......O.......................O.....P.?..............XQ.8....^P.@....................text.....?.......?................. ..`.rdata........?.......?.............@..@.data.........Q..*....Q.............@....00cfg.......0T.......S.............@..@.tls.........@T.......S.............@....rsrc........PT.......S.............@..@.reloc.......`T.......S.............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\master_preferences (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):696
          Entropy (8bit):4.449920176589978
          Encrypted:false
          SSDEEP:
          MD5:D88FD8440976BBBC610760EA4C793A60
          SHA1:18D1C03A3ED3834D037A559043CE8AC293E12EB0
          SHA-256:4551E154A4CAC3D46F0AED772D2CD2E7BFBF88FA854CE0D7A3F409DB10612071
          SHA-512:E981E790A26C53052B56C068507A68C25E31BC526560C72222E30138A8715DBC41D5B67157D0AC0FE7D86DC39FCAA80E20692C4BAE6140F84D2A2A2F50B7727F
          Malicious:false
          Reputation:low
          Preview:{. "browser" : { . "check_default_browser" : false. },. "distribution" : {. "skip_first_run_ui": true,. "welcome_page_on_os_upgrade_enabled": false,. "suppress_first_run_bubble": true,. "suppress_first_run_default_browser_prompt": true,. "do_not_create_desktop_shortcut": true,. "do_not_create_quick_launch_shortcut": true,. "make_chrome_default": false,. "make_chrome_default_for_user": false,. "import_autofill_form_data": false,. "import_bookmarks": true,. "import_history": false,. "import_home_page": false,. "import_saved_passwords": false,. "import_search_engine": false. },. "sync_promo": {. "show_on_first_run_allowed": false. }.}.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-debug-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.099985678218631
          Encrypted:false
          SSDEEP:
          MD5:879920C7FA905036856BCB10875121D9
          SHA1:A82787EA553EEFA0E7C3BB3AEDB2F2C60E39459A
          SHA-256:7E4CBA620B87189278B5631536CDAD9BFDA6E12ABD8E4EB647CB85369A204FE8
          SHA-512:06650248DDBC68529EF51C8B3BC3185A22CF1685C5FA9904AEE766A24E12D8A2A359B1EFD7F49CC2F91471015E7C1516C71BA9D6961850553D424FA400B7EA91
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....~.............!......................... ...............................0......Qf....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....~..........9...T...T........~..........d................~......................RSDS..' .I_^..lR..l.....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................~......P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-errorhandling-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.119654047979734
          Encrypted:false
          SSDEEP:
          MD5:D91BF81CF5178D47D1A588B0DF98EB24
          SHA1:75F9F2DA06AA2735906B1C572DD556A3C30E7717
          SHA-256:F8E3B45FD3E22866006F16A9E73E28B5E357F31F3C275B517692A5F16918B492
          SHA-512:93D1B0D226E94235F1B32D42F6C1B95FADFAF103B8C1782423D2C5A4836102084FB53F871E3C434B85F0288E47F44345138DE54EA5F982CA3E8BBF2D2BEA0706
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....<b............!......................... ...............................0.......0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....<b.........A...T...T........<b.........d................<b.....................RSDS....>.....j..C......api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............<b.....n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):21768
          Entropy (8bit):7.002529916127268
          Encrypted:false
          SSDEEP:
          MD5:EEFE86B5A3AB256BEED8621A05210DF2
          SHA1:90C1623A85C519ADBC5EF67B63354F881507B8A7
          SHA-256:1D1C11FC1AD1FEBF9308225C4CCF0431606A4AB08680BA04494D276CB310BF15
          SHA-512:C326A2CA190DB24E8E96C43D1DF58A4859A32EB64B0363F9778A8902F1AC0307DCA585BE04F831A66BC32DF54499681AD952CE654D607F5FDB93E9B4504D653F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...s.(............!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@....s.(.........8...T...T.......s.(.........d...............s.(.....................RSDS..c."....]3.9.O.....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02........s.(.............K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l1-2-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.10604544921595
          Encrypted:false
          SSDEEP:
          MD5:79EE4A2FCBE24E9A65106DE834CCDA4A
          SHA1:FD1BA674371AF7116EA06AD42886185F98BA137B
          SHA-256:9F7BDA59FAAFC8A455F98397A63A7F7D114EFC4E8A41808C791256EBF33C7613
          SHA-512:6EF7857D856A1D23333669184A231AD402DC62C8F457A6305FE53ED5E792176CA6F9E561375A707DA0D7DD27E6EA95F8C4355C5DC217E847E807000B310AA05C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....I.O...........!......................... ...............................0............@.............................L............ ...................=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@.....I.O........8...T...T........I.O........d................I.O....................RSDSyN'.;rC......l{.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02.........I.O....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-file-l2-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.161194839446203
          Encrypted:false
          SSDEEP:
          MD5:3F224766FE9B090333FDB43D5A22F9EA
          SHA1:548D1BB707AE7A3DFCCC0C2D99908561A305F57B
          SHA-256:AE5E73416EB64BC18249ACE99F6847024ECEEA7CE9C343696C84196460F3A357
          SHA-512:C12EA6758071B332368D7EF0857479D2B43A4B27CEEAB86CBB542BD6F1515F605EA526DFA3480717F8F452989C25D0EE92BF3335550B15ECEC79E9B25E66A2CA
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...%..r...........!......................... ...............................0.......`....@.......................................... ...................=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....%..r........8...T...T.......%..r........d...............%..r....................RSDS..Vf0....<...j\....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........%..r........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-handle-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.108495536104711
          Encrypted:false
          SSDEEP:
          MD5:18FD51821D0A6F3E94E3FA71DB6DE3AF
          SHA1:7D9700E98EF2D93FDBF8F27592678194B740F4E0
          SHA-256:DBA84E704FFE5FCD42548856258109DC77C6A46FD0B784119A3548EC47E5644B
          SHA-512:4009B4D50E3CB17197009AC7E41A2351DE980B2C5B79C0B440C7FE4C1C3C4E18F1089C6F43216EAA262062C395423F3AD92CA494F664636FF7592C540C5EF89D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..c...........!......................... ...............................0.......[....@............................._............ ...................=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@....c..c........:...T...T.......c..c........d...............c..c....................RSDS..:..z][....08d.....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02....................c..c....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-heap-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.175349312442491
          Encrypted:false
          SSDEEP:
          MD5:FF8026DAB5D3DABCA8F72B6FA7D258FA
          SHA1:075C8719E226A34D7B883FD62B2D7F8823D70F1A
          SHA-256:535E9D20F00A2F1A62F843A4A26CFB763138D5DFE358B0126D33996FBA9CA4D1
          SHA-512:9C56FF11D5843BA09CD29E3BC6C6B9396926C6A588194193BA220CFA784B770AB6756076F16F18CFEA75B51A8184A1063EF47F63804839530382F8D39D5CF006
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...l7.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....l7..........8...T...T.......l7..........d...............l7......................RSDS..3.+.!u..m.m.......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........l7..........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-interlocked-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.081653532416814
          Encrypted:false
          SSDEEP:
          MD5:CFE87D58F973DAEDA4EE7D2CF4AE521D
          SHA1:FD0AA97B7CB6E50C6D5D2BF2D21D757040B5204A
          SHA-256:4997FDA5D0E90B8A0AB7DA314CB56F25D1450B366701C45C294D8DD3254DE483
          SHA-512:40EB68DEB940BBE1B835954183EEA711994C434DE0ABBDEA0B1A51DB6233A12E07827AD4A8639AE0BAF46DD26C168A775FFE606C82CBE47BAE655C7F28AB730B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...`H.............!......................... ...............................0.......j....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....`H..........?...T...T.......`H..........d...............`H......................RSDSR..*: H..*.2\.......api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................`H......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-libraryloader-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.068913871621595
          Encrypted:false
          SSDEEP:
          MD5:0C48220A4485F36FEED84EF5DD0A5E9C
          SHA1:1E7D4038C2765CFFA6D4255737A2A8AA86B5551C
          SHA-256:2DD4EBAA12CBBA142B5D61A0EBF84A14D0D1BB8826BA42B63E303FE6721408DF
          SHA-512:E09951785B09F535340E1E6C256DF1919485B4DAD302B30D90126411CC49A13807B580FA2FCD0D6F7B64AAC4F5B5EA3E250B66035A0E2F664D865408C9B43D48
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....A.............!......................... ...............................0......9.....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A..........A...T...T........A..........d................A......................RSDS6..7....].8D........api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............A......................(...........G...z...............-...\...................=...j...................(...I...k...............7...`...................O...r...............*...Y.......................=...^.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-localization-l1-2-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20744
          Entropy (8bit):7.082681710664215
          Encrypted:false
          SSDEEP:
          MD5:23BD405A6CFD1E38C74C5150EEC28D0A
          SHA1:1D3BE98E7DFE565E297E837A7085731ECD368C7B
          SHA-256:A7FA48DE6C06666B80184AFEE7E544C258E0FB11399AB3FE47D4E74667779F41
          SHA-512:C52D487727A34FBB601B01031300A80ECA7C4A08AF87567DA32CB5B60F7A41EB2CAE06697CD11095322F2FC8307219111EE02B60045904B5C9B1F37E48A06A21
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..@...........!......................... ...............................0......<H....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....c..@........@...T...T.......c..@........d...............c..@....................RSDS......@..&...$&....api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................c..@....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-memory-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.0982506606029165
          Encrypted:false
          SSDEEP:
          MD5:3940167FFB4383992E73F9A10E4B8B1E
          SHA1:53541C824003B0F90B236EDA83B06BEC5E1ACBF5
          SHA-256:EC573431338371504B7B9E57B2D91382B856AABF25D2B4AD96486EFB794C198E
          SHA-512:9732ACAA4DB773F4F99F423D9FEAEBB35C197BBD468922348E0AD086F7131D83F6D9714DC7D375183E7CB8920CFE37F3DA19B0041A9063CC60ABE183375B1929
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....@p...........!......................... ...............................0............@.............................l............ ...................=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......@p........:...T...T.........@p........d.................@p....................RSDS..?O.....Z..n....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................@p....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-namedpipe-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.158120561430464
          Encrypted:false
          SSDEEP:
          MD5:990AC84AE2D83EEB532A28FE29602827
          SHA1:0916F85CC6CC1F01DC08BDF71517A1DC1B8EAF78
          SHA-256:DBD788B1C5694D65FA6F6E2202BFABB30ADF77EB1973CEB9A737EFB16E9EDAE2
          SHA-512:F0E4705A6890B4F81B7D46F66CA6B8EE82F647E163BCE9ECAD11D0BBD69CAF4FF3C4F15E0D3F829C048B6849B99A7641861E6CAF319904D4D61A6084F10DA353
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......J...........!......................... ...............................0.......F....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......J........=...T...T..........J........d..................J....................RSDS..f$..kY@..Q.r......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................J....................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processenvironment-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.0662742983613285
          Encrypted:false
          SSDEEP:
          MD5:0C700B07C3497DF4863C3F2FE37CD526
          SHA1:F835118244D02304DE9EB3A355420BA9D0BD9C13
          SHA-256:9F1F26794FD664E0A8B6FBD53BFCA33DCF7B0DC37FAF3EB7782BC38DFF62CD8C
          SHA-512:8042DBD9E80E33E41993887B0289E143E967544389500ADA9296B89BDA37BB26918E4F370F8A1BDAB8FAACC4E0A6980794D6A3B5320E170AD4EF751384C9F0A8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......{b....@.............................G............ ...................=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@................F...T...T...................d.......................................RSDSW.........$.~).....api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02................................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.089287949821804
          Encrypted:false
          SSDEEP:
          MD5:1DDA9CB13449CE2C6BB670598FC09DC8
          SHA1:0A91FE11B9A8321CA369F665A623270E5AC23176
          SHA-256:4F187F1B4B14763360C325DF6B04D3EC3CC6D2CECC9B796BC52A6C7196B0B2CC
          SHA-512:4E106C8A52033352C91B65CF65EC459DE764C125136333A2F4BA026EFDDE65F3F71B1F6F11E4C580150AC8A9779825BA5E2AF0E14DF999A198CFE244E522C28D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....P.............!......................... ...............................0.......I....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....P..........B...T...T........P..........d................P......................RSDS...&^Z.....5.n~.....api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............P..............1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-processthreads-l1-1-1.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.114763903791775
          Encrypted:false
          SSDEEP:
          MD5:95C5B49AF7F2C7D3CD0BC14B1E9EFACB
          SHA1:C400205C81140E60DFFA8811C1906CE87C58971E
          SHA-256:FF9B51AFF7FBEC8D7FE5CC478B12492A59B38B068DC2B518324173BB3179A0E1
          SHA-512:F320937B90068877C46D30A15440DC9ACE652C3319F5D75E0C8BB83F37E78BE0EFB7767B2BD713BE6D38943C8DB3D3D4C3DA44849271605324E599E1242309C3
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...Z..s...........!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....Z..s........B...T...T.......Z..s........d...............Z..s....................RSDS..j....O.m.h....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............Z..s....................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-profile-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):17672
          Entropy (8bit):7.185434866879492
          Encrypted:false
          SSDEEP:
          MD5:CEDEFD460BC1E36AE111668F3B658052
          SHA1:9BD529FE189E0B214B9E0E51717BDF62F1DA44EA
          SHA-256:F941C232964D01E4680E54AB04955EC6264058011B03889FE29DB86509511EBA
          SHA-512:2C845642B054BC12C2911BFE2B850F06FECAFEF022180C22F6FFD670F821E84FCAD041C4D81DDADB781DDB36CB3E98DFE4EB75EC02B88306EF1D410CBB021454
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....-.............!......................... ...............................0......\8....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....-..........;...T...T........-..........d................-......................RSDS....M.h=.N...`....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................-......<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):17672
          Entropy (8bit):7.1894145407335115
          Encrypted:false
          SSDEEP:
          MD5:65FC0B6C2CEFF31336983E33B84A9313
          SHA1:980DE034CC3A36021FD8BAFFF3846B0731B7068E
          SHA-256:966A38ED7034F8D355E1E8772DFC92F23FB3C8A669780ED4AC3B075625D09744
          SHA-512:F4EBC7A6D12AE6AFA5B96C06413A3438E1678B276B1517DA07D33912818FC863B4D35CB46280F12CF90E37BC93E3AB5E44EA6F75767A314C59222B7D397E5B6A
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....?............!......................... ...............................0.......5....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......?.........>...T...T.........?.........d.................?.....................RSDSMmC{Sj.6..m.........api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................?.....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-string-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.132820536291202
          Encrypted:false
          SSDEEP:
          MD5:E7A266DD3A2A1E03D8716F92BEDE582D
          SHA1:D4B97CE87C96DE1F39FEA97CCA3992D292B2C14E
          SHA-256:339966AE75675A03F628C4DDD5D3218ABB36CBCF6DDCE83B88C07336D732B8AE
          SHA-512:31168663FD71B901B1B9152FF288D4E1567003E5FCD1F1C9DFE36D26D2EB16B0932EC8CD34833DAB25531F768A01DE45C2483F92D4E79F92A89389C02BC05156
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...?%.............!......................... ...............................0.......p....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....?%..........:...T...T.......?%..........d...............?%......................RSDSv..v0.M..-.~UP....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................?%......x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.043571211492233
          Encrypted:false
          SSDEEP:
          MD5:C1DCDB0FABC8AE671A7C7A94F42FB79A
          SHA1:99355912D7A7D622753B2A855CAE4F5A4E50146F
          SHA-256:CC76A4E82E0E0CD08DF3BB8F5AD57142305E0F666CC32599D76E363D0B43EFCB
          SHA-512:6D92E7520AEEBFE60AAB43D6616B76A2DD385EDCAA217DB60003A0C0CBCB0E367063D240E38A19D0B8BEE2F2E7D4B982C4F08C8E9CCF34C7F670CB49F6561FFF
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....^P...........!......................... ...............................0............@.............................V............ ...................=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@......^P........9...T...T.........^P........d.................^P....................RSDSu.J@z..Hd/..!+.d....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02......................^P............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-synch-l1-2-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.137566982908939
          Encrypted:false
          SSDEEP:
          MD5:6E704280D632C2F8F2CADEFCAE25AD85
          SHA1:699C5A1C553D64D7FF3CF4FE57DA72BB151CAEDE
          SHA-256:758A2F9EF6908B51745DB50D89610FE1DE921D93B2DBEA919BFDBA813D5D8893
          SHA-512:ADE85A6CD05128536996705FD60C73F04BAB808DAFB5D8A93C45B2EE6237B6B4DDB087F1A009A9D289C868C98E61BE49259157F5161FECCF9F572FD306B460E6
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....>.............!......................... ...............................0......R.....@.............................v............ ...................=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@.....>..........9...T...T........>..........d................>......................RSDS...*YJe....X..Q....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02.....................>......................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-sysinfo-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.068425359116368
          Encrypted:false
          SSDEEP:
          MD5:887995A73BC7DDE7B764AFABCE57EFE7
          SHA1:363FD4E7AD4A57224E8410154697DF5E8629F526
          SHA-256:F94210B39CDC812BEB7342A47E68673EA2116D0AD9266FCF8D7CEDAA9561FC38
          SHA-512:D088EB1C6958774E20F0E2884136B4E2B978EFD16F557DBC55E64011ABBCE0768054F7E6D881C110182824143A39101FDAE273ED614738AA7BA5C727B27F6677
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...k-.\...........!......................... ...............................0.......t....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@....k-.\........;...T...T.......k-.\........d...............k-.\....................RSDSo......j..f....B....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02....................k-.\....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-timezone-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.1338859952744516
          Encrypted:false
          SSDEEP:
          MD5:C9A55DE62E53D747C5A7FDDEDEF874F9
          SHA1:C5C5A7A873A4D686BFE8E3DA6DC70F724CE41BAD
          SHA-256:B5C725BBB475B5C06CC6CB2A2C3C70008F229659F88FBA25CCD5D5C698D06A4B
          SHA-512:ADCA0360A1297E80A8D3C2E07F5FBC06D2848F572F551342AD4C9884E4AB4BD1D3B3D9919B4F2B929E2848C1A88A4E844DD38C86067CACE9685F9640DB100EFB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....}.............!......................... ...............................0......a9....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@.....}..........<...T...T........}..........d................}......................RSDSfb.f.{....A...~}....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02.....................}......................(...\...........*...f...........C...............9.......................H...........%...j...............b.....................................api-ms-win-core-timezone-l1-1-0.dll.EnumDynamicTimeZoneInforma

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-core-util-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.101366386991871
          Encrypted:false
          SSDEEP:
          MD5:29E1922B32E5312A948E6D8B1B34E2D9
          SHA1:912F54BE8438F45E1562A47294091D522CD89356
          SHA-256:34C5DEE6D566252C0CEB7D9A21E24D5F297AF2B26C32E0C7808BBD088AA9A6A9
          SHA-512:837CD03EE0195DC94BAB0662FF3B8CD1BE2DEDD8A3254318D25DFEA6E88D07211186FA367F41AB864560E10A22220DEB3ED05CCF82D60AC80C71DFED08AFBEA3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......S.....@.............................9............ ...................=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@................8...T...T...................d.......................................RSDS..k...5...U.|O5....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02................J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-conio-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.088979240841937
          Encrypted:false
          SSDEEP:
          MD5:A668C5EE307457729203AE00EDEBB6B3
          SHA1:2114D84CF3EC576785EBBE6B2184B0D634B86D71
          SHA-256:A95B1AF74623D6D5D892760166B9BFAC8926929571301921F1E62458E6D1A503
          SHA-512:73DC1A1C2CEB98CA6D9DDC7611FC44753184BE00CFBA07C4947D675F0B154A09E6013E1EF54AC7576E661FC51B4BC54FDD96A0C046AB4EE58282E711B1854730
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...x..............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................x...........8...d...d.......x...........d...............x.......................RSDS....~3..&L..........api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........x.......T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-convert-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):22280
          Entropy (8bit):6.929682118101382
          Encrypted:false
          SSDEEP:
          MD5:9DDEA3CC96E0FDD3443CC60D649931B3
          SHA1:AF3CB7036318A8427F20B8561079E279119DCA0E
          SHA-256:B7C3EBC36C84630A52D23D1C0E79D61012DFA44CDEBDF039AF31EC9E322845A5
          SHA-512:1427193B31B64715F5712DB9C431593BDC56EF512FE353147DDB7544C1C39DED4371CD72055D82818E965AFF0441B7CBE0B811D828EFB0ECE28471716659E162
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....F&............!.........................0...............................@......Y.....@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................F&.........:...d...d........F&.........d................F&.....................RSDSR .....[X.+~......api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................F&.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-environment-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.080577478918243
          Encrypted:false
          SSDEEP:
          MD5:39325E5F023EB564C87D30F7E06DFF23
          SHA1:03DD79A7FBE3DE1A29359B94BA2D554776BDD3FE
          SHA-256:56D8B7EE7619579A3C648EB130C9354BA1BA5B33A07A4F350370EE7B3653749A
          SHA-512:087B9DCB744AD7D330BACB9BDA9C1A1DF28EBB9327DE0C5DC618E79929FD33D1B1FF0E1EF4C08F8B3EA8118B968A89F44FE651C66CBA4ECBB3216CD4BCCE3085
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......#...........!......................... ...............................0............@............................."............ ...................=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v......................#........>...d...d..........#........d..................#....................RSDS.."X...P....`R......api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02...................#....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.078362597786606
          Encrypted:false
          SSDEEP:
          MD5:228C6BBE1BCE84315E4927392A3BAEE5
          SHA1:BA274AA567AD1EC663A2F9284AF2E3CB232698FB
          SHA-256:AC0CEC8644340125507DD0BC9A90B1853A2D194EB60A049237FB5E752D349065
          SHA-512:37A60CCE69E81F68EF62C58BBA8F2843E99E8BA1B87DF9A5B561D358309E672AE5E3434A10A3DDE01AE624D1638DA226D42C64316F72F3D63B08015B43C56CAB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....E............!......................... ...............................0.......P....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................E.........=...d...d.........E.........d.................E.....................RSDS.(..H....]U.......api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................E.............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-heap-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.061759931417666
          Encrypted:false
          SSDEEP:
          MD5:1776A2B85378B27825CF5E5A3A132D9A
          SHA1:626F0E7F2F18F31EC304FE7A7AF1A87CBBEBB1DF
          SHA-256:675B1B82DD485CC8C8A099272DB9241D0D2A7F45424901F35231B79186EC47EE
          SHA-512:541A5DD997FC5FEC31C17B4F95F03C3A52E106D6FB590CB46BDF5ADAD23ED4A895853768229F3FBB9049F614D9BAE031E6C43CEC43FB38C89F13163721BB8348
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...(..............!......................... ...............................0......V0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................(...........7...d...d.......(...........d...............(.......................RSDS.......y..g........api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........(.......6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-locale-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.13232650628006
          Encrypted:false
          SSDEEP:
          MD5:034379BCEA45EB99DB8CDFEACBC5E281
          SHA1:BBF93D82E7E306E827EFEB9612E8EAB2B760E2B7
          SHA-256:8B543B1BB241F5B773EB76F652DAD7B12E3E4A09230F2E804CD6B0622E8BAF65
          SHA-512:7EA6EFB75B0C59D3120D5B13DA139042726A06D105C924095ED252F39AC19E11E8A5C6BB1C45FA7519C0163716745D03FB9DAAACA50139A115235AB2815CC256
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....Q............!......................... ...............................0.......N....@.............................e............ ...................=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v.....................Q.........9...d...d.........Q.........d.................Q.....................RSDS...5m(....nf.......api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02......................Q.....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-math-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):28936
          Entropy (8bit):6.668155103564419
          Encrypted:false
          SSDEEP:
          MD5:8DA414C3524A869E5679C0678D1640C1
          SHA1:60CF28792C68E9894878C31B323E68FEB4676865
          SHA-256:39723E61C98703034B264B97EE0FE12E696C6560483D799020F9847D8A952672
          SHA-512:6EF3F81206E7D4DCA5B3C1FAFC9AA2328B717E61EE0ACCE30DFB15AD0FE3CB59B2BD61F92BF6046C0AAE01445896DCB1485AD8BE86629D22C3301A1B5F4F2CFA
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.................!.........................@...............................P............@..............................+...........@...............4...=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v..............................7...d...d..................d......................................RSDS9.......2..R1E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02...............l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-multibyte-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):26376
          Entropy (8bit):6.711200183934711
          Encrypted:false
          SSDEEP:
          MD5:19D7F2D6424C98C45702489A375D9E17
          SHA1:310BC4ED49492383E7C669AC9145BDA2956C7564
          SHA-256:A6B83B764555D517216E0E34C4945F7A7501C1B7A25308D8F85551FE353F9C15
          SHA-512:01C09EDEF90C60C9E6CDABFF918F15AFC9B728D6671947898CE8848E3D102F300F3FB4246AF0AC9C6F57B3B85B24832D7B40452358636125B61EB89567D3B17E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....2.............!.....$...................@...............................P...........@.............................. ...........@...............*...=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................2..........<...d...d........2..........d................2......................RSDS .Nq...6....,.F.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................2......................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-private-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):72968
          Entropy (8bit):5.833846377658087
          Encrypted:false
          SSDEEP:
          MD5:3D139F57ED79D2C788E422CA26950446
          SHA1:788E4FB5D1F46B0F1802761D0AE3ADDB8611C238
          SHA-256:DC25A882AC454A0071E4815B0E939DC161BA73B5C207B84AFD96203C343B99C7
          SHA-512:12ED9216F44AA5F245C707FE39AED08DC18EA675F5A707098F1A1DA42B348A649846BC919FD318DE7954EA9097C01F22BE76A5D85D664EF030381E7759840765
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...2..............!................................................................K.....@..............................................................=..............T............................................................................text............................... ..`.rsrc...............................@..@v...................2...........:...d...d.......2...........d...............2.......................RSDSTrXT..{...b.........api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02....................2........>..............8...d#...5...>...?..-?..U?...?...?...?...@..L@...@...@...@..!A..RA...A...A...A...B..BB...B...B...C..>C..vC...C...C...C...D..>D..wD...D...E..[E...E...E...E..'F..]F...F...F...F..8G..kG...G..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-process-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.073487666122886
          Encrypted:false
          SSDEEP:
          MD5:9D3D6F938C8672A12AEA03F85D5330DE
          SHA1:6A7D6E84527EAF54D6F78DD1A5F20503E766A66C
          SHA-256:707C9A384440D0B2D067FC0335273F8851B02C3114842E17DF9C54127910D7FB
          SHA-512:0E1681B16CD9AF116BCC5C6B4284C1203B33FEBB197D1D4AB8A649962C0E807AF9258BDE91C86727910624196948E976741411843DD841616337EA93A27DE7CB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L................!......................... ...............................0............@.............................x............ ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.............................:...d...d.................d.....................................RSDS=..7..n............api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02..................................$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-runtime-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):22792
          Entropy (8bit):6.939823426760396
          Encrypted:false
          SSDEEP:
          MD5:FB0CA6CBFFF46BE87AD729A1C4FDE138
          SHA1:2C302D1C535D5C40F31C3A75393118B40E1B2AF9
          SHA-256:1EE8E99190CC31B104FB75E66928B8C73138902FEFEDBCFB54C409DF50A364DF
          SHA-512:99144C67C33E89B8283C5B39B8BF68D55638DAA6ACC2715A2AC8C5DBA4170DD12299D3A2DFFB39AE38EF0872C2C68A64D7CDC6CEBA5E660A53942761CB9ECA83
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d.......................................RSDS.m.q|3.;./>.n5^.....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02............................f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-stdio-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24328
          Entropy (8bit):6.867867660778997
          Encrypted:false
          SSDEEP:
          MD5:D5166AB3034F0E1AA679BFA1907E5844
          SHA1:851DD640CB34177C43B5F47B218A686C09FA6B4C
          SHA-256:7BCAB4CA00FB1F85FEA29DD3375F709317B984A6F3B9BA12B8CF1952F97BEEE5
          SHA-512:8F2D7442191DE22457C1B8402FAAD594AF2FE0C38280AAAFC876C797CA79F7F4B6860E557E37C3DBE084FE7262A85C358E3EEAF91E16855A91B7535CB0AC832E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......G...........!.........................0...............................@............@.............................a............0..............."...=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v......................G........8...d...d..........G........d..................G....................RSDS9uG.l..k..y.........api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02...........G....^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-string-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24328
          Entropy (8bit):6.865312371416882
          Encrypted:false
          SSDEEP:
          MD5:AD99C2362F64CDE7756B16F9A016A60F
          SHA1:07C9A78EE658BFA81DB61DAB039CFFC9145CC6CB
          SHA-256:73AB2161A7700835B2A15B7487045A695706CC18BCEE283B114042570BB9C0AA
          SHA-512:9C72F239ADDA1DE11B4AD7028F3C897C93859EF277658AEAA141F09B7DDFE788D657B9CB1E2648971ECD5D27B99166283110CCBA437D461003DBB9F6885451F7
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...b.MG...........!.........................0...............................@......P.....@..........................................0..............."...=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................b.MG........9...d...d.......b.MG........d...............b.MG....................RSDS..'.......!...k....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02....................b.MG....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-time-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20744
          Entropy (8bit):7.011893707747583
          Encrypted:false
          SSDEEP:
          MD5:9B79FDA359A269C63DCAC69B2C81CAA4
          SHA1:A38C81B7A2EC158DFCFEB72CB7C04B3EB3CCC0FB
          SHA-256:4D0F0EA6E8478132892F9E674E27E2BC346622FC8989C704E5B2299A18C1D138
          SHA-512:E69D275C5EC5EAE5C95B0596F0CC681B7D287B3E2F9C78A9B5E658949E6244F754F96AD7D40214D22ED28D64E4E8BD507363CDF99999FEA93CFE319078C1F541
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....#.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................#..........7...d...d........#..........d................#......................RSDS.V.m.w:.d..9.|]m....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........#..............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\api-ms-win-crt-utility-l1-1-0.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.124120649956731
          Encrypted:false
          SSDEEP:
          MD5:70E9104E743069B573CA12A3CD87EC33
          SHA1:4290755B6A49212B2E969200E7A088D1713B84A2
          SHA-256:7E6B33A4C0C84F18F2BE294EC63212245AF4FD8354636804FFE5EE9A0D526D95
          SHA-512:E979F28451D271F405B780FC2025707C8A29DCB4C28980CA42E33D4033666DE0E4A4644DEFEC6C1D5D4BDD3C73D405FAFCFFE3320C60134681F62805C965BFD9
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......N.....@.............................^............ ...................=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v...............................:...d...d...................d.......................................RSDS.R.dY.D.....F.......api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02............................d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\freebl3.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):497696
          Entropy (8bit):6.716031105739554
          Encrypted:false
          SSDEEP:
          MD5:8E36CB408A1773B141FA3BBFD68B4F21
          SHA1:B746DA64BE4BF7F7B2AC7A1B9EEF74E6E6B3F27D
          SHA-256:3FEA7D55E64FD2B9239D9EE2A67413193709112F0AC0048DFE1EE20B2779D818
          SHA-512:E9E469668E12734980E5F4425BA92AFECB2EF41B560B0522B0531D44824265934E363CBE2E5F57AB58B1ECC517C7EB82C4076EA69CBA87A56DC34A6B7D7600CE
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!.....:...<...... >....................................................@A........................ P..S...sP..........p............z.. ........'...J...............................P..............|R..@............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....E...`.......J..............@....00cfg...............L..............@..@.rsrc...p............N..............@..@.reloc...'.......(...R..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-08NPU.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.114763903791775
          Encrypted:false
          SSDEEP:
          MD5:95C5B49AF7F2C7D3CD0BC14B1E9EFACB
          SHA1:C400205C81140E60DFFA8811C1906CE87C58971E
          SHA-256:FF9B51AFF7FBEC8D7FE5CC478B12492A59B38B068DC2B518324173BB3179A0E1
          SHA-512:F320937B90068877C46D30A15440DC9ACE652C3319F5D75E0C8BB83F37E78BE0EFB7767B2BD713BE6D38943C8DB3D3D4C3DA44849271605324E599E1242309C3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...Z..s...........!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....Z..s........B...T...T.......Z..s........d...............Z..s....................RSDS..j....O.m.h....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............Z..s....................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-26Q8I.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.132820536291202
          Encrypted:false
          SSDEEP:
          MD5:E7A266DD3A2A1E03D8716F92BEDE582D
          SHA1:D4B97CE87C96DE1F39FEA97CCA3992D292B2C14E
          SHA-256:339966AE75675A03F628C4DDD5D3218ABB36CBCF6DDCE83B88C07336D732B8AE
          SHA-512:31168663FD71B901B1B9152FF288D4E1567003E5FCD1F1C9DFE36D26D2EB16B0932EC8CD34833DAB25531F768A01DE45C2483F92D4E79F92A89389C02BC05156
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...?%.............!......................... ...............................0.......p....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....?%..........:...T...T.......?%..........d...............?%......................RSDSv..v0.M..-.~UP....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................?%......x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-33IUI.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.081653532416814
          Encrypted:false
          SSDEEP:
          MD5:CFE87D58F973DAEDA4EE7D2CF4AE521D
          SHA1:FD0AA97B7CB6E50C6D5D2BF2D21D757040B5204A
          SHA-256:4997FDA5D0E90B8A0AB7DA314CB56F25D1450B366701C45C294D8DD3254DE483
          SHA-512:40EB68DEB940BBE1B835954183EEA711994C434DE0ABBDEA0B1A51DB6233A12E07827AD4A8639AE0BAF46DD26C168A775FFE606C82CBE47BAE655C7F28AB730B
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...`H.............!......................... ...............................0.......j....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....`H..........?...T...T.......`H..........d...............`H......................RSDSR..*: H..*.2\.......api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................`H......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-5N54K.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.061759931417666
          Encrypted:false
          SSDEEP:
          MD5:1776A2B85378B27825CF5E5A3A132D9A
          SHA1:626F0E7F2F18F31EC304FE7A7AF1A87CBBEBB1DF
          SHA-256:675B1B82DD485CC8C8A099272DB9241D0D2A7F45424901F35231B79186EC47EE
          SHA-512:541A5DD997FC5FEC31C17B4F95F03C3A52E106D6FB590CB46BDF5ADAD23ED4A895853768229F3FBB9049F614D9BAE031E6C43CEC43FB38C89F13163721BB8348
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...(..............!......................... ...............................0......V0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................(...........7...d...d.......(...........d...............(.......................RSDS.......y..g........api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........(.......6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-66UCL.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):26376
          Entropy (8bit):6.711200183934711
          Encrypted:false
          SSDEEP:
          MD5:19D7F2D6424C98C45702489A375D9E17
          SHA1:310BC4ED49492383E7C669AC9145BDA2956C7564
          SHA-256:A6B83B764555D517216E0E34C4945F7A7501C1B7A25308D8F85551FE353F9C15
          SHA-512:01C09EDEF90C60C9E6CDABFF918F15AFC9B728D6671947898CE8848E3D102F300F3FB4246AF0AC9C6F57B3B85B24832D7B40452358636125B61EB89567D3B17E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....2.............!.....$...................@...............................P...........@.............................. ...........@...............*...=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................2..........<...d...d........2..........d................2......................RSDS .Nq...6....,.F.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................2......................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6A0RM.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):72968
          Entropy (8bit):5.833846377658087
          Encrypted:false
          SSDEEP:
          MD5:3D139F57ED79D2C788E422CA26950446
          SHA1:788E4FB5D1F46B0F1802761D0AE3ADDB8611C238
          SHA-256:DC25A882AC454A0071E4815B0E939DC161BA73B5C207B84AFD96203C343B99C7
          SHA-512:12ED9216F44AA5F245C707FE39AED08DC18EA675F5A707098F1A1DA42B348A649846BC919FD318DE7954EA9097C01F22BE76A5D85D664EF030381E7759840765
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...2..............!................................................................K.....@..............................................................=..............T............................................................................text............................... ..`.rsrc...............................@..@v...................2...........:...d...d.......2...........d...............2.......................RSDSTrXT..{...b.........api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02....................2........>..............8...d#...5...>...?..-?..U?...?...?...?...@..L@...@...@...@..!A..RA...A...A...A...B..BB...B...B...C..>C..vC...C...C...C...D..>D..wD...D...E..[E...E...E...E..'F..]F...F...F...F..8G..kG...G..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-6EHKG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.088979240841937
          Encrypted:false
          SSDEEP:
          MD5:A668C5EE307457729203AE00EDEBB6B3
          SHA1:2114D84CF3EC576785EBBE6B2184B0D634B86D71
          SHA-256:A95B1AF74623D6D5D892760166B9BFAC8926929571301921F1E62458E6D1A503
          SHA-512:73DC1A1C2CEB98CA6D9DDC7611FC44753184BE00CFBA07C4947D675F0B154A09E6013E1EF54AC7576E661FC51B4BC54FDD96A0C046AB4EE58282E711B1854730
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...x..............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................x...........8...d...d.......x...........d...............x.......................RSDS....~3..&L..........api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........x.......T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7G1NH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.0662742983613285
          Encrypted:false
          SSDEEP:
          MD5:0C700B07C3497DF4863C3F2FE37CD526
          SHA1:F835118244D02304DE9EB3A355420BA9D0BD9C13
          SHA-256:9F1F26794FD664E0A8B6FBD53BFCA33DCF7B0DC37FAF3EB7782BC38DFF62CD8C
          SHA-512:8042DBD9E80E33E41993887B0289E143E967544389500ADA9296B89BDA37BB26918E4F370F8A1BDAB8FAACC4E0A6980794D6A3B5320E170AD4EF751384C9F0A8
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......{b....@.............................G............ ...................=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@................F...T...T...................d.......................................RSDSW.........$.~).....api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02................................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-7MB3R.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):497696
          Entropy (8bit):6.716031105739554
          Encrypted:false
          SSDEEP:
          MD5:8E36CB408A1773B141FA3BBFD68B4F21
          SHA1:B746DA64BE4BF7F7B2AC7A1B9EEF74E6E6B3F27D
          SHA-256:3FEA7D55E64FD2B9239D9EE2A67413193709112F0AC0048DFE1EE20B2779D818
          SHA-512:E9E469668E12734980E5F4425BA92AFECB2EF41B560B0522B0531D44824265934E363CBE2E5F57AB58B1ECC517C7EB82C4076EA69CBA87A56DC34A6B7D7600CE
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!.....:...<...... >....................................................@A........................ P..S...sP..........p............z.. ........'...J...............................P..............|R..@............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....E...`.......J..............@....00cfg...............L..............@..@.rsrc...p............N..............@..@.reloc...'.......(...R..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-86LE0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.101366386991871
          Encrypted:false
          SSDEEP:
          MD5:29E1922B32E5312A948E6D8B1B34E2D9
          SHA1:912F54BE8438F45E1562A47294091D522CD89356
          SHA-256:34C5DEE6D566252C0CEB7D9A21E24D5F297AF2B26C32E0C7808BBD088AA9A6A9
          SHA-512:837CD03EE0195DC94BAB0662FF3B8CD1BE2DEDD8A3254318D25DFEA6E88D07211186FA367F41AB864560E10A22220DEB3ED05CCF82D60AC80C71DFED08AFBEA3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......S.....@.............................9............ ...................=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@................8...T...T...................d.......................................RSDS..k...5...U.|O5....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02................J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8CJTF.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.161194839446203
          Encrypted:false
          SSDEEP:
          MD5:3F224766FE9B090333FDB43D5A22F9EA
          SHA1:548D1BB707AE7A3DFCCC0C2D99908561A305F57B
          SHA-256:AE5E73416EB64BC18249ACE99F6847024ECEEA7CE9C343696C84196460F3A357
          SHA-512:C12EA6758071B332368D7EF0857479D2B43A4B27CEEAB86CBB542BD6F1515F605EA526DFA3480717F8F452989C25D0EE92BF3335550B15ECEC79E9B25E66A2CA
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...%..r...........!......................... ...............................0.......`....@.......................................... ...................=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....%..r........8...T...T.......%..r........d...............%..r....................RSDS..Vf0....<...j\....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........%..r........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-8DSG3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20744
          Entropy (8bit):7.011893707747583
          Encrypted:false
          SSDEEP:
          MD5:9B79FDA359A269C63DCAC69B2C81CAA4
          SHA1:A38C81B7A2EC158DFCFEB72CB7C04B3EB3CCC0FB
          SHA-256:4D0F0EA6E8478132892F9E674E27E2BC346622FC8989C704E5B2299A18C1D138
          SHA-512:E69D275C5EC5EAE5C95B0596F0CC681B7D287B3E2F9C78A9B5E658949E6244F754F96AD7D40214D22ED28D64E4E8BD507363CDF99999FEA93CFE319078C1F541
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....#.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................#..........7...d...d........#..........d................#......................RSDS.V.m.w:.d..9.|]m....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........#..............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-93MUC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.158120561430464
          Encrypted:false
          SSDEEP:
          MD5:990AC84AE2D83EEB532A28FE29602827
          SHA1:0916F85CC6CC1F01DC08BDF71517A1DC1B8EAF78
          SHA-256:DBD788B1C5694D65FA6F6E2202BFABB30ADF77EB1973CEB9A737EFB16E9EDAE2
          SHA-512:F0E4705A6890B4F81B7D46F66CA6B8EE82F647E163BCE9ECAD11D0BBD69CAF4FF3C4F15E0D3F829C048B6849B99A7641861E6CAF319904D4D61A6084F10DA353
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......J...........!......................... ...............................0.......F....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......J........=...T...T..........J........d..................J....................RSDS..f$..kY@..Q.r......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................J....................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-96CE2.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):254496
          Entropy (8bit):6.5671134388700905
          Encrypted:false
          SSDEEP:
          MD5:A2A2550D90835CF42F297BA1488BF9FA
          SHA1:DFCFFBD235B109EB558360DFA1E1C0F49178B53D
          SHA-256:4B68AC131B930E0B2EB5E46637A0E2686C61F7746EAAA78CCD5B0A8637EA0F68
          SHA-512:6CE9E8FB9B12982D540F8C1C3004E1E9279FB5F0A5CF13F4815519C85356F481DB100151AB6314789D384B1EA46DF69C29F5B80F0A405D90B6B2955F01E23A6F
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!......................................................................@A.........................i......?j..........p............... ........F...d..............................................pm..h............................text...:........................... ..`.rdata..d...........................@..@.data................r..............@....00cfg...............v..............@..@.rsrc...p............x..............@..@.reloc...F.......H...|..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9DUCF.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24328
          Entropy (8bit):6.865312371416882
          Encrypted:false
          SSDEEP:
          MD5:AD99C2362F64CDE7756B16F9A016A60F
          SHA1:07C9A78EE658BFA81DB61DAB039CFFC9145CC6CB
          SHA-256:73AB2161A7700835B2A15B7487045A695706CC18BCEE283B114042570BB9C0AA
          SHA-512:9C72F239ADDA1DE11B4AD7028F3C897C93859EF277658AEAA141F09B7DDFE788D657B9CB1E2648971ECD5D27B99166283110CCBA437D461003DBB9F6885451F7
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...b.MG...........!.........................0...............................@......P.....@..........................................0..............."...=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................b.MG........9...d...d.......b.MG........d...............b.MG....................RSDS..'.......!...k....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02....................b.MG....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-9RP90.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.0982506606029165
          Encrypted:false
          SSDEEP:
          MD5:3940167FFB4383992E73F9A10E4B8B1E
          SHA1:53541C824003B0F90B236EDA83B06BEC5E1ACBF5
          SHA-256:EC573431338371504B7B9E57B2D91382B856AABF25D2B4AD96486EFB794C198E
          SHA-512:9732ACAA4DB773F4F99F423D9FEAEBB35C197BBD468922348E0AD086F7131D83F6D9714DC7D375183E7CB8920CFE37F3DA19B0041A9063CC60ABE183375B1929
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....@p...........!......................... ...............................0............@.............................l............ ...................=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......@p........:...T...T.........@p........d.................@p....................RSDS..?O.....Z..n....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................@p....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-AH09Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24328
          Entropy (8bit):6.867867660778997
          Encrypted:false
          SSDEEP:
          MD5:D5166AB3034F0E1AA679BFA1907E5844
          SHA1:851DD640CB34177C43B5F47B218A686C09FA6B4C
          SHA-256:7BCAB4CA00FB1F85FEA29DD3375F709317B984A6F3B9BA12B8CF1952F97BEEE5
          SHA-512:8F2D7442191DE22457C1B8402FAAD594AF2FE0C38280AAAFC876C797CA79F7F4B6860E557E37C3DBE084FE7262A85C358E3EEAF91E16855A91B7535CB0AC832E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......G...........!.........................0...............................@............@.............................a............0..............."...=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v......................G........8...d...d..........G........d..................G....................RSDS9uG.l..k..y.........api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02...........G....^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-B724L.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.068425359116368
          Encrypted:false
          SSDEEP:
          MD5:887995A73BC7DDE7B764AFABCE57EFE7
          SHA1:363FD4E7AD4A57224E8410154697DF5E8629F526
          SHA-256:F94210B39CDC812BEB7342A47E68673EA2116D0AD9266FCF8D7CEDAA9561FC38
          SHA-512:D088EB1C6958774E20F0E2884136B4E2B978EFD16F557DBC55E64011ABBCE0768054F7E6D881C110182824143A39101FDAE273ED614738AA7BA5C727B27F6677
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...k-.\...........!......................... ...............................0.......t....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@....k-.\........;...T...T.......k-.\........d...............k-.\....................RSDSo......j..f....B....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02....................k-.\....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-DLRJC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20744
          Entropy (8bit):7.082681710664215
          Encrypted:false
          SSDEEP:
          MD5:23BD405A6CFD1E38C74C5150EEC28D0A
          SHA1:1D3BE98E7DFE565E297E837A7085731ECD368C7B
          SHA-256:A7FA48DE6C06666B80184AFEE7E544C258E0FB11399AB3FE47D4E74667779F41
          SHA-512:C52D487727A34FBB601B01031300A80ECA7C4A08AF87567DA32CB5B60F7A41EB2CAE06697CD11095322F2FC8307219111EE02B60045904B5C9B1F37E48A06A21
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..@...........!......................... ...............................0......<H....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....c..@........@...T...T.......c..@........d...............c..@....................RSDS......@..&...$&....api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................c..@....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-FNF91.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.043571211492233
          Encrypted:false
          SSDEEP:
          MD5:C1DCDB0FABC8AE671A7C7A94F42FB79A
          SHA1:99355912D7A7D622753B2A855CAE4F5A4E50146F
          SHA-256:CC76A4E82E0E0CD08DF3BB8F5AD57142305E0F666CC32599D76E363D0B43EFCB
          SHA-512:6D92E7520AEEBFE60AAB43D6616B76A2DD385EDCAA217DB60003A0C0CBCB0E367063D240E38A19D0B8BEE2F2E7D4B982C4F08C8E9CCF34C7F670CB49F6561FFF
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....^P...........!......................... ...............................0............@.............................V............ ...................=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@......^P........9...T...T.........^P........d.................^P....................RSDSu.J@z..Hd/..!+.d....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02......................^P............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-G6V2E.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.175349312442491
          Encrypted:false
          SSDEEP:
          MD5:FF8026DAB5D3DABCA8F72B6FA7D258FA
          SHA1:075C8719E226A34D7B883FD62B2D7F8823D70F1A
          SHA-256:535E9D20F00A2F1A62F843A4A26CFB763138D5DFE358B0126D33996FBA9CA4D1
          SHA-512:9C56FF11D5843BA09CD29E3BC6C6B9396926C6A588194193BA220CFA784B770AB6756076F16F18CFEA75B51A8184A1063EF47F63804839530382F8D39D5CF006
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...l7.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....l7..........8...T...T.......l7..........d...............l7......................RSDS..3.+.!u..m.m.......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........l7..........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H0FH7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2682912
          Entropy (8bit):6.684984576535278
          Encrypted:false
          SSDEEP:
          MD5:AA3DADCE74781F1A2C724DE1AC6B9884
          SHA1:76F0C4F318AA09AED9F695F04C001A96C3C5D73F
          SHA-256:E2665822B3FCD26281CD39C017B4DAA78BCD513AABFD0C400C6D3C093E6E5D6D
          SHA-512:9E897F535C6782CD22210C153DC539DF700F7707C1A46D5672803669EBFE672A9614C6BABBD832817E0DE4ABB6B266C5042D8D1822F0913636A74EC98B1DC8BB
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...t..\.........."!.....J"..........G"......................................0).....Q.)...@A..........................&.f....&.T....0'.h.............(. ....@'.$.....%..............................`".............D.&..............................text...nH"......J"................. ..`.rdata..Dl...`"..n...N".............@..@.data...@F....&..$....&.............@....00cfg....... '.......&.............@..@.rsrc...h....0'.......&.............@..@.reloc..$....@'.......&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-H9CN7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):22280
          Entropy (8bit):6.929682118101382
          Encrypted:false
          SSDEEP:
          MD5:9DDEA3CC96E0FDD3443CC60D649931B3
          SHA1:AF3CB7036318A8427F20B8561079E279119DCA0E
          SHA-256:B7C3EBC36C84630A52D23D1C0E79D61012DFA44CDEBDF039AF31EC9E322845A5
          SHA-512:1427193B31B64715F5712DB9C431593BDC56EF512FE353147DDB7544C1C39DED4371CD72055D82818E965AFF0441B7CBE0B811D828EFB0ECE28471716659E162
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....F&............!.........................0...............................@......Y.....@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................F&.........:...d...d........F&.........d................F&.....................RSDSR .....[X.+~......api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................F&.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I3516.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.073487666122886
          Encrypted:false
          SSDEEP:
          MD5:9D3D6F938C8672A12AEA03F85D5330DE
          SHA1:6A7D6E84527EAF54D6F78DD1A5F20503E766A66C
          SHA-256:707C9A384440D0B2D067FC0335273F8851B02C3114842E17DF9C54127910D7FB
          SHA-512:0E1681B16CD9AF116BCC5C6B4284C1203B33FEBB197D1D4AB8A649962C0E807AF9258BDE91C86727910624196948E976741411843DD841616337EA93A27DE7CB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L................!......................... ...............................0............@.............................x............ ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.............................:...d...d.................d.....................................RSDS=..7..n............api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02..................................$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-I8NMG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):21768
          Entropy (8bit):7.002529916127268
          Encrypted:false
          SSDEEP:
          MD5:EEFE86B5A3AB256BEED8621A05210DF2
          SHA1:90C1623A85C519ADBC5EF67B63354F881507B8A7
          SHA-256:1D1C11FC1AD1FEBF9308225C4CCF0431606A4AB08680BA04494D276CB310BF15
          SHA-512:C326A2CA190DB24E8E96C43D1DF58A4859A32EB64B0363F9778A8902F1AC0307DCA585BE04F831A66BC32DF54499681AD952CE654D607F5FDB93E9B4504D653F
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...s.(............!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@....s.(.........8...T...T.......s.(.........d...............s.(.....................RSDS..c."....]3.9.O.....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02........s.(.............K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-IRFSI.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.089287949821804
          Encrypted:false
          SSDEEP:
          MD5:1DDA9CB13449CE2C6BB670598FC09DC8
          SHA1:0A91FE11B9A8321CA369F665A623270E5AC23176
          SHA-256:4F187F1B4B14763360C325DF6B04D3EC3CC6D2CECC9B796BC52A6C7196B0B2CC
          SHA-512:4E106C8A52033352C91B65CF65EC459DE764C125136333A2F4BA026EFDDE65F3F71B1F6F11E4C580150AC8A9779825BA5E2AF0E14DF999A198CFE244E522C28D
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....P.............!......................... ...............................0.......I....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....P..........B...T...T........P..........d................P......................RSDS...&^Z.....5.n~.....api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............P..............1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-JRD24.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):17672
          Entropy (8bit):7.185434866879492
          Encrypted:false
          SSDEEP:
          MD5:CEDEFD460BC1E36AE111668F3B658052
          SHA1:9BD529FE189E0B214B9E0E51717BDF62F1DA44EA
          SHA-256:F941C232964D01E4680E54AB04955EC6264058011B03889FE29DB86509511EBA
          SHA-512:2C845642B054BC12C2911BFE2B850F06FECAFEF022180C22F6FFD670F821E84FCAD041C4D81DDADB781DDB36CB3E98DFE4EB75EC02B88306EF1D410CBB021454
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....-.............!......................... ...............................0......\8....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....-..........;...T...T........-..........d................-......................RSDS....M.h=.N...`....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................-......<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-KRUH3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):28936
          Entropy (8bit):6.668155103564419
          Encrypted:false
          SSDEEP:
          MD5:8DA414C3524A869E5679C0678D1640C1
          SHA1:60CF28792C68E9894878C31B323E68FEB4676865
          SHA-256:39723E61C98703034B264B97EE0FE12E696C6560483D799020F9847D8A952672
          SHA-512:6EF3F81206E7D4DCA5B3C1FAFC9AA2328B717E61EE0ACCE30DFB15AD0FE3CB59B2BD61F92BF6046C0AAE01445896DCB1485AD8BE86629D22C3301A1B5F4F2CFA
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.................!.........................@...............................P............@..............................+...........@...............4...=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v..............................7...d...d..................d......................................RSDS9.......2..R1E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02...............l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-L6KCJ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.137566982908939
          Encrypted:false
          SSDEEP:
          MD5:6E704280D632C2F8F2CADEFCAE25AD85
          SHA1:699C5A1C553D64D7FF3CF4FE57DA72BB151CAEDE
          SHA-256:758A2F9EF6908B51745DB50D89610FE1DE921D93B2DBEA919BFDBA813D5D8893
          SHA-512:ADE85A6CD05128536996705FD60C73F04BAB808DAFB5D8A93C45B2EE6237B6B4DDB087F1A009A9D289C868C98E61BE49259157F5161FECCF9F572FD306B460E6
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....>.............!......................... ...............................0......R.....@.............................v............ ...................=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@.....>..........9...T...T........>..........d................>......................RSDS...*YJe....X..Q....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02.....................>......................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-LOTHN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.099985678218631
          Encrypted:false
          SSDEEP:
          MD5:879920C7FA905036856BCB10875121D9
          SHA1:A82787EA553EEFA0E7C3BB3AEDB2F2C60E39459A
          SHA-256:7E4CBA620B87189278B5631536CDAD9BFDA6E12ABD8E4EB647CB85369A204FE8
          SHA-512:06650248DDBC68529EF51C8B3BC3185A22CF1685C5FA9904AEE766A24E12D8A2A359B1EFD7F49CC2F91471015E7C1516C71BA9D6961850553D424FA400B7EA91
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....~.............!......................... ...............................0......Qf....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....~..........9...T...T........~..........d................~......................RSDS..' .I_^..lR..l.....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................~......P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-MFAS8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.108495536104711
          Encrypted:false
          SSDEEP:
          MD5:18FD51821D0A6F3E94E3FA71DB6DE3AF
          SHA1:7D9700E98EF2D93FDBF8F27592678194B740F4E0
          SHA-256:DBA84E704FFE5FCD42548856258109DC77C6A46FD0B784119A3548EC47E5644B
          SHA-512:4009B4D50E3CB17197009AC7E41A2351DE980B2C5B79C0B440C7FE4C1C3C4E18F1089C6F43216EAA262062C395423F3AD92CA494F664636FF7592C540C5EF89D
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..c...........!......................... ...............................0.......[....@............................._............ ...................=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@....c..c........:...T...T.......c..c........d...............c..c....................RSDS..:..z][....08d.....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02....................c..c....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-PVV4K.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):20232
          Entropy (8bit):7.078362597786606
          Encrypted:false
          SSDEEP:
          MD5:228C6BBE1BCE84315E4927392A3BAEE5
          SHA1:BA274AA567AD1EC663A2F9284AF2E3CB232698FB
          SHA-256:AC0CEC8644340125507DD0BC9A90B1853A2D194EB60A049237FB5E752D349065
          SHA-512:37A60CCE69E81F68EF62C58BBA8F2843E99E8BA1B87DF9A5B561D358309E672AE5E3434A10A3DDE01AE624D1638DA226D42C64316F72F3D63B08015B43C56CAB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....E............!......................... ...............................0.......P....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................E.........=...d...d.........E.........d.................E.....................RSDS.(..H....]U.......api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................E.............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RJOVU.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):22792
          Entropy (8bit):6.939823426760396
          Encrypted:false
          SSDEEP:
          MD5:FB0CA6CBFFF46BE87AD729A1C4FDE138
          SHA1:2C302D1C535D5C40F31C3A75393118B40E1B2AF9
          SHA-256:1EE8E99190CC31B104FB75E66928B8C73138902FEFEDBCFB54C409DF50A364DF
          SHA-512:99144C67C33E89B8283C5B39B8BF68D55638DAA6ACC2715A2AC8C5DBA4170DD12299D3A2DFFB39AE38EF0872C2C68A64D7CDC6CEBA5E660A53942761CB9ECA83
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d.......................................RSDS.m.q|3.;./>.n5^.....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02............................f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-RO1HB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.124120649956731
          Encrypted:false
          SSDEEP:
          MD5:70E9104E743069B573CA12A3CD87EC33
          SHA1:4290755B6A49212B2E969200E7A088D1713B84A2
          SHA-256:7E6B33A4C0C84F18F2BE294EC63212245AF4FD8354636804FFE5EE9A0D526D95
          SHA-512:E979F28451D271F405B780FC2025707C8A29DCB4C28980CA42E33D4033666DE0E4A4644DEFEC6C1D5D4BDD3C73D405FAFCFFE3320C60134681F62805C965BFD9
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......N.....@.............................^............ ...................=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v...............................:...d...d...................d.......................................RSDS.R.dY.D.....F.......api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02............................d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SO8TG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19208
          Entropy (8bit):7.068913871621595
          Encrypted:false
          SSDEEP:
          MD5:0C48220A4485F36FEED84EF5DD0A5E9C
          SHA1:1E7D4038C2765CFFA6D4255737A2A8AA86B5551C
          SHA-256:2DD4EBAA12CBBA142B5D61A0EBF84A14D0D1BB8826BA42B63E303FE6721408DF
          SHA-512:E09951785B09F535340E1E6C256DF1919485B4DAD302B30D90126411CC49A13807B580FA2FCD0D6F7B64AAC4F5B5EA3E250B66035A0E2F664D865408C9B43D48
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....A.............!......................... ...............................0......9.....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A..........A...T...T........A..........d................A......................RSDS6..7....].8D........api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............A......................(...........G...z...............-...\...................=...j...................(...I...k...............7...`...................O...r...............*...Y.......................=...^.......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SRKTN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):197664
          Entropy (8bit):6.790891948584785
          Encrypted:false
          SSDEEP:
          MD5:23F04AF48E23EA4691DFED2AC7E9DDFC
          SHA1:22AD99E0B024782A622CBF97159AF72CE308C6BC
          SHA-256:E3A76985C392038332AE76CB5B89541B9593332872FE0D8D3780C653ACCB8457
          SHA-512:C359346ECC906B15350DDFA40AE6C65EBF1A91BCE22CB0C21FDB5519877209124061491B9C96D88B1E280C32A10CBB69B417FAA2514D74425EDD771C2B75D6FF
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!.....<...........@.......................................0.......*....@A.............................'..-...,....................... ...........j.......................Hl......8P..............H...........`....................text....;.......<.................. ..`.rdata..$....P.......@..............@..@.data...............................@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-SUJS5.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.1338859952744516
          Encrypted:false
          SSDEEP:
          MD5:C9A55DE62E53D747C5A7FDDEDEF874F9
          SHA1:C5C5A7A873A4D686BFE8E3DA6DC70F724CE41BAD
          SHA-256:B5C725BBB475B5C06CC6CB2A2C3C70008F229659F88FBA25CCD5D5C698D06A4B
          SHA-512:ADCA0360A1297E80A8D3C2E07F5FBC06D2848F572F551342AD4C9884E4AB4BD1D3B3D9919B4F2B929E2848C1A88A4E844DD38C86067CACE9685F9640DB100EFB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....}.............!......................... ...............................0......a9....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@.....}..........<...T...T........}..........d................}......................RSDSfb.f.{....A...~}....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02.....................}......................(...\...........*...f...........C...............9.......................H...........%...j...............b.....................................api-ms-win-core-timezone-l1-1-0.dll.EnumDynamicTimeZoneInforma

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-TR2G3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.080577478918243
          Encrypted:false
          SSDEEP:
          MD5:39325E5F023EB564C87D30F7E06DFF23
          SHA1:03DD79A7FBE3DE1A29359B94BA2D554776BDD3FE
          SHA-256:56D8B7EE7619579A3C648EB130C9354BA1BA5B33A07A4F350370EE7B3653749A
          SHA-512:087B9DCB744AD7D330BACB9BDA9C1A1DF28EBB9327DE0C5DC618E79929FD33D1B1FF0E1EF4C08F8B3EA8118B968A89F44FE651C66CBA4ECBB3216CD4BCCE3085
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......#...........!......................... ...............................0............@............................."............ ...................=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v......................#........>...d...d..........#........d..................#....................RSDS.."X...P....`R......api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02...................#....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5BQF.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.119654047979734
          Encrypted:false
          SSDEEP:
          MD5:D91BF81CF5178D47D1A588B0DF98EB24
          SHA1:75F9F2DA06AA2735906B1C572DD556A3C30E7717
          SHA-256:F8E3B45FD3E22866006F16A9E73E28B5E357F31F3C275B517692A5F16918B492
          SHA-512:93D1B0D226E94235F1B32D42F6C1B95FADFAF103B8C1782423D2C5A4836102084FB53F871E3C434B85F0288E47F44345138DE54EA5F982CA3E8BBF2D2BEA0706
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....<b............!......................... ...............................0.......0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....<b.........A...T...T........<b.........d................<b.....................RSDS....>.....j..C......api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............<b.....n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V5T2R.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18696
          Entropy (8bit):7.13232650628006
          Encrypted:false
          SSDEEP:
          MD5:034379BCEA45EB99DB8CDFEACBC5E281
          SHA1:BBF93D82E7E306E827EFEB9612E8EAB2B760E2B7
          SHA-256:8B543B1BB241F5B773EB76F652DAD7B12E3E4A09230F2E804CD6B0622E8BAF65
          SHA-512:7EA6EFB75B0C59D3120D5B13DA139042726A06D105C924095ED252F39AC19E11E8A5C6BB1C45FA7519C0163716745D03FB9DAAACA50139A115235AB2815CC256
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....Q............!......................... ...............................0.......N....@.............................e............ ...................=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v.....................Q.........9...d...d.........Q.........d.................Q.....................RSDS...5m(....nf.......api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02......................Q.....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-V83LA.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):17672
          Entropy (8bit):7.1894145407335115
          Encrypted:false
          SSDEEP:
          MD5:65FC0B6C2CEFF31336983E33B84A9313
          SHA1:980DE034CC3A36021FD8BAFFF3846B0731B7068E
          SHA-256:966A38ED7034F8D355E1E8772DFC92F23FB3C8A669780ED4AC3B075625D09744
          SHA-512:F4EBC7A6D12AE6AFA5B96C06413A3438E1678B276B1517DA07D33912818FC863B4D35CB46280F12CF90E37BC93E3AB5E44EA6F75767A314C59222B7D397E5B6A
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....?............!......................... ...............................0.......5....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......?.........>...T...T.........?.........d.................?.....................RSDSMmC{Sj.6..m.........api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................?.....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\is-VBHJV.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):18184
          Entropy (8bit):7.10604544921595
          Encrypted:false
          SSDEEP:
          MD5:79EE4A2FCBE24E9A65106DE834CCDA4A
          SHA1:FD1BA674371AF7116EA06AD42886185F98BA137B
          SHA-256:9F7BDA59FAAFC8A455F98397A63A7F7D114EFC4E8A41808C791256EBF33C7613
          SHA-512:6EF7857D856A1D23333669184A231AD402DC62C8F457A6305FE53ED5E792176CA6F9E561375A707DA0D7DD27E6EA95F8C4355C5DC217E847E807000B310AA05C
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....I.O...........!......................... ...............................0............@.............................L............ ...................=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@.....I.O........8...T...T........I.O........d................I.O....................RSDSyN'.;rC......l{.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02.........I.O....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\mozglue.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):197664
          Entropy (8bit):6.790891948584785
          Encrypted:false
          SSDEEP:
          MD5:23F04AF48E23EA4691DFED2AC7E9DDFC
          SHA1:22AD99E0B024782A622CBF97159AF72CE308C6BC
          SHA-256:E3A76985C392038332AE76CB5B89541B9593332872FE0D8D3780C653ACCB8457
          SHA-512:C359346ECC906B15350DDFA40AE6C65EBF1A91BCE22CB0C21FDB5519877209124061491B9C96D88B1E280C32A10CBB69B417FAA2514D74425EDD771C2B75D6FF
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!.....<...........@.......................................0.......*....@A.............................'..-...,....................... ...........j.......................Hl......8P..............H...........`....................text....;.......<.................. ..`.rdata..$....P.......@..............@..@.data...............................@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\nss3.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2682912
          Entropy (8bit):6.684984576535278
          Encrypted:false
          SSDEEP:
          MD5:AA3DADCE74781F1A2C724DE1AC6B9884
          SHA1:76F0C4F318AA09AED9F695F04C001A96C3C5D73F
          SHA-256:E2665822B3FCD26281CD39C017B4DAA78BCD513AABFD0C400C6D3C093E6E5D6D
          SHA-512:9E897F535C6782CD22210C153DC539DF700F7707C1A46D5672803669EBFE672A9614C6BABBD832817E0DE4ABB6B266C5042D8D1822F0913636A74EC98B1DC8BB
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...t..\.........."!.....J"..........G"......................................0).....Q.)...@A..........................&.f....&.T....0'.h.............(. ....@'.$.....%..............................`".............D.&..............................text...nH"......J"................. ..`.rdata..Dl...`"..n...N".............@..@.data...@F....&..$....&.............@....00cfg....... '.......&.............@..@.rsrc...h....0'.......&.............@..@.reloc..$....@'.......&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\nss\softokn3.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):254496
          Entropy (8bit):6.5671134388700905
          Encrypted:false
          SSDEEP:
          MD5:A2A2550D90835CF42F297BA1488BF9FA
          SHA1:DFCFFBD235B109EB558360DFA1E1C0F49178B53D
          SHA-256:4B68AC131B930E0B2EB5E46637A0E2686C61F7746EAAA78CCD5B0A8637EA0F68
          SHA-512:6CE9E8FB9B12982D540F8C1C3004E1E9279FB5F0A5CF13F4815519C85356F481DB100151AB6314789D384B1EA46DF69C29F5B80F0A405D90B6B2955F01E23A6F
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......\.........."!......................................................................@A.........................i......?j..........p............... ........F...d..............................................pm..h............................text...:........................... ..`.rdata..d...........................@..@.data................r..............@....00cfg...............v..............@..@.rsrc...p............x..............@..@.reloc...F.......H...|..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\resources.pak (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):7691983
          Entropy (8bit):7.9965373695793005
          Encrypted:true
          SSDEEP:
          MD5:6C621D00AB3DFA7ED042D963813D89E4
          SHA1:78819F26940ED0C2D1CDBEE7ED9FF7B42EED232E
          SHA-256:508221FB3F14CDC2487D91FD0935656C3CF57C0F801534DD95AAD6BC3CC2E60A
          SHA-512:54B498C047FFE5820563E56440235666CEA557E70C6CAB3ECA640768C8FC8CE98425963D23C48A9C10FEFB4B3E7784443C54141BB26976C8024EBAE740B1DB4C
          Malicious:false
          Reputation:low
          Preview:............f.26.....@....tC.....F..b3.Y..g3....h3....r3....s3....t3;...u3....v3q...w3....x3....y3....z3'&..{3.;..|3.Q..}3.f..~3.y...3.....3h....3J....3.....3s....3.....3.....3.+...3.B...3.[...3to...3.....3.....3.....4.....4.....4>....4O....4z....4.....4%....4.....4.....4.....4.....4.....4.....4%....4.....4.....4.....4#....4`....4F%...4.(...4.-...4rA...4hH...4|L...4.M...4}N...4HO...4EQ...4.R...4.W...4\b...4.e...4.o...45s...4|t...4\x...5.....5....v5....w5....x5....5....5....5.....5A....5.....5.....5.....5.....5g....5w....5.....5.....5,....5.....5:....5.....5.....5.....5.....5.....5D....5.....5.....5%....5.$...5.&...5.+...5y5..$6,8..%6.9..&6 =..'6.?...6.D../6.F..j6Jt..k6.u..l6.v..m6[}..n6...o6'...p6....q6.....7....7.....7.....7...Z<6...[<R...\<j...]<!...^<y..._<....`<....a<R...n<....x<t...y<....z<....{<i...|<.....<.....<J....<.....<.....<.....<.....<.....<r....<X....<O....<H"...<.&...<.)...<)-...<.5...<P8...<(9...<k;...<.@...<.G...<.I...<.J...<.M...=.T...=....=....=.....=j....=..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\v8_context_snapshot.bin (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:data
          Category:dropped
          Size (bytes):523336
          Entropy (8bit):5.17325407403121
          Encrypted:false
          SSDEEP:
          MD5:A4F6BD692B95FBE83393062870FE6DF3
          SHA1:0C3EC91CBFD290BEA8D98BF75219563B5D8D5719
          SHA-256:496A3B3CDB7B4D3BE5D3B1809BAC1F5206B2AA562527059C13C3576C56DE495D
          SHA-512:C8817B5B8A6963552AECC6DB86D4514EF3A1D112643E9CE0360813073C146C67E3EB2FAB4F6D51B725952585E66A0E81DA66EDBAE795D6ED9A5A17DF566E3E1D
          Malicious:false
          Reputation:low
          Preview:.........0..11.2.214.9...........................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vk_swiftshader.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3705344
          Entropy (8bit):6.607705291945878
          Encrypted:false
          SSDEEP:
          MD5:CAF2F0EB8EF5D7F592C274651B28A7AD
          SHA1:5E8641C17FC506BECE13F2E8B1CFCDD9119E19BA
          SHA-256:A97C1FB98BB04A1CAC260D97BB8F0413D6A03264E8F876000C482A5A07CDB5D3
          SHA-512:18A098A6F158E616E5319B902A58BE2B44A2612FA3BC47742328287DBB00F0544E314D43A9067915C01D97CDABBF2C45EE98EC683B1E09BDDA9E1C43B009BE00
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!......*..........\(.......................................9...........@A........................@.4.~.....5.P.....7.......................7....h.4.......................4.......+.............$.5..............................text...?.*.......*................. ..`.rdata...I....+..J....+.............@..@.data....M...`5..x...J5.............@....00cfg........7.......6.............@..@.tls....1.....7.......6.............@....rsrc.........7.......6.............@..@.reloc.......7.......6.............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vk_swiftshader_icd.json (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):106
          Entropy (8bit):4.724752649036734
          Encrypted:false
          SSDEEP:
          MD5:8642DD3A87E2DE6E991FAE08458E302B
          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
          Malicious:false
          Reputation:low
          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\chromium\vulkan-1.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):777728
          Entropy (8bit):6.784089965380715
          Encrypted:false
          SSDEEP:
          MD5:4FEAC79FD307C915FB4C88AB408640C8
          SHA1:59973C27F2B8692FAD6290D8EDE3DE3D350BFD0D
          SHA-256:7CB78437A251AB9C8FE25AA2A2406D579095EBDFFE5A08A1CD49B366A6537747
          SHA-512:AE56CD8D2BEA6C85DACFBA391E6AF10C648FD515B70A1BFAC54B76474D3E1EFA32E313C8696489172B4DBDCEC3A8F102F7C047C45B05A18DF5DFCE46C30EE038
          Malicious:false
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....+d.........."!........................................................P............@A........................L...<!... ..P................................y..l................................................"...............................text...T........................... ..`.rdata..|T.......V..................@..@.data...h5...`.......@..............@....00cfg...............\..............@..@.tls.................^..............@....rsrc................`..............@..@.reloc...y.......z...d..............@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):423936
          Entropy (8bit):5.6556106971215305
          Encrypted:false
          SSDEEP:
          MD5:214D37CBDD7D7264DA289EB234EBFBFC
          SHA1:DE20B1BB9012F46404E690B08F50A199A3786E93
          SHA-256:F9B3DB99AC2F13236976C2CFA0512F45582151D23C257B33CFF7F52E5C6900A3
          SHA-512:456FF7F0B97BB0052586FCEF9778E901E6D4A60A128A36028D83BA5C3CC932055E7B27034F8FF0E8938168A9F99603FAB8781BE527CA80776C9A5AD9904B6160
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e..........." ..0.................. ........... ....................................`.....................................O.......,............................................................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc...............v..............@..B.......................H.......To..............H=..P...........................................z../.s....z.,...f}....*..}....*"..}....*..s....*..s....*F../.s....z.s....*J../.s....z.fs....*b.{...../..{....f*.{....**.{.......*....0...........{......(....,....XX..*..0.. ........u....,.........{.....{......*.*>.{.....{......*..{....*..(....*.0...........(....,..(....*.(.......(....*...0..........r...p.(.......(....(....*..{....*..{....*>..}......}....*....0..>........u....,4.........(........(....(....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\common.dll.config (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):1273
          Entropy (8bit):5.050187637326104
          Encrypted:false
          SSDEEP:
          MD5:BADDD01DB54BDAC132B3D04F4229CE12
          SHA1:BF77C9BBF15D24444911B180815DCA356C44C6A1
          SHA-256:F965524C3FB6EA074A2626F337B42EE032AF7A5F7A0FF118A3758A14EA528468
          SHA-512:4BE891C274E9C361C5C811D8CBBF45E5B41BAF81C7122D93D62CDBEA0EDF558A3634F3AAA1F50EE573E76F179B07C3B94E1979830E4376ECF842DA085548F20C
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="K4os.Hash.xxHash" publicKeyToken="32cd54395057cec3" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.0.7.0" newVersion="1.0.7.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neut

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):9728
          Entropy (8bit):4.557060180794725
          Encrypted:false
          SSDEEP:
          MD5:F83D720B236576C7D1F9F55D3BB988F9
          SHA1:105A4993E92646B5DBB50518187ABE07CA473276
          SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
          SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\de\is-LARV3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):9728
          Entropy (8bit):4.557060180794725
          Encrypted:false
          SSDEEP:
          MD5:F83D720B236576C7D1F9F55D3BB988F9
          SHA1:105A4993E92646B5DBB50518187ABE07CA473276
          SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
          SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.425694157692337
          Encrypted:false
          SSDEEP:
          MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
          SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
          SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
          SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\es\is-31HED.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.425694157692337
          Encrypted:false
          SSDEEP:
          MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
          SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
          SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
          SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.588569516197988
          Encrypted:false
          SSDEEP:
          MD5:3B4621370ADDCF4306669C9E7E45C865
          SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
          SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
          SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\fr\is-IINF9.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.588569516197988
          Encrypted:false
          SSDEEP:
          MD5:3B4621370ADDCF4306669C9E7E45C865
          SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
          SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
          SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-021CV.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):108168
          Entropy (8bit):6.179559450110609
          Encrypted:false
          SSDEEP:
          MD5:3034CC0D5CF3731ED90153AA616F3F59
          SHA1:AACE8D26358D9829F0E6632BDDF183534ACFEC0D
          SHA-256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
          SHA-512:88589B022D713D565342E331394ED5600D1FE346AA788E45E16CF51221CE898F10BD28C6A09FDC44D9AD94F25B4ED22C6F0EB28FA832863C01732DEF5B6C6086
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X."Q...........!.....^..........n}... ........... ..............................C.....`..................................}..O....................h...>...........{............................................... ............... ..H............text...t]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................P}......H.......L...................1...P ......................................Am.........C.....7.7....|..........,...w?..T....A.e......I}.#N..E....~...y. x`E......C`A&P.....Y.....A..J......#.p..).uGkJ1:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-0OIT0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):10147
          Entropy (8bit):4.891178331598223
          Encrypted:false
          SSDEEP:
          MD5:C89E735FCF37E76E4C3D7903D2111C04
          SHA1:3C0F1F09C188D8C74B42041004ECE59BBD6F0F56
          SHA-256:975A9555F561B363C3E02FD533F6BF7083AA11BBC7CBF2B46C31DF3D3696B97B
          SHA-512:DEBDD8D0ED2FF6AD7B175ACFEB1681B1A68EEEDD6D717E20E6AC5E0D11C13A1219B4D60F9319939C63BF4B53456328531369F4A9FFF5B201475858310E385007
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Threading.Tasks.Extensions</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.ValueTaskAwaiter`1">.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult">.. <returns></returns>.. </member>.. <member name="P:System.Runtime.CompilerServices.ValueTaskAwaiter`1.IsCompleted">.. <returns></returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.OnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.UnsafeOnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="T:System.Threading.Tasks.ValueTask`1">.. <summary>Provides a value type that wraps a <see cref="Task{TResult}"></see> and

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-0TR52.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):22144
          Entropy (8bit):6.434408185018128
          Encrypted:false
          SSDEEP:
          MD5:48EFE61D6CA3054309907B532D576D2A
          SHA1:F36403AABB16540C93FB35245EC0B4E435628AAE
          SHA-256:295AF2142D9214F3FD84EAFE4778DCA119BE7E0229F14B6BA8D5269C2F1E2E78
          SHA-512:778E7C4675D8FDE9E083230213D2EFA19AA6924FE892ED74FA1EA2EC16743BB14B99B51856E75EAEF632D57BE7F36DD1BC7CE39A7C2B0435B2F3211BB19836A3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2...$..........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s ...*N.{.....{.....s ...*v.{.....{....o!....{....s"...*..(....*"..s....*.0.....................s#...*&...s#...*..{$...*"..}$...*.0..F.........{%....Xh}%.....}&.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-1A1L7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):1274
          Entropy (8bit):5.048527526942425
          Encrypted:false
          SSDEEP:
          MD5:37BB9A71E72F008F12D96168C93A7F14
          SHA1:7A81BA738BB6AED323BE5AD1477DC1E2774027ED
          SHA-256:F37286EDBFEF7F343690A1C2AD68C975E4E6A4579E027B4DB68AF36BF1862CD1
          SHA-512:FEF2122D8BDAAE7F4DDA6C10620EBE2657139013EC4CCFE98D85EFAA7575FE514E44D3A82175407E1A7BBC95BC52BEDBBDEF30F0234F088B44657CA97D49E3B9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="K4os.Hash.xxHash" publicKeyToken="32cd54395057cec3" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.0.7.0" newVersion="1.0.7.0" />.. </dependentAssembly>.. <dependentAssemb

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-1R37E.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):97280
          Entropy (8bit):7.262966564836649
          Encrypted:false
          SSDEEP:
          MD5:5FEA5381909FCCA75ED4E79B058E512A
          SHA1:1D619F03449EAF4405008A97DDF05B313EEDD21F
          SHA-256:9C5A27AB185E32C4599816DB8DF1C7B01B08B5CB7A15933215C9A237322ABFBF
          SHA-512:8494B36651F1E36F8008DE7BF6AF3B378843D3E989206A5C3C17B7D1A5A33AA762153BCEF642F66B8C1CD682B2EAFB7102D129D77FCB4A47DE7F724ECECC7127
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.g..........." ..0..p.............. ........... ...............................P....`.....................................O.......................................p............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........O..|w..................,.......................................V!.)1......s.........*...0..$........u......,...o....*.u......,...o....*.0..&........u......,....o ...*.u......,....o!...*...0..&........u......,....o"...*.u......,....o#...*B.(Y...-.(....*.*..{!...*"..}!...*>.{....o.......*.0..9........(*.....($.....(......,..o%...-..,..o&...-..,..o%...*.*.*....0...........s'...}.....((....(....-..s....+.(....}......{....o....(....}.....(!....{...........s)...o.....{....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-26ALA.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):5.868850005697838
          Encrypted:false
          SSDEEP:
          MD5:97668D4B0A81F07576884BFD38022F5B
          SHA1:2E29AD8CC7E5606DC1300C850845364E02E53A20
          SHA-256:F2F0EBA48D74F2DFB85BF3D344DD16F773AEF6A1D8F16A25C3C2DB44334AC4E4
          SHA-512:E366A74A971A37FA5355E9D5CF76D2B233C685FB65E74EA4461B2CD3E749B23B0172A293C19B516D83252A9740CFD1356F039DFEB026A8B0B42D08A5B8B92A80
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:............." ..0.................. ... ....... .......................`............`.................................8...O.... .......................@......@...T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................l.......H.......d...\s............................................................(....*..(....*^.(.......%...%...}....*:.(......}....*:.(......}....*...0..U........,..-..-..-.*.-.r...pr...ps....z..2...2...X..i.....+..-.r-..p..'.....'...(....s....z*..(....*.(....*..(....*..(....*.0..+.........0..*...2.......(....+......(.......1..*.*..0..7.........(.......0..*..(.......(.........(..............(....*..0..V...........(...+......(...+.%.,...i-....+....%......%.,...i-....+....%.......X.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-35N6U.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):38400
          Entropy (8bit):5.705588275571222
          Encrypted:false
          SSDEEP:
          MD5:F8D1ABE9D445441648B2049D040E6F75
          SHA1:68F7A2E3580DFB2F8AC656C4B3D2FC96C86C193C
          SHA-256:E7B07773FCD2B98044F2571948E2D843D191F8751BEFDE5EE450AD627B5A9FA0
          SHA-512:C9FD5F9F1842CBB2FCBCCCBE51126566AA044524B67526AAA32FF3B9B6D4A28BD9FF6AEA635ECA00C717B26E13E8A43F74EBF9302C6657F7A2BDD8FFDC0EBCBA
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................................`.....................................O.......,..............................T............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B.......................H.......dL...\............................................................{"...*..{#...*V.($.....}".....}#...*...0..A........u........4.,/(%....{"....{"...o&...,.('....{#....{#...o(...*.*.*. ?Y.. )UU.Z(%....{"...o)...X )UU.Z('....{#...o*...X*...0..b........r...p......%..{"......%q.........-.&.+.......o+....%..{#......%q.........-.&.+.......o+....(,...*..{-...*..{....*V.($.....}-.....}....*.0..A........u........4.,/(%....{-....{-...o&...,.('....{.....{....o(...*.*.*. (... )UU.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3FRAH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):47104
          Entropy (8bit):5.873490942953871
          Encrypted:false
          SSDEEP:
          MD5:628EF3FBAC2BEE679CD774A7E445FF19
          SHA1:EF12BF503A3B44BB1F8AE075086E7BF16A6A4965
          SHA-256:F8173EE0961BDDC6A56A3E94836AA239886E92B75B5D155313DFB198F48EAB6F
          SHA-512:E721C4C9D70A1EA1E21509C387FC653E39AB3026A34F0C489F1E9596F2D3FB83D3D345AD31783F140DCF4EA16F7A77BE70CB8A597775AF135AE5B58B47390721
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.q..........." ..0.................. ........... ....................... ............`.................................K...O...................................|...8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........D..l.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*&~.......*....0..X.........( ...-...(!...(".......o#.....5&..X.../(..( ...-..+...($......(%......,..(&...+......*.........!.5.....r...p('...*.0...........r/..p((...,.(.......o).....r=..p((...-6.rI..p((...-).rQ..p((...-".rY..p((...-..ra..p((...-.+.rI..p*rQ..p*rY..p*ra..p*rm..p.r...p(*...s+...z.0..=........,..(,...,.rb..p..-..s+...z.(,...-...o-....?

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-3MMCF.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):20856
          Entropy (8bit):6.425485073687783
          Encrypted:false
          SSDEEP:
          MD5:ECDFE8EDE869D2CCC6BF99981EA96400
          SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
          SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
          SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-4J28S.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):1273
          Entropy (8bit):5.050187637326104
          Encrypted:false
          SSDEEP:
          MD5:BADDD01DB54BDAC132B3D04F4229CE12
          SHA1:BF77C9BBF15D24444911B180815DCA356C44C6A1
          SHA-256:F965524C3FB6EA074A2626F337B42EE032AF7A5F7A0FF118A3758A14EA528468
          SHA-512:4BE891C274E9C361C5C811D8CBBF45E5B41BAF81C7122D93D62CDBEA0EDF558A3634F3AAA1F50EE573E76F179B07C3B94E1979830E4376ECF842DA085548F20C
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="K4os.Hash.xxHash" publicKeyToken="32cd54395057cec3" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.0.7.0" newVersion="1.0.7.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neut

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-4JK3K.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):130362
          Entropy (8bit):4.60579511535411
          Encrypted:false
          SSDEEP:
          MD5:92ACD7769E2EDA756AFB18746CA7F875
          SHA1:801DE8CCB30816A499EEB307B2077614C54FEB2C
          SHA-256:CFD36E262B2F28FC37088965CDC82E58F2D18CBF469242451B1CE7811929AA62
          SHA-512:A96D6249A5B6C23381012E88AA6DB5390FD180FE03E8F3D45C1AC17292EB2CC7135244A6AF474BFC63253A258F622739FF4203A3E0E020D2090077A425B52F6B
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Hardcodet.NotifyIcon.Wpf</name>.. </assembly>.. <members>.. <member name="T:Hardcodet.Wpf.TaskbarNotification.BalloonIcon">.. <summary>.. Supported icons for the tray's balloon messages... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.None">.. <summary>.. The balloon message is displayed without an icon... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Info">.. <summary>.. An information is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Warning">.. <summary>.. A warning is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Error">.. <summ

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-6J3MR.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):21408
          Entropy (8bit):5.560926677970511
          Encrypted:false
          SSDEEP:
          MD5:7DEE66E231173A28F04C8E9D1607A444
          SHA1:82ED71216A2BD9CDB31C734873A9F23C925A9FB3
          SHA-256:2F3C52409A7267ED010EBEE38935FDA8F9FDD268F7DF98E28BB0B57D1AC20E0A
          SHA-512:297618E8A405C4B5046A38BAA28C4005C0839D8E69061A0137BF784086D79F1CC1B0F0CDD9316228132E070BC546AF38655DE82DAC20895567ABA7420018C4CD
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...p...#Pdb........\&..#~..H'......#Strings....T'......#US.X'.. ...#GUID...x'..(,..#Blob...p^.....N.......l.u.....W_..........8...c...Y...D...G.......;................................................................./.........e...D..........."...{.......................M...Y...........$...0...........~.......H...T...........;...G...........................1...=...........................?...L...........Y...f...........g...t...........n...{...........?...L...........?...L...........3...@...................t...............H...U...................U...b........... ...-...................o...|...........@...M...................r...............+...8...................Z...g...................X...e.........../...<...........$!..4!..u!...!...!...!...!..."..9"..F"..s"..."..."..."...#...#..M#..Z#...#...#...#...#...$..!$..U$..b$...$...$...$...$...%..*%..]%..j%...%...%...%...%../&..<&..q&..~&...&...&...&...&..;'..H'..}'...'...'...'...(...(..P(..](...(...(...(...(..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-6NOC7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):710224
          Entropy (8bit):4.632813781023419
          Encrypted:false
          SSDEEP:
          MD5:F414B3F68FE7C4F094B8FE8382F858C9
          SHA1:66EE1B3266FCEDDE433B392156AB4A24262B2F34
          SHA-256:2D46B37B086D6848AF5F021D2D7A40581CE78AADD8EE39D309AEE4771A0EECCF
          SHA-512:19B2FEB40C2E9D4D20D9A21F88F6ECEA773060C056B8CBBD21A6EEC41486DC5FC101E6C31129B0D53466D04709BCD4ED777058DDFB02532242B43E253A7B24BD
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-706PC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):13950
          Entropy (8bit):4.749162715500682
          Encrypted:false
          SSDEEP:
          MD5:ADD19745A43B2515280CE24671863114
          SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
          SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
          SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-70J6O.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):20529
          Entropy (8bit):4.731043104619016
          Encrypted:false
          SSDEEP:
          MD5:C782E92ABBFC0531226F735C6AC56498
          SHA1:2586FDBEB6D1E11D4CECD5B3E8387A18C7B4D350
          SHA-256:39C2D4A63A186D423E9C866F4D3E9A6ACBA0103398F20BAF8B92A38744894215
          SHA-512:A12B6807695C9C626DE9602ABC6DF72BCC5E869A29C7111E956034F321436E7C50EA36ED5EC5B6F93A639AE0F7AEA93953E91AE557BF423A749B036C7252A7B9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the of

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-72K3K.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1547744
          Entropy (8bit):4.368859341798249
          Encrypted:false
          SSDEEP:
          MD5:B8705DAA9C44CD6E60A9AEC7DEC88E4C
          SHA1:CF6B70C022B2507DCEC0CEF57B548AA600B6547A
          SHA-256:812FC258C4900D02C72F732B94E63ADEFF6E68A471284588E904327E65D439D7
          SHA-512:4AA9DD5C83C928316D939AFDDEEEDCC931EDE02485B36397AE72EB32ACC296D3A049424353CB632098E034AF7F5EFB40250F4B794401FDD3F24DD0E7A002B049
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>log4net</name>.. </assembly>.. <members>.. <member name="T:log4net.Appender.AdoNetAppender">.. <summary>.. Appender that logs to a database... </summary>.. <remarks>.. <para>.. <see cref="T:log4net.Appender.AdoNetAppender"/> appends logging events to a table within a.. database. The appender can be configured to specify the connection .. string by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionString"/> property. .. The connection type (provider) can be specified by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionType"/>.. property. For more information on database connection strings for.. your specific database see <a href="http://www.connectionstrings.com/">http://www.connectionstrings.com/</a>... </para>.. <para>.. Record

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-73F3V.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):55904
          Entropy (8bit):6.299047178318044
          Encrypted:false
          SSDEEP:
          MD5:580244BC805220253A87196913EB3E5E
          SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
          SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
          SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-7BMPT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):25232
          Entropy (8bit):6.672539084038871
          Encrypted:false
          SSDEEP:
          MD5:23EE4302E85013A1EB4324C414D561D5
          SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
          SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
          SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8C2P1.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):142240
          Entropy (8bit):6.142019016866883
          Encrypted:false
          SSDEEP:
          MD5:F09441A1EE47FB3E6571A3A448E05BAF
          SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
          SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
          SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8NFMN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):142
          Entropy (8bit):4.391770241438592
          Encrypted:false
          SSDEEP:
          MD5:B6E60687AE5DB6D011E21E6993620745
          SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
          SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
          SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8Q2OH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):68096
          Entropy (8bit):5.818996871954672
          Encrypted:false
          SSDEEP:
          MD5:1B066B3CB5D8CA243A8BBD13E11FA596
          SHA1:63F9D1C08E011D9ACA6BDC6839887D03D38944A8
          SHA-256:788F516054FA47046514FAB1BA81B712FB441814E9745FB46C09D29F6DE8A464
          SHA-512:A35A8881B928057C165BE32F637FFAFCE456C5A23EDED2D867847898C37A84FC0DB4F1892550EB11D86E89D55123520C0B34626321B756E2FEDE7974592A0B22
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ... ....... .......................`.......D....`.................................;...O.... .......................@......\...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................o.......H........m..$.............................................................o(...*..o)...*:.(*.....}....*..{....*"..(....*"..(....*.s.........*..(*...*..(*...*"..(....*"..(....*.s ........*.....(+.....%-.&r...ps,...z(-...o....(%.....('....((...*..{....*"..}....*..{....*"..}....*N....)...s/...(0...*v..($....(&...s.....O...o1...*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.&r...ps,...z......(2......o....*..%-.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-8SO29.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):143568
          Entropy (8bit):6.151125088275872
          Encrypted:false
          SSDEEP:
          MD5:F58E9CA60368433534C420B054B01CD3
          SHA1:598B9280153E53C6FFF56AF80D2C59D087809612
          SHA-256:51EEBDB28F042F6169E3C71CEC16D3FA95634C4284A20ED1D4E4D182DE5F4BEC
          SHA-512:14E180A029A81C777E2B4E938891DE578203EF01AC2F187280E87FC161A2B7DE9E36CFF5FBD810FF5CA5BBC5CC84BDBCE68F120014813C8E5ED17EE200E7F573
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p..........." ..0.............Z$... ...@....... ....................................`..................................$..O....@..p................ ...`.......#..T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................9$......H.............................."......................................V!.u......s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-AJNVB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):42496
          Entropy (8bit):5.782944900930189
          Encrypted:false
          SSDEEP:
          MD5:47D729B6841F1E0E510BBC7D74454B73
          SHA1:BB7A519A2BF2DBFA8AEF238241D6DD5C62AEED77
          SHA-256:B4C69BE213BA3DD40E6BC819B7BFC13AB03D06D5F3EFA0E4643B1B55E5A529F9
          SHA-512:F5ECD0CCA56306273685C12CCB5AF8F540161E2CFFE3F639A2FA1F9DE29CFEBB2F6D8F8BA4AD43E02A721DA30DD8E3CC911E46E4237578E026A5BA8C059429AF
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ...............................F....@.................................J...O.......$...........................h...T............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B................~.......H........H..Hq...........................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...' )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*...0..2..........(....~.......o"...-.~.....s#...%.o$.....o%...&*...0..A..........(....~.......o"...,)..o&..., .o'...-.~.....o(

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-B6RD4.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*55 bytes
          Category:dropped
          Size (bytes):28160
          Entropy (8bit):2.8092294183149353
          Encrypted:false
          SSDEEP:
          MD5:797FD2D689E8C77EF12032FC87D74042
          SHA1:54C0F8F273CACA4F54DC2DC639E8A2231F8E3B2F
          SHA-256:B068ED55BE3203D112A537D890DFD834BA7CFF5272CF5BF4AABD6329F92481D8
          SHA-512:2930EBB0C30488B8BFC2165E019605181ABC03094463A42FB7CA9095FDF39DE2F4D7B584015C6B3C90775407188250B085B5875620BA73EA5047C14CECE299DE
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........7...........4...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BDCIP.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):168960
          Entropy (8bit):5.620929228626378
          Encrypted:false
          SSDEEP:
          MD5:F972912B04C7FD13B755D957B366EB3F
          SHA1:036DD1B06F203B0C3FB5CACD9A27A0D6F7867A40
          SHA-256:0EFEC3F0771E6BEA1DEC573EF8C1AAFD24B0F8BD2D00DC6674E311306639050F
          SHA-512:8DDAFE4C60857F28AEBE43CA43638216F6BE138F156B01C17DB89CBF17B14E6ACDCD29921FB108EAEE5605A494F0EEA598D3CF79DBDCD4213DE59627E9C3EF95
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W..b.........." ..0.................. ........... ..............................?.....`....................................O.................................................................................... ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........=..Le..................$.........................................{....*"..}....*....0..#...........i...+...Y.....(.......X...0..f*..0..>..........o0......+*..Y...o1...% ...._...c..(.......(.......X...0..f*&...(....*.0..:........ ...._....c.....{....(....}.......{....(....}.....{....f*R~......a ...._...da*..(2...*n .........%.....(3........*:.(4.....}....*..{....*V..}.....(2.....}....*..{....*"..}....*..{....*..{....*..{....*....0..3..........|....(5...,..|....(6....+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-BGQN6.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):591752
          Entropy (8bit):6.069668321990478
          Encrypted:false
          SSDEEP:
          MD5:AF1646B1C2227AB206D855BD068535CF
          SHA1:3CD982AD2FB00A50151D7F416E4B05F79528496E
          SHA-256:A960DD4D2F0F37B3C09FFB9567C32426B8791310D7EB935C04C819C3D46BD49E
          SHA-512:04EB6B5EC3A1655AE2FC661F6F9053F7743A2C624C4E8B0E1E6660FCB135A847ADDA27919AE8F38987E370E0114BD5CE45E01F1C894019A864A22CAE3D24AF0A
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q~@..........." ..0.............r.... ........... .......................@............`.....................................O.......t................#... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B................R.......H.......l...x...............]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-C3PCB.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):62160
          Entropy (8bit):6.394651976589669
          Encrypted:false
          SSDEEP:
          MD5:B5BBEE69523810F8AA9D92E3D3ECB896
          SHA1:9A45F181AC22B5C633EED421B59F5FE9D12D6A7C
          SHA-256:BF99695470075C4E2C906BE4567F1D0AB3A6D85D31EC1D8F6B4139015C48A2B3
          SHA-512:9EEFF3BA247793163FD091FB26D8E620C99A8CB1B510F26EA7C31EB9EC27F2DE9E92F14CA470852C84FF1DCCF5FBCBAED8C93EA2F05C6515E2C078776C62BA7E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a."Q...........!..................... ........... ....................... ............`.................................@...K.......`................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B................p.......H.......PE...............D......P .......................................xk.r..E. z.aD.-$..}...=..+<%...Z....x.N.,..D...nA*....1T. 6./n.`j..."q..rE........44.(..a...\..>...~.......9.M.).#..c.0..W.......(....s.........(.........~.....(....,+(....~....~.....o....t>........~....(....&*(....*j~....%-.&~....~.....o....*.......*2~.....(....*Z~....(.....o.....?...*Z~....(.....o.....?...*.(....,.(....,.~....(.....o....&*(....*.(....,.(....,.~....(.....o....&*(....*Z(....-..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-C43O6.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):5293
          Entropy (8bit):5.081218757004898
          Encrypted:false
          SSDEEP:
          MD5:2722A3DE42A1D0EF4089459DA2CB3596
          SHA1:A3B2A985EFF4F694BFB4936FCF8EE8904E3B6917
          SHA-256:F9D49DAF8E030400897C673ABE22E7B4D4E38C7411B2AA2DD990DE27643C6F21
          SHA-512:B50F4AC22281092A505D49DEEA50D50A6BA476F2C78DB5D632E4AFD8FAB7246BAC812A166ADF5F6FA287C94E325CDF49FFCBD6D8B19BFEDF97A716A4F0CFD816
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />.. </configSections>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <log4net>.. <appender name="Console" type="log4net.Appender.ConsoleAppender">.. <threshold value="INFO" />.. <layout type="log4net.Layout.PatternLayout">.. Pattern to output the caller's file name and line number -->.. <conversionPattern value="%date %5level [%2thread] (%class:%3line) - %message%newline%exception" />.. </layout>.. </appender>.. <appender name="RollingFile" type="log4net.Appender.RollingFileAppender">.. <file value

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-CPEM2.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):117248
          Entropy (8bit):5.85283161712302
          Encrypted:false
          SSDEEP:
          MD5:6C5E9D5EEB09BE9AA48C4E828EC7BACF
          SHA1:0A0E2E37C044BA276F4DAED48E6318EA8FF9A1C6
          SHA-256:338A3AFCD78DCF09A0A0CFBEB26D88EDC8EA1B34EBC5D1B33BFEA35F3920BEE6
          SHA-512:5296DC437634A1112C660461D8E2D460712297AE15FE188F0DF0479BB16C4DFBD7F1FE2606CF6AFED241484EE9001C626183F03FBEAB344191E77C6199D551A8
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3Y..........."...0.............v.... ...@....@.. ....................... ............`.................................#...O....@..............................T-..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................W.......H........!..h............................................................0..........(.....o.....(....(...+.r...p...o.....Yo....(.....(....o......r...p(....-..r'..p(....-!.rA..p(....-'*.r]..p(.....(....&*.r...p(.....(....&*.r...p(.....(....&*....0..U.......s.......(....r...p(....(.....r...ps....}...........s....(...+(...+%.......s ...o!...*....0.._........-..-..*.*.-..*.......%..\.o"...(...+($...........%..\.o"...(...+($......(%...,..*..(&...,..*.*..('...*..('...*6.{.....o(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E19CP.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):148480
          Entropy (8bit):5.9723556565995475
          Encrypted:false
          SSDEEP:
          MD5:D618CBBBAB32121BB8F78ED1DE80189A
          SHA1:F52EFD7E2FBB87C57BE0F6A981A527A6A6E9B338
          SHA-256:033FFDF50A855FD3B42E8950A4707EDB2ED0820E37D2C9EE9456AF41D22AEB7E
          SHA-512:607074853BDD4E953906896686B873C0214EDEE889730EA47EA643173BA2CD9C44EE10006943952D2C60ED2F43414776B7AE38050CA62E0628723FBBD9306E31
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r............" ..0..:...........W... ...`....... ..............................^+....`..................................V..O....`...............................U..T............................................ ............... ..H............text...09... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................V......H...........lM..................TU.......................................*Z.({...t....o ...t....*..({...t.....t!...%-.&r...ps@...zo!...*Z.({...t....o$...t....*..({...t.....t!...%-.&rM..ps@...zo%...*Z.({...t....o"...t....*..({...t.....t!...%-.&r...ps@...zo#...*..(....*.0..y........({...t...........sA...}.....({...t....{.....({...t....oB....:...(C...(D...r...poE....|....:...(C...(D...r...poE....}...*..(....*n.-.rM..ps@...z.s....o7...&*r.-.rM..ps@...z.s....o7...&.*r.t....%-.&rM.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-E88FH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):423936
          Entropy (8bit):5.6556106971215305
          Encrypted:false
          SSDEEP:
          MD5:214D37CBDD7D7264DA289EB234EBFBFC
          SHA1:DE20B1BB9012F46404E690B08F50A199A3786E93
          SHA-256:F9B3DB99AC2F13236976C2CFA0512F45582151D23C257B33CFF7F52E5C6900A3
          SHA-512:456FF7F0B97BB0052586FCEF9778E901E6D4A60A128A36028D83BA5C3CC932055E7B27034F8FF0E8938168A9F99603FAB8781BE527CA80776C9A5AD9904B6160
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e..........." ..0.................. ........... ....................................`.....................................O.......,............................................................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc...............v..............@..B.......................H.......To..............H=..P...........................................z../.s....z.,...f}....*..}....*"..}....*..s....*..s....*F../.s....z.s....*J../.s....z.fs....*b.{...../..{....f*.{....**.{.......*....0...........{......(....,....XX..*..0.. ........u....,.........{.....{......*.*>.{.....{......*..{....*..(....*.0...........(....,..(....*.(.......(....*...0..........r...p.(.......(....(....*..{....*..{....*>..}......}....*....0..>........u....,4.........(........(....(....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EC0H9.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):51564
          Entropy (8bit):5.412082020948322
          Encrypted:false
          SSDEEP:
          MD5:AEBBA016111759F5A3A0CF7BDFDC704A
          SHA1:86F08D8FBB86A6B6F9D1B32498D155E7F2186C88
          SHA-256:E48615039CE42E73BD402271F38FE0DED7C075F36AED10AA0A3E452ED2AD4B36
          SHA-512:F0A100E370EA0024BFCECF51D92A2CF8B5DA01BE3A6FE23D49356146C9F5E70A7836E28E41F092868FA8FAEA45904FC14005349E43B0C585825A21406135280C
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb.........W..#~...X......#Strings....`^......#US.d^..p...#GUID....^...j..#Blob.......!.`C...~.!c3qz.....W.+................/...r...)...........4...........................4...............................e...L...G...............................U...r...S...k...........................r...............q.......E...S...7...E...........................\...j...(...8...:...J........ ... ... ..P!..`!..U"..e"...#...#...%...%..4&..D&...'...'...(...(...*..'*...,...,..O-.._-.......... /..0/...0...0..h2..z2...4...4...5...5..!7..37...8...8...8...8..99..K9...9...9..m:...:...;...;..R<..d<...<...<..E=..U=...=...=..&?..6?...?...?..c@..w@...@...@..sA...A...B...B...B...B...C..-C...C...C..;D..OD...D...D..#E..7E...E...E...E...F..hF..|F...F...F...G...G..IJ..aJ...J...J...K...K...T...T...V...V.._[..s[...a...a...a...a..*b..Bb...b...b...b...b..4c..Hc...c...c...c...c...d...d..hd..zd...d...d...e...e..Ne..`e...e...e...f...f...i..(i..Ti..hi...i...i...i...i...j..,j..cj..uj..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EEEVC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):48344
          Entropy (8bit):6.53421522959476
          Encrypted:false
          SSDEEP:
          MD5:06296D204C279118CB8863F07E3DE4E1
          SHA1:175553C011BA3B50322833477F095142F1C3D699
          SHA-256:CEB0E446953833CAA54BC01E84B787281CF6712BA7DB65D4C9A664413E95CEFB
          SHA-512:BFA4479554B841A17969D124FD69701DC1313E8F24EAD667C45002AE8D60C3F615D8D484D1334C87E5C93F1FB30B8217A0CBD528125EDFFEF050B898BDC1598A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."Q...........!.....t............... ........... ..............................~H....`.................................l...O.......`............~...>..........4................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...`............v..............@..@.reloc...............|..............@..B........................H........p..L!...........0..&@..P ........................................9q.}..;q._^.X.A...&Y..n._=....*...%...'.Dc...S)..C....W.....k.Q......l.U.v.%...l...."ITo.Z".w..|-:.L%5g..cy':....=.6..Z.bF.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*F.~....(.....#...*J.~......#...(....*..{....*"..}....*..{....*"..}....*"..}....*..{....*..{....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-EOAK8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):115856
          Entropy (8bit):5.631610124521223
          Encrypted:false
          SSDEEP:
          MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
          SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
          SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
          SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-FATQH.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):26744
          Entropy (8bit):5.577899180430984
          Encrypted:false
          SSDEEP:
          MD5:A4DA40C592D3C0A0E293224885A3444F
          SHA1:AE1549F5316A9155FD7EA87D93711531D4D8C96E
          SHA-256:987CB722C4B342D7021BF4AA997C886CD0A4D377684E93C1F3A8F29915630413
          SHA-512:481973FB1CA599220541C18412B6042DE274FFC214D5E245D16DF37F707CD3EA1E89CD39C98BE903143DDF2D4D0DC706AAEDB6362D527DFCDA76B0D2EA33F85E
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...x...#Pdb........./..#~...0......#Strings.....1......#US..1..p...#GUID....2..\6..#Blob....3.D.D9L...2].N.P......W...........a...t.......x...*...O...c...4...g...>.......G...Q.../...f...........&...........D...........................H...x.......X...S...........}.......................................=...M..........................................."...4...........................................F...X...+...=...:...L...7...I...................j...|...........g...y...........9...I...................................m.......+...?...........,...<............................ ... ..g!..{!..."..."..."..."..S#..g#..$$..8$...$...$..V%..j%...%...&..s&...&..V'..j'...(...(...(...(..Z)..n)..F*..Z*.................../.../..Q/..a/.../.../.../...0..70..K0...0...0...0...0...1..11..j1..|1...1...1...2...2...5..(5..d5..t5...5...5...5...5..*6..:6....................................................................................................4...E.......................,.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-FE1MG.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):12994008
          Entropy (8bit):7.567022772822108
          Encrypted:false
          SSDEEP:
          MD5:FCCC265765BBBD194C353DC5A5C791CF
          SHA1:92651C4BE83DCD1A1A9C33704F1695C06F2E2EF4
          SHA-256:5CA519F2449E518162353A4DEF2C0E69CF040D33A3DFF2EDCDE43AD9E704C8B2
          SHA-512:6812E675AC6892D3E777859DD609FF5455ED19E9A5D6A33E1E2C5464C8332828ED88A7544024833ACF1FC23C48B30B2D8C5DB7D4F6E362B83E3CFCF925BCB11D
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S.d.........."...0..L.........."j... ........@.. ..............................@.....`..................................i..O.......8............4............................................................... ............... ..H............text....J... ...L.................. ..`.rsrc...8............N..............@..@.reloc...............2..............@..B.................j......H........%..........=....=...,............................................{A...*:.(B.....}A...*..0..)........u..........,.(C....{A....{A...oD...*.*.*v H... )UU.Z(C....{A...oE...X*..0..:........r...p......%..{A......%q.........-.&.+.......oF....(G...*..{H...*:.(B.....}H...*....0..)........u..........,.(C....{H....{H...oD...*.*.*v .'L. )UU.Z(C....{H...oE...X*..0..:........r-..p......%..{H......%q.........-.&.+.......oF....(G...*..{I...*..{J...*V.(B.....}I.....}J...*.0..A.......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GBNDQ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):4608
          Entropy (8bit):3.488842171019742
          Encrypted:false
          SSDEEP:
          MD5:23E59CC67C075C315F717770D46B00A6
          SHA1:260D18B0BDBB8ADABB1A6D8565ACA14CCC462CB2
          SHA-256:1E2636B145C0C69E30DB1492950EE23D02458DFE6DAC69EA51D865BA15FA0FDE
          SHA-512:36128BAE654D5C58053FEF3EB8DCD54B7671DACB5CEA6F26C5340E0BC38579667064F169FE7FA744FDB40DEBAAA4CA040D749C1DA803A139594DF9E7D1D42284
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Y.........." ..0.............N'... ...@....... ....................................`..................................&..O....@..8....................`.......%............................................... ............... ..H............text...T.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................0'......H.......P ..t...........................................................BSJB............v4.0.30319......l...|...#~......P...#Strings....8.......#US.<.......#GUID...L...(...#Blob......................3..................................................y.....@.....>.....h.................`.....,.....E...........T.....2...............................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........#.....,.....K...#.T...+.x...3.x...;.~...C.T...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GNUBA.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*43 bytes
          Category:dropped
          Size (bytes):22016
          Entropy (8bit):2.2430166078867972
          Encrypted:false
          SSDEEP:
          MD5:94250C0661CC533E66BA7F4FC570BD41
          SHA1:C3BE8FCE289C738B0CCA91FE534A3E06949D9DD1
          SHA-256:7DD3FE4AFB0EBD7D55B2B08DD34FD5ADEAE614A57998C3BF3AC7191A6A285E34
          SHA-512:D44701F09A6D018CC8137F2610C9EBE271C1EA79CCBEC79CF94086C0D3D58D6C8A36C97F8779028AA1B18E5059481949569C9773ECBAD01DFD4ECF5223CCADD8
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........+...........(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-GRMNL.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):46534
          Entropy (8bit):4.5237968644695234
          Encrypted:false
          SSDEEP:
          MD5:E07B94CCFA4A5C0239E9F807E5B60E49
          SHA1:6731B604C1A6D6D87FD472A20431B05932542A7B
          SHA-256:B0B6FB923037C278386660F558167CB37E8BD4B478493FA695D587A7ABDE1501
          SHA-512:8D6C4AA8A67E357EA326F828705F46C67C7E56B25F67BE03F9181AD8FDC1B510A11EC4F2DDFCA791FF795D87BDD0747EED2517A9946E203EFE6B074E292621C3
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Flurl</name>.. </assembly>.. <members>.. <member name="T:Flurl.GeneratedExtensions">.. <summary>.. Fluent URL-building extension methods on String and Uri... </summary>.. </member>.. <member name="M:Flurl.GeneratedExtensions.AppendPathSegment(System.String,System.Object,System.Boolean)">.. <summary>.. Creates a new Url object from the string and appends a segment to the URL path, ensuring there is one and only one '/' character as a separator... </summary>.. <param name="url">This URL.</param>.. <param name="segment">The segment to append</param>.. <param name="fullyEncode">If true, URL-encodes reserved characters such as '/', '+', and '%'. Otherwise, only encodes strictly illegal characters (including '%' but only when not followed by 2 hex characters).</param>.. <returns>A new Flurl.Url obj

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HJESO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):112824
          Entropy (8bit):6.291685904827249
          Encrypted:false
          SSDEEP:
          MD5:84B2D19FB23993251130999CD42563B8
          SHA1:A169BE412A7CF67FE190A6D484BB54DF6ECDAB75
          SHA-256:11B1ADD1DB058D3760F52512E0CA911AF726D7C049F25178446B6BD33D4EECD2
          SHA-512:57A6AB3D3597CF3EDF02D8A933ED82311BC5ABF91361E2019D809093007470BD82F32DF0EE10C39112BDB81FE447000F081B0022518C01CA71D81CCA29F581EB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ..............................G?....`.................................a...O........................*..............T............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................{9...*..{:...*V.(;.....}9.....}:...*...0..A........u#.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*.*. ..1 )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*...0..b........r...p......%..{9......%q&....&...-.&.+...&...oB....%..{:......%q'....'...-.&.+...'...oB....(C...*..{D...*..{E...*V.(;.....}D.....}E...*.0..A........u(.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...*.*.*. ...[ )UU.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HNQ9P.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):333824
          Entropy (8bit):6.105576145657233
          Encrypted:false
          SSDEEP:
          MD5:A844AC745A4005FBD3F51D79FF88583C
          SHA1:92671774FD4BE9781A77D2788A8DDDBF8981EAD5
          SHA-256:74FE1A6A1E36BE7D893E31BBB4D4BD83BF4B927E715276CD5607982139818EBD
          SHA-512:5F0734058D9146FFEB552ABF443DF5097CF134A4737BED499467830E08D97F5D1996C1F1647C5C12289CA4D4209EFFD480010AFEBC59D50290D4CA7D45BB41F8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ..............................I.....`.................................0-..O....@.......................`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-HUR10.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):92160
          Entropy (8bit):5.905187757671245
          Encrypted:false
          SSDEEP:
          MD5:99B3D7EFABD8F3AFE78405D3E9FF2D00
          SHA1:FF7742716BF3759ECAB5547520362E1694786696
          SHA-256:152558A74C510F529FFA5C9397FDFB37858961371BD23E89219236A14F4EA16A
          SHA-512:01392BE8B1C28AC135B15C700913879E1250A78092ADF32443CE77F4B95F942A4451E46123241F43BDC06C14488A7C2F636891FECF1C8FA3AB0BCCAA7F53A03F
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e..........." ..0..\..........nX... ........... ....................................`..................................X..O...................................0W..T............................................ ............... ..H............text...tZ... ...\.................. ..`.rsrc................^..............@..@.reloc...............f..............@..B................MX......H.......\................................................................si...}.....sm...}.....(......%-.&s....}......%-.&s....}....*>..}......}....*:..o.....(....*....0..G.......s......s.......s.......o.......,..o......,..o......o........,..o......*..(...................(..........5;.......0..Q.......s......s.......s.......o.......,..o......,..o.......j.o....&.o........,..o......*....(...................(..........?E........(....*J......-..*..(...+*N.-..*..(`....(....*..0..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-IIGON.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):879
          Entropy (8bit):5.055956812689988
          Encrypted:false
          SSDEEP:
          MD5:5BF2E0B334C3611D044EEA08DD3E542A
          SHA1:E2AA77E4370EADE9A3DD9BF17137EFA2BDCA63B6
          SHA-256:662BB1F3943A716FDEDFB114EA10E07464F53B6CAA693FBC43D43959FB2F8258
          SHA-512:D1EFCB35CF9EB25F5F35DCD69B954E3BBF7C86731C43934BE26C0C9503FFA18694C42F250E1EB8BD2279D4043A2420F99B27EF5C1BE16D411E7C5228383EECF6
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.4" newVersion="6.0.0.4" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-IQ7KL.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):315392
          Entropy (8bit):6.043039851362046
          Encrypted:false
          SSDEEP:
          MD5:6AD93A18D6D5770EBDF24D1F8FBA5716
          SHA1:1DE70A4B7F7D022BA8E1D7BC5D3FDCB13288FA2A
          SHA-256:DA7D5FF1127949C363DD16B66E500AD050136A0B559B243F49FE466A5255AE4B
          SHA-512:0AE6558C26EEA98D6FAF9AA3B52C4177AB009D82DDBCE3ADD05A24FCBDD206230726C3CDC30403DEC20BF0EA5C47EFA1DEF2A3AB5D2548F33187065EE191A082
          Malicious:false
          Reputation:low
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......,..h..h..h..a.D.l.....j..v.D.j.....o.....i.....q..3..i..3..i..3..c..h.. .....y....(.i..h.@.i.....i..Richh..........................PE..d......].........." .....@..........^:....................................... .......o....`.................................................p........`..p....P.......................}..T............................}...............`..............`d..H............text...8,.......................... ..`.nep.... ....@.......2.............. ..`.rdata..2....`.......D..............@..@.data...x....0......................@....pdata.......P....... ..............@..@.rsrc...p....`.......$..............@..@.reloc..............................@..B........................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-IRT0I.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
          Category:dropped
          Size (bytes):18215
          Entropy (8bit):4.720079384519439
          Encrypted:false
          SSDEEP:
          MD5:0737B770BA5D854D4887A8F4D9C8DE04
          SHA1:40A8A356D807D71C102C91D68AD1A0AD6E3FDDA6
          SHA-256:CA53D9B1BBEA04C30DB4186B015B7C57DCE7C5ECDF1CFAC9E4AFE9FFCF6910F0
          SHA-512:39A48874D547F714922F4864D3A34C842AC0898B09040796A9046182C093E3CA70F1D20F5D616721129E8D7F6A1F1FDEB3C8277C6BB2EB53B6DC8EA5966003C7
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Bcl.AsyncInterfaces</name>.. </assembly>.. <members>.. <member name="T:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1">.. <summary>Provides the core logic for implementing a manual-reset <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource"/> or <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource`1"/>.</summary>.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="F:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1._continuation">.. <summary>.. The callback to invoke when the operation completes if <see cref="M:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.OnCompleted(System.Action{System.Object},System.Object,System.Int16,System.Threading.Tasks.Sources.ValueTaskSourceOnCompletedFlags)"/> was called before the operation completed,.. or <see cref="F:System.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JG27T.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):18024
          Entropy (8bit):6.343772893394079
          Encrypted:false
          SSDEEP:
          MD5:C610E828B54001574D86DD2ED730E392
          SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
          SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
          SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JNGC2.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
          Category:dropped
          Size (bytes):3481
          Entropy (8bit):4.808701688265429
          Encrypted:false
          SSDEEP:
          MD5:1C55860DD93297A6EA2FAD2974834C3A
          SHA1:7F4069341C6B62ECFC999A6C2D8A2D5FB59D44F6
          SHA-256:2EC7FB12E11F9831E40524427F6D88A3C9FFDD56CCFA81D373467B75B479A578
          SHA-512:37FA5D4553CA3165F10E2FFEF38FEFC0DBA4A2DBFA05AB9F09AB87B5F71F30E6D965D2F833F58B50B3BC2529EBE8FB5CC431C264F7B47AD026F5C5A874A6ADA1
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. <returns>A new instance of the <see cref="System.Buffers.ArrayPool`1"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-JPG98.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):43152
          Entropy (8bit):6.137234963318556
          Encrypted:false
          SSDEEP:
          MD5:7D3D14B0417A68CCDD9C51972FF74863
          SHA1:CEACBD53B6A02E1F7337A6B0058924E1E11949BB
          SHA-256:04113C8549185519F3202790CEB23DF609644872B9C249A56D2BCF59566102C4
          SHA-512:B2D133214F21D700E1AF0C248DCC11EF66EA6DA62043FF6D5E900FE2A1665D75583E4CD218526A146F2C62E22ADF4CA2FA3B8879AE0F5A2E515E2C3A5184CE9C
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... .............................../....@..................................w..O....................j...>..........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r=..p.(....*2r}..p.(....*2r...p.(....*2r...p.(....*2r%..p.(....*2r]..p.(....*2r...p.(....*2r/..p.(....*2r...p.(...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-KK39Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*623 bytes
          Category:dropped
          Size (bytes):318976
          Entropy (8bit):3.974084043331936
          Encrypted:false
          SSDEEP:
          MD5:3D2433DD5AAF713D67528A0F2EE16E40
          SHA1:47FBB33E23C5559681D5AC6A6BD5F04AF4D481B9
          SHA-256:08B3F8EA006D0C183923F97E1A693871B96EE321E34EA0004AA01BABE154CC86
          SHA-512:E9F2F0132859FC2A84DFE380A6F5CBF368DE173F9269D0D350891F1CF5CB0F8C1068B38809039C9C057AB3B07380142A099986A221BC6F5C7005D78F61E80BA8
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS...........o...`.......n...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-KVJ5Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):67744
          Entropy (8bit):5.779980811986005
          Encrypted:false
          SSDEEP:
          MD5:84BBBD6CEDAFDB016CF09096F873CA08
          SHA1:E13D83497FBDFBE2A72BEA3F74437D5D282CB819
          SHA-256:A681F37A656D321B78FBE3DBAFE296334C3C57A6966D4DADAD6E06AF7AA1B200
          SHA-512:6288DF55D4BE8FBF9329D29D437CB0B862EF28E1173D63FD080B622EB2F2FDE8BA3AE0303D8DDAEFDF0897F30225FBCDEA0BEE68435D47BD73D71E8206BA30FE
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb.........c..#~...d..4...#Strings....Hi......#US.Li......#GUID....i.....#Blob.......CF.H.l.B..u.Y0......W?..........................p...Y.......J...S.......^...........V...Y...............n.......................&.......................................H.......................i...r...'...0...c...l.......................(...p...y...................7...@...q...z...................7...@...s...|...................T..._.......................9...v.......................<...E...t...}.......................7...o...x.................../...8...q...z...................P...Y...................'...0...u.......................C...N....................... ...o...z...................G...R...........................:...C...........................-...6...e...n...................1...:...o...x...................5...@...x...................#...h...u...................I...V.......................#...^...m....................... ...Z...g...................9...F...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L0DNC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):402336
          Entropy (8bit):6.138265912892721
          Encrypted:false
          SSDEEP:
          MD5:147328DEF2E79A86D7335A661EECC051
          SHA1:98FF30131D77CF28807D50B97CC92CC8655E235C
          SHA-256:7442D48A24C1747CB17D80E95C4D7343DE16E14A252484ACE3BE3FAE55B1D641
          SHA-512:D26F6627F09CAB90AE545DF68F2DF006F0BEB988CFADB16F6AF56A454E854A9B9C10D2CE787052B80536F9D05B7286D57E42F361F54944E20DF99B3C1C49AEFB
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.................. ........... .......................@......Ez....`.....................................O.......p................I... ......|................................................ ............... ..H............text...D.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H........7...#...........[..P...........................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....r)..p.(........(;.....~<...(=...,z.....sj...}.......}.......}............{............%......(>....%...C....%...!....%...%.........%....%.........s....(....*vra..p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(V.....}.....*.................0..T........{..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-L21A5.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):139888
          Entropy (8bit):7.142634633787823
          Encrypted:false
          SSDEEP:
          MD5:18DB3E02D95A16FD502C7C091C0361D9
          SHA1:AB2D700306E0A0A3D094A0BC856FF1FFAD916C49
          SHA-256:34843CFEA24B713B1B5FD9A93C61D7C6D3FA320DBB84DF60D9D48C5560C79452
          SHA-512:6DE8751ABED256BCC381F69248F33AAE551A17966EFBC0ABB5C1DC98865B46E3924202C1347E0EC6949F1719E1D282817838815E99E68E7B1381A6B204C95416
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]."Q...........!..................... ........... .......................@............`.....................................K.......................p>... ......X................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......X....K...........M..._..P ......................................Du..l..O..(|.n.....z.fj.W4.mc....f...>e..~.V....<../..}....1$q.7@r..3w..JQ....._C(S....C. .Z.Pt..d,......f-..]..".SO.7.4...x.0..:........(.....s......r...p(M...o.....(.....~....(.....~....(....*F.~....(.........*J.~..........(....*F.~....(.....+...*J.~......+...(....*.0..,.......s.......(....o......(....o......(....o.....*F.~....(.....+...*J.~......+...(....*....0..3........t.......(...............#..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LBCH1.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):203680
          Entropy (8bit):6.086621622251276
          Encrypted:false
          SSDEEP:
          MD5:59498A0F662DBC18D751A6AF9D0E7173
          SHA1:0F03D743971EE6FA939E386635DB7813A4D235B6
          SHA-256:9D55C1C6A194C61D0E7810F7E6260734C2E133796D3E4FB6532EEE58BD5045FC
          SHA-512:6C2DEB8EBD823644FF865879CDFD34E020598E7823CF120ADE33DAEF2314A886ECDAF52838B1954C01D5C614704E796635C7C5BBBC6FF3AFD384398DAF8C1BFC
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.................. ........... .......................@............`.....................................O........................I... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........|...........\W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-LL480.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):5.578971164961494
          Encrypted:false
          SSDEEP:
          MD5:5C1C94140A2F815F64117DBB63A4477A
          SHA1:9A79E9C6325E20E5C10E654908D6FD923A25229B
          SHA-256:55B2FE686BC8F739CE845D1689FD08CBCA20381C8E0D2417185D1A0018D8A938
          SHA-512:502E77236418AFAC1D9A15D9840B3B6872440F8A1601706E7A4B0E98A62D0DE70C3ACD192D53D5C29994D1E088FAB07C7E299AB7F6B3232A858CC8782D283084
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v=..........." ..0...... ......~.... ... ....... .......................`......?.....`.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-M4B39.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):457799
          Entropy (8bit):4.895083548380783
          Encrypted:false
          SSDEEP:
          MD5:48DCE2A80E6612C98E895CCCFFDFDD06
          SHA1:6FC93E474AA32491BCB53A1A9DC1BC1C40B23F3A
          SHA-256:8499B6FFB77447FCB124DBFD0964E92267E14B3796A27FFC62A1B0FF04340575
          SHA-512:17FC851264162A29D3D36F6622A66DCD7CF435CDEE862DF86CDC0976357A126944775C538A5B8A25E9A385CE36C07EA73FE2BE5275EECF3C0F57044C063C2194
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Json</name>.. </assembly>.. <members>.. <member name="T:System.Text.Json.JsonCommentHandling">.. <summary>Defines how the <see cref="T:System.Text.Json.Utf8JsonReader" /> struct handles comments.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Allow">.. <summary>Allows comments within the JSON input and treats them as valid tokens. While reading, the caller can access the comment values.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Disallow">.. <summary>Doesn't allow comments within the JSON input. Comments are treated as invalid JSON if found, and a <see cref="T:System.Text.Json.JsonException" /> is thrown. This is the default value.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Skip">.. <summary>Allows comments within the JSON input and ignores them. The <see cref="T

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-MS7FA.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):71808
          Entropy (8bit):6.302233040356993
          Encrypted:false
          SSDEEP:
          MD5:391166F9D5D40EE90F0744982177F4AB
          SHA1:F7DFF35B30DE2E02BCB3A7EFE45334E1B5D7C8FE
          SHA-256:FA36ED1236CDA36DFA34BE757A791EC94011D43D19E73D0BD9D0F9F802473A22
          SHA-512:700FBE5FD992F678C83CCA1170F68593149C04E314402F7505B8A640FA89CD24633426ECB3548057E7AF14F0342301E66B5785F01F7FDD64ED2AF13614CD98EE
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`."Q...........!..................... ........... .......................@......2.....`.....................................W........................>... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........t...w...........]..0...P .......................................v.{....On..O.w..-t..x<P....e.@0v.bY>.7. %c.\.h.J....MW......P.w.J...(...3^.....>M.............(WIH....1..../O}.}...gOm...{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*6..(.........*.*.*.*.0...........-.r...ps....z..2...o....o....2.r...ps....z..2...o....2.r)..ps....z.o....,..o....o....-.s....z.o.....o......o....,..o....o....-..*.o....-.s.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-N3A4L.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):190464
          Entropy (8bit):6.398032485167328
          Encrypted:false
          SSDEEP:
          MD5:DF108329D58C4FCAE97721748B849074
          SHA1:41D62BA879A81542EFFCAB481B8710FC09D812BC
          SHA-256:59DED2ADAF3E0BABE214EBE3228D76C45BEC2B514884107A1C2D292310FF840D
          SHA-512:1A79A2BA18988A8A1D75570A287B5D97C98B0EBAA233C19A7CACD3DCA25703E11B67DA8BF2F7B0C9BE009D58F08C935A21FC6EBCD1E0AC9AA7F4254476DDC3F8
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^)... ...@....@.. .......................@............`..................................)..O....@.. .................... ......,(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ....@......................@..@.reloc....... ......................@..B................?)......H........ ...............................................................0..E.......r...p(.....(....,.*(....(...+.r...p...o.....Yo....(.....(.....(....&*..(....*...BSJB............v4.0.30319......l...L...#~......8...#Strings............#US.........#GUID.......h...#Blob...........G..........3............................................................ ...........q.f...........;.....;.....;...t.;...@.;...Y.;.....;.....y...c.y...........*.....(...........*...L.T.....(.....*.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-N9N7S.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):381912
          Entropy (8bit):6.439766294357493
          Encrypted:false
          SSDEEP:
          MD5:17EFC2840E75C1152627931E792CD463
          SHA1:4FC08F54A83BDFB9C7FA5737D88774C6ECDE77A7
          SHA-256:CA65DC92723FC101E92D63F7DCCCFB94EB9245B3FA4965B85A878B2DCF69D54B
          SHA-512:D80B24C0BC29331EAD66548F0FE78DF2B201F683F2CCBEC0FC239DCE6EA2A265756372C153529388E7C5609AAF36994AC06CF809C9E739660D22C42EE463FAD3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f............."...0.............*.... ... ....@.. ....................... ............`.....................................O.... ..................................8............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................H.......$!..............</...............................................0..W.......r...p.(.....s....s....~....r...pr+..p..o...+-.(....r=..po....*r...p.(....(......(....&*..(....*..(....*.~....-.r...p.....(....o....s ........~....*.~....*.......*.~....*..(!...*Vs....("...t.........*.BSJB............v4.0.30319......l.......#~..........#Strings....p...L...#US.........#GUID.......L...#Blob...........W..........3........&...................".......................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NC3S3.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):14848
          Entropy (8bit):5.2295619785616685
          Encrypted:false
          SSDEEP:
          MD5:5A3B2E7A75AAF4D0792DF6560F93F09D
          SHA1:A4597CADAAD94DAF4DD5FED254FC6FD38734383F
          SHA-256:C822B671873E3F1F54D81ED21B8C1E89786FB7D32F6670F02F2C26DE948B417D
          SHA-512:CC2A31C89B0AAC6AFE906011E07831EBDA51563BF2A7FAEE74996D6CA91AD73C20D6068C49DADA5B2AEC4B8BDA56077BA09436531FE9209B89C626F087448803
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C0W`...........!.....0..........~O... ...`....... ....................................`.................................,O..O....`..(............................M............................................... ............... ..H............text..../... ...0.................. ..`.rsrc...(....`.......2..............@..@.reloc...............8..............@..B................`O......H........-... ..........(-...............................................0..P.......s.........#.......@(.......(..........r...p..(....(....o....(....(......(......*.0..........~.....+..*.......*...0..........~.....+..*.......*...0.............{..........YE........%...%....................... ...+#8r...8....8r...8m...8h...8c...8^...+..(....(........-..(....(....&...{....s....}.....s....}....s.....+.+...{....o .....(!....o"...o#.....{.....($...r...pr#..po%...o&...o'...&.((.....

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NNOMN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):69632
          Entropy (8bit):5.615393344135058
          Encrypted:false
          SSDEEP:
          MD5:23F50D3AB1CDDF179A2CC7048E419238
          SHA1:A4068C2A31982DF220D61ED8AEC78B3D76164528
          SHA-256:EC39C32EBEFD078B43DC17D0A7E760CBEB6770FB50262A72056FEE5B7A352A36
          SHA-512:62AF3171C41261A679E61A251AB04D7AABC03355982F5CF62B92FAB115A54C684688C4E46A3BF80B6EFEF14C4B828388082167390D9E7A7C95F11E6A04A96E16
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.^..........." ..0..............$... ...@....... ..............................b.....`..................................$..O....@.......................`.......#..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H.......T6..............$....%..$#......................................r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......( .....("......($...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-NR3S1.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):271872
          Entropy (8bit):6.16006367264181
          Encrypted:false
          SSDEEP:
          MD5:42407AE5583D0BE457E274645326A614
          SHA1:BA2AE656F054D2572B7F19B16C07CE0AC589FD75
          SHA-256:A629E8715883FD36AA6687F2D80D436B8BD84448BB3A0A5F1EF3DF0050D89E17
          SHA-512:36E70B5C220A87F3D1772406F88B73773B8B2AC2B847D4A43D3495E3C6926F62F4B4D0A632024707D51617997BBF9EFC4D01DB3467C945E93749910C48174E41
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../.../.../...WI../...B.../...}I../...B.../...B.../...B.../..G.../..G.../..G.../.../../..RA.../..RA%../.../M../..RA.../..Rich./..................PE..L......]...........!.................:.......@...............................P......')....@..................................o..........p....................@.......Y..T...........................hZ..@............@..@...........0B..H............text...H,.......................... ..`.rdata..N8...@...:...2..............@..@.data................l..............@....rsrc...p............t..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT3OQ.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):701992
          Entropy (8bit):5.940787194132384
          Encrypted:false
          SSDEEP:
          MD5:081D9558BBB7ADCE142DA153B2D5577A
          SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
          SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
          SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-OT9J8.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):144496
          Entropy (8bit):6.219127874938619
          Encrypted:false
          SSDEEP:
          MD5:5BD39A82AACF1AA423E6EEEEDA696EEA
          SHA1:B7971F9807520DAC9523BFD1185A7DCC9E5CC77C
          SHA-256:1D69EAF538008E0FE1A7EB2CE0124A49B95C491797749640C8351ED4643F5C97
          SHA-512:CBD255E7323A7E82D8B9443E8CE67BEF88F88BF46E525333E4017024A31952656F61F93334B3957D85FB0E422E561197C0ADB1366653DA007C9667651B1F37B1
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[."Q...........!..................... ... ....... .......................`......a.....`.....................................W.... ..................p>...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......$...h...............c...P ...............................................\.E..-.....A.}.8.p. 0AF@4.....T.P\...S.aEf.....$..m..G.h......Q.,.2....N..jE...QD.V..<i<(*".\q.7_..;.ge. Q[..P..{....*"..}....*F.o....r...p(....*..0..C........(......~....-....7...s.........~....(...+(...+(.....(1.....o....&*F.~....(....t....*6.~.....(....*F.~....(....t....*6.~.....(....*F.~....(.....j...*J.~......j...(....*F.~....(.........*J.~..........(....*F.~....(.........*J.~......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-P5JBO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2779
          Entropy (8bit):5.035343118954712
          Encrypted:false
          SSDEEP:
          MD5:0CAABB90C029B967509973FD9C0CE58D
          SHA1:1659922B947C102770AAB5DEEA9FE755AE8D5646
          SHA-256:2534A32BF73400E651A240B67E9906DF9C113180B4E3DC4FD5AE020BEFB09319
          SHA-512:30BE3D8FC7A94EF36DE69195BB40F59B694531D19D421A5CF2BEB1764EE5D8638843BBE8EC4E27616E41CB8228BEB0A8C5DED19BA637501133F39069F13509E9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.... <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.... <log4net>.. <appender name="Console" type="log4net.Appender.ConsoleAppender">.. <threshold value="INFO" />.. <layout type="log4net.Layout.PatternLayout">.. Pattern to output the caller's file name and line number -->.. <conversionPattern value="%date %5level [%thread] (%class:%line) - %message%newline" />.. </layout>.. </appender>.. .. <appender name="RollingFile" type="log4net.Appender.RollingFileAppender">.. <file value="${WB_LOCALAPPDATA}/apptray.log" />.. <rollingStyle value="Size" />.. <appendToFile value="true" />.. <maximumFileSize value="100KB" />.. <maxSizeRollBackups value="2" />.. <threshold value="I

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-P7EMK.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):514176
          Entropy (8bit):5.979438933069324
          Encrypted:false
          SSDEEP:
          MD5:B838DE4983C0C091CB8FD239C1136957
          SHA1:14646C217887CF57E6F5262C56C2B9E07F90CA80
          SHA-256:5C485D25A8C044D814E4CF18A8124DFD665D49CBB18A2D1D0865D6DE893E7693
          SHA-512:9145F49E349DD1F09F8A24844511ED55099259A951038B1313D762CD5297032A6BB5B9C21866CAEB14CB4031C0E0C77CFBCA8A4DAD8B5EF0712EFA3B286283F2
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.................................=...O........................(..........d...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................q.......H...........0?...........V...f...........................................(H...*..(H...*..(H...*^.(H..........%...}....*:.(H.....}....*:.(H.....}....*:.(H.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(I.....R...(I.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(J.... ...._.S...(J.....d.S*..0..&.........+....(K...G...Z.(......X....(L...2.*...0..............n.....(L.....1...(L....Z.......(...+.+...(L....Z........sN..............

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-PS0QN.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):16464
          Entropy (8bit):5.1752761490048576
          Encrypted:false
          SSDEEP:
          MD5:81B1ED5A70F7CD884555BD43EA2CEDBB
          SHA1:5B5038CC52A18DB1581AC9DC75A6A8612A310B0E
          SHA-256:AFA73A32B976FFE3926C21B06CF8CC25B72ECE16AEC7E546DCADC6596FD4932C
          SHA-512:F55E04663FFA9E65DD030743A98644F8145D4CA2B982CDC8C16315C8482E7E2FE5A83249EF835DBEF9931DB99F94F54FCBEA1B756AB5AEF961C7739C95CDBFDA
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|...|...#Pdb............#~..........#Strings....`.......#US.d...P...#GUID........ ..#Blob.....{...A...E..q.^.......W...................s...........................................Q...................................................................*...}...".......=...D...............................7...o...x.......................(...U...^...........................F...O...........................I...R...........................{.....................................................%...7...I...V...r...z.......................#...*...1...8...?...F...W...u...................................................................$...,...9...A...N...V...c...k...x...................}...................R...............Y...z.......d...............6...W...................,...M..._...q...................................................S...........{.......................................................$...0.......]...d...k...r...y.......................................d.

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-Q6GAC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:Microsoft Roslyn C# debugging symbols version 1.0
          Category:dropped
          Size (bytes):43124
          Entropy (8bit):5.922249446045487
          Encrypted:false
          SSDEEP:
          MD5:7397A616FD0C39B2B17341D964EFBFDE
          SHA1:04B4E5B642FDBFE69882B3A2759B0DFF5A69F4A5
          SHA-256:40C8D2C24923EF6C7DE1B1A08D293093F86318D587D5CD036D6313DE99A8218E
          SHA-512:80679DB06D80893F0EF00C430C5B3DC34546FD0A4FD34EE19890B7E0FD3588F4FF6EAFCAEDBBE11FB05B11CDA28512882A6C22DD47329481DB148F82B3829814
          Malicious:false
          Reputation:low
          Preview:BSJB............PDB v1.0........|.......#Pdb........46..#~..<7......#Strings.....:......#US..:......#GUID...`;...m..#Blob......F..qE.IN...b.........W.+............y.......=.......p.......;...............b...........0...S...|...)...................%.......y...*...........................P...=...................&...U...^...=...H...................&.../...y...................&...}...............8...C...................(...3...........................`...k..................."...+...w.......................C...L...........................Z...c...................'...2...g...r...................,...7...h...q...................)...2...o...z...................L...[...........................a...n...........*...9....................... ...I...T...................5...@...{.......................P...[..................."...+...g...p...................@...M.......................%...Z...g...................>...K...................>...K...............................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-QRK67.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):76904
          Entropy (8bit):6.044596523315333
          Encrypted:false
          SSDEEP:
          MD5:BA1AF3BBFF4D457B6D3F730234C3C701
          SHA1:1B75BC14DAA093502C7C5814852928E28AB6659A
          SHA-256:78EB5B4FEE580E163D1BEA1FDB7D371FDFCFD30ACD8708FF62C4372AAA219F7C
          SHA-512:51895C9B0EDE088B034C581AB4574A36F80E41F2B04186B3C066B6D72DA85680E00EA5E07DC9C89DB7D997C1AD3D9686ACCDC827859EAAB2918376C4C9E469B2
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............v.... ... ....... .......................`............`.................................#...O.... ..................h$...@......8...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................W.......H........l..T...........0.................................................('...*..('...*..('...*^.('......7...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......8...%...}....*:.('.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0....................(+.....1...(+....Z.9.....(...+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-RDB1Q.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):4991352
          Entropy (8bit):6.097816081905885
          Encrypted:false
          SSDEEP:
          MD5:FFDCF232D0BB2FFF78721FB347641A76
          SHA1:54C76A2FA61E6DF1AE4C9DF65435A38482C2CB71
          SHA-256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
          SHA-512:89DF103556CFBD955283BEE551576134F9A7B0D121E12CF6DF4E9F4028075B2C4FF9D22886CFD21B10D0A0D6E640DB784B74D42EBAC4A45CCB9CE9C725A1FDF1
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L.....<hL...`...................................K.O.... L.$.............L.x#...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-RJKP0.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):183484
          Entropy (8bit):4.7848212109760935
          Encrypted:false
          SSDEEP:
          MD5:95DD29CA17B63843AD787D3BC9C8C933
          SHA1:1A937009A92B034EDB168CFAC0EC1C353BE8F58E
          SHA-256:AE2C3DE9AD57D7091D9F44DCDEE3F88ECCF2BA7CB43ADC9BB24769154A532DC7
          SHA-512:8E9397816D3435CCF79F1BF07B482473A7DD3B570BCE003639F2E9FA1C5FE31C4B9400B68F191A36251A59C0253EF9E09039FDD63BA2205D379B3C582E603499
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second element in th

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-SH33E.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):228352
          Entropy (8bit):7.077870553774561
          Encrypted:false
          SSDEEP:
          MD5:908668FFDE26AB371A2EF711206AA05D
          SHA1:95B60C69C199EDD937960D22B793F5E6143C00AC
          SHA-256:8E136EC981ED7D7ABF0C8153DB901FCD9E7A311A61E209D88A9CA2B51FC17838
          SHA-512:36C1EF092EE2DDD9640C6C74AB2D76BB61F62415892B9BCDDF93772B604C4B45C9EF88834AECAC76EF2F0FA38317F74B889CD26436AB0C6A998B803CDF7A023E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E............." ..0..t............... ........... ....................................`.....................................O......................................T............................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............z..............@..B.......................H........p.............d$..pl............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....}.....#....Q..?}.....(....*..(....}.....#....Q..?}.....(......(....*..0............r...(....o....ur...o....u.....s<...%.(....o0...%.(....o4...%.(....o8...%~....s....%.(....o....(....&%~....s....%.o....(....&%~....r...ps ...%.o....(....&%~!...r...ps ...%.o....(....&s"...%.o#...%.o$...%.o%...%.o&...*...0...........~....%-.&~.........

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TF5L7.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MSVC program database ver 7.00, 512*47 bytes
          Category:dropped
          Size (bytes):24064
          Entropy (8bit):2.3058729815309262
          Encrypted:false
          SSDEEP:
          MD5:9CF5F0B3583EC81499F857726E2A4A3A
          SHA1:A75B3C089FD86E720A62C7A5A1B447379A8AEF90
          SHA-256:829BA38A6FB053FC726EAB2F49C55A0DDE356742BF085FD311295F36F8872D37
          SHA-512:31299DFCF77D6F9B0593633036CE366C7B933933F8A18C5A8686582CA72BE3C4577F4E01BF681DD44118F308188CCE6D09A18A85B8905A8AC202C210E6C6E645
          Malicious:false
          Reputation:low
          Preview:Microsoft C/C++ MSF 7.00...DS.........../...........-...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TGJKC.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):655320
          Entropy (8bit):6.640120847069098
          Encrypted:false
          SSDEEP:
          MD5:9A8A5A978E752C2DB34E320AE8AA84E9
          SHA1:A5E69BB3CC8E716D3E60FF5B93BCDE3D41D61E1F
          SHA-256:AAE138C04045D2763A341638723DEBB668C3350B2D26D25C53E02E963A28AE56
          SHA-512:82C9C6A88C35742B48196A64477E0C5949B0393AA75E81C798FC236734F31D0308DF831F98821452F2AF283836249DF8332789ECACC45BDE40DBE37057477E73
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..6..........vT... ...`....@.. .......................@......`.....`.................................$T..O....`...................... .......T............................................... ............... ..H............text...|4... ...6.................. ..`.rsrc.......`.......8..............@..@.reloc....... ......................@..B................XT......H.......H-...)...........V..8............................................0...........(....(.....(............s....(....~....r...po......~....s....}.....{.....o....-.~....r...po.....(.....?s......s....}......{....o......(.......~....ra..p.o.....(......*......2.\.......r~....r...p.o....o.....(....*N..( ....{....o....*z.{....o.....{....o!.....("...*.0..$........{....,.*..}....r...p.s#......($...*Js....%o....o%...&*......(&...('........r...p((...r...p()........*6.(*....(....*2.(+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-TNUB9.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):203680
          Entropy (8bit):6.084130705592534
          Encrypted:false
          SSDEEP:
          MD5:C4F999C91E9F5040B16A137EA7D89E82
          SHA1:A29ABF6DB6301AA0827A24F361E84C8CEC548C45
          SHA-256:1813EF77CB5657DC01019445E126790D9BFBB5E310B0571F02D5D754DB7BFA31
          SHA-512:FB21C48A10AA2CDCDC04CA98A72498335EB66239141CF96334182EE4624671FA9467348820A721E2E47E47FED5408565E5E490AC7CC8AD23895F01D75A693F70
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.............r.... ........... .......................@............`................................. ...O........................I... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H........................W..p...h........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-UPTTO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
          Category:dropped
          Size (bytes):62941
          Entropy (8bit):5.113786858273216
          Encrypted:false
          SSDEEP:
          MD5:ACC8AF8D28DC65488D1C49DEFD8EA153
          SHA1:1EECE92A2F2E40DE4AFB43F7A5CAEC9A3B384B87
          SHA-256:0772B7895A1FEA1D3BBEE2ED2F5200EF4F9EB38B22C3D00B5405325BE9D8A7CD
          SHA-512:452669AFF783AC248394838083695BD6CE45CB1B41FC512C7F3C7039D49D9E40C24F51A2255BAE3AC6F2E01388A54EC1F17092566CE808C70F3FC599ADA9734A
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Encodings.Web</name>.. </assembly>.. <members>.. <member name="T:System.Text.Encodings.Web.HtmlEncoder">.. <summary>Represents an HTML character encoding.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> class.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.Create(System.Text.Encodings.Web.TextEncoderSettings)">.. <summary>Creates a new instance of the HtmlEncoder class with the specified settings.</summary>.. <param name="settings">Settings that control how the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> instance encodes, primarily which characters to encode.</param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="settings" /> is <see langword="null" />.<

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\is-VBBJS.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):25984
          Entropy (8bit):6.291520154015514
          Encrypted:false
          SSDEEP:
          MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
          SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
          SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
          SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.368637490829895
          Encrypted:false
          SSDEEP:
          MD5:1C331DA4BCE2809E16913C02E385576E
          SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
          SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
          SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\it\is-A42OT.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.368637490829895
          Encrypted:false
          SSDEEP:
          MD5:1C331DA4BCE2809E16913C02E385576E
          SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
          SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
          SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):5.578971164961494
          Encrypted:false
          SSDEEP:
          MD5:5C1C94140A2F815F64117DBB63A4477A
          SHA1:9A79E9C6325E20E5C10E654908D6FD923A25229B
          SHA-256:55B2FE686BC8F739CE845D1689FD08CBCA20381C8E0D2417185D1A0018D8A938
          SHA-512:502E77236418AFAC1D9A15D9840B3B6872440F8A1601706E7A4B0E98A62D0DE70C3ACD192D53D5C29994D1E088FAB07C7E299AB7F6B3232A858CC8782D283084
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v=..........." ..0...... ......~.... ... ....... .......................`......?.....`.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\log4net.xml (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1547744
          Entropy (8bit):4.368859341798249
          Encrypted:false
          SSDEEP:
          MD5:B8705DAA9C44CD6E60A9AEC7DEC88E4C
          SHA1:CF6B70C022B2507DCEC0CEF57B548AA600B6547A
          SHA-256:812FC258C4900D02C72F732B94E63ADEFF6E68A471284588E904327E65D439D7
          SHA-512:4AA9DD5C83C928316D939AFDDEEEDCC931EDE02485B36397AE72EB32ACC296D3A049424353CB632098E034AF7F5EFB40250F4B794401FDD3F24DD0E7A002B049
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>log4net</name>.. </assembly>.. <members>.. <member name="T:log4net.Appender.AdoNetAppender">.. <summary>.. Appender that logs to a database... </summary>.. <remarks>.. <para>.. <see cref="T:log4net.Appender.AdoNetAppender"/> appends logging events to a table within a.. database. The appender can be configured to specify the connection .. string by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionString"/> property. .. The connection type (provider) can be specified by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionType"/>.. property. For more information on database connection strings for.. your specific database see <a href="http://www.connectionstrings.com/">http://www.connectionstrings.com/</a>... </para>.. <para>.. Record

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunchtray.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):655320
          Entropy (8bit):6.640120847069098
          Encrypted:false
          SSDEEP:
          MD5:9A8A5A978E752C2DB34E320AE8AA84E9
          SHA1:A5E69BB3CC8E716D3E60FF5B93BCDE3D41D61E1F
          SHA-256:AAE138C04045D2763A341638723DEBB668C3350B2D26D25C53E02E963A28AE56
          SHA-512:82C9C6A88C35742B48196A64477E0C5949B0393AA75E81C798FC236734F31D0308DF831F98821452F2AF283836249DF8332789ECACC45BDE40DBE37057477E73
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..6..........vT... ...`....@.. .......................@......`.....`.................................$T..O....`...................... .......T............................................... ............... ..H............text...|4... ...6.................. ..`.rsrc.......`.......8..............@..@.reloc....... ......................@..B................XT......H.......H-...)...........V..8............................................0...........(....(.....(............s....(....~....r...po......~....s....}.....{.....o....-.~....r...po.....(.....?s......s....}......{....o......(.......~....ra..p.o.....(......*......2.\.......r~....r...p.o....o.....(....*N..( ....{....o....*z.{....o.....{....o!.....("...*.0..$........{....,.*..}....r...p.s#......($...*Js....%o....o%...&*......(&...('........r...p((...r...p()........*6.(*....(....*2.(+

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\onelaunchtray.exe.config (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2779
          Entropy (8bit):5.035343118954712
          Encrypted:false
          SSDEEP:
          MD5:0CAABB90C029B967509973FD9C0CE58D
          SHA1:1659922B947C102770AAB5DEEA9FE755AE8D5646
          SHA-256:2534A32BF73400E651A240B67E9906DF9C113180B4E3DC4FD5AE020BEFB09319
          SHA-512:30BE3D8FC7A94EF36DE69195BB40F59B694531D19D421A5CF2BEB1764EE5D8638843BBE8EC4E27616E41CB8228BEB0A8C5DED19BA637501133F39069F13509E9
          Malicious:false
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.... <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.... <log4net>.. <appender name="Console" type="log4net.Appender.ConsoleAppender">.. <threshold value="INFO" />.. <layout type="log4net.Layout.PatternLayout">.. Pattern to output the caller's file name and line number -->.. <conversionPattern value="%date %5level [%thread] (%class:%line) - %message%newline" />.. </layout>.. </appender>.. .. <appender name="RollingFile" type="log4net.Appender.RollingFileAppender">.. <file value="${WB_LOCALAPPDATA}/apptray.log" />.. <rollingStyle value="Size" />.. <appendToFile value="true" />.. <maximumFileSize value="100KB" />.. <maxSizeRollBackups value="2" />.. <threshold value="I

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.594776627495051
          Encrypted:false
          SSDEEP:
          MD5:B60817A69E314B22F746917C826DA53E
          SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
          SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
          SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\pl\is-NH537.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.594776627495051
          Encrypted:false
          SSDEEP:
          MD5:B60817A69E314B22F746917C826DA53E
          SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
          SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
          SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\Microsoft.Win32.TaskScheduler.resources.dll (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10752
          Entropy (8bit):4.846136752240531
          Encrypted:false
          SSDEEP:
          MD5:DADE13E423762BDAE745D57CA3DC86EF
          SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
          SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
          SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\5.19.1\ru\is-0QQ7S.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):10752
          Entropy (8bit):4.846136752240531
          Encrypted:false
          SSDEEP:
          MD5:DADE13E423762BDAE745D57CA3DC86EF
          SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
          SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
          SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

          C:\Users\user\AppData\Local\OneLaunch\is-0MHIO.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3131864
          Entropy (8bit):6.425234196002306
          Encrypted:false
          SSDEEP:
          MD5:838F33E6BCC913B22B7FFBFCC2390804
          SHA1:7FD0E408ACF62577D02F8496D91D1697B8DB3E1C
          SHA-256:E15DA314BA6D036F6CDFA927BD0889DB4EDE6E425BBA3B61FFEE25C3568CB404
          SHA-512:1E0A79E805008749D35E37C2B6C32D6CB7146BC1CCEF7F3B45965140D8632C0CDCAE0537A8FB3A17A68254056D2CB739F6EE99794F0C622868E0B22974854BBC
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@...........................0.......0...@......@....................-......`-.49....-.d............./.......................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...d.....-.......-.............@..@......................-.............@..@........................................................

          C:\Users\user\AppData\Local\OneLaunch\profile.ico

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows icon resource - 8 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
          Category:dropped
          Size (bytes):31214
          Entropy (8bit):7.943434993300031
          Encrypted:false
          SSDEEP:
          MD5:D3C9B4D1D3878103FF515BF5233395C0
          SHA1:2F4C871057B9EF3F364074579AFA6C5EF5C006C1
          SHA-256:85CF400CE5DE14535F8BEF5097230AA5F10BEAEC06061848441EC294916A1022
          SHA-512:0041B024D0B15D0840777E4A187DF8F35F3667E60159F41FE76863F47B19CD2E8F38EBD4E9627A17E93F8BBE7407B47C3DDA49EFF7824A86345FAF781DF67F09
          Malicious:false
          Reputation:low
          Preview:............ .S............. ......... .... .........00.... .n...O...@@.... .".......``.... ............... .z....,........ ..6..GC...PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..=h.a...F......X...V.% .A.h.....(."."...":.8H..t.......U......$..rw.bbR....K.1......}.3|.*.r.@.R.~T*.i.P@.......K%.87G.b.....\.M.y......#..E.U...;I]9OF....r.....oy..|...S.H^.@:.a....qOsd..,.......2.G.._o 3.._.Yh....A.Y...-|....Y.3...So.3..g3.s'...3.t6G..........'v....OHIb.9.H.3T.....V!.....#..F..2.B>.$!K.x2M.....z....!.H1.........t.......l..&...M.}k...#.O6..D..u........el.a.V..n...?5g...D|~aQ..5g.....:..6.#n.#v... .,E.u oq.l[..}9..+Z.....0....> t.........W6.O..;+(.......IEND.B`..PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d...BIDATHK..[H.Q....r.(..Sev7#.L2...]../.Q..EDAjYY E.....PQ.C.Q!.....j..ewf.....f....._g..3.Y~...9s..wf..F......c..e....i.E.,..p.,k."..L.X.,.....F.....(|0S#..DB}.(..~....B..4........

          C:\Users\user\AppData\Local\OneLaunch\unins000.dat

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:InnoSetup Log 64-bit OneLaunch {4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}, version 0x418, 251936 bytes, 061544\37\user\376\, C:\Users\user\AppData\Local\OneLaunch\376\
          Category:modified
          Size (bytes):251936
          Entropy (8bit):3.8529892755647133
          Encrypted:false
          SSDEEP:
          MD5:040B9623325A5365908DF324C3908433
          SHA1:6E228427E7392A5FCE3CC1E031E1AA20BC4DCA13
          SHA-256:EDADD74F8DD09F91FDA386AFCB9E654CA1482262ABC5F908E95B320EFB2E8AFB
          SHA-512:70081E941E41D00562BAF9E938840AAB94C22DE236AF250ED48DC18EB1EA84080C480E33B0F5668C0D0CF8C16370A0FEB4060D6C06F45FF474CC533BE74C872F
          Malicious:false
          Reputation:low
          Preview:Inno Setup Uninstall Log (b) 64-bit.............................{4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}..........................................................................................OneLaunch...........................................................................................................................9... ...%...............................................................................................................$.............d................0.6.1.5.4.4......e.y.u.p......C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h................-...... .....d........IFPS....k.......U................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM............................#.................%...........

          C:\Users\user\AppData\Local\OneLaunch\unins000.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3131864
          Entropy (8bit):6.425234196002306
          Encrypted:false
          SSDEEP:
          MD5:838F33E6BCC913B22B7FFBFCC2390804
          SHA1:7FD0E408ACF62577D02F8496D91D1697B8DB3E1C
          SHA-256:E15DA314BA6D036F6CDFA927BD0889DB4EDE6E425BBA3B61FFEE25C3568CB404
          SHA-512:1E0A79E805008749D35E37C2B6C32D6CB7146BC1CCEF7F3B45965140D8632C0CDCAE0537A8FB3A17A68254056D2CB739F6EE99794F0C622868E0B22974854BBC
          Malicious:false
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@...........................0.......0...@......@....................-......`-.49....-.d............./.......................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...d.....-.......-.............@..@......................-.............@..@........................................................

          C:\Users\user\AppData\Local\OneLaunch\unins000.msg

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
          Category:dropped
          Size (bytes):24183
          Entropy (8bit):3.277171144979657
          Encrypted:false
          SSDEEP:
          MD5:43A7A022BC111E622A1B7C6E1B95A22B
          SHA1:665FC0BAA44EC51B5B15C02AD2D7DD77DF547F11
          SHA-256:2DCB08832905DF75716293ED68FDAD8217219C9B50DA5F166034EFE75CFB8204
          SHA-512:D5B4DD6750869321029E3C76188FCAA5BF27606C8B9D478D143071E49C8E6CFD59BEE2C8CD08E5A8C79B44CE686C0E8E0FA42B3973DDC9377586881E5B810724
          Malicious:false
          Reputation:low
          Preview:Inno Setup Messages (6.0.0) (u).....................................*^.....s..C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

          C:\Users\user\AppData\Local\Temp\OneLaunch Setup.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):99170056
          Entropy (8bit):7.99940771746919
          Encrypted:true
          SSDEEP:
          MD5:A7FD7BA743A0FF68CF3406CC969C4EC1
          SHA1:AF4C67D1151F82EC6C2BBB461421F47CD8479B6D
          SHA-256:9CC3E7DF4AC2F1E5D0ACF8ED3A67DB75D9573FC24F694CE3075CA18DFAB9E312
          SHA-512:81DD0121D9474AF6A5320E93DD8AFC1F8B1E416E49684CE19A93B9F01F4588160B196C39B8DA3EC5D30E4740354E8C6DA6094D04E9BB4DC4AF2BD4D7AE068347
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...n.._.................P...P.......^.......p....@.......................................@......@...................@....... ..6....p..............0%.......................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

          C:\Users\user\AppData\Local\Temp\OneLaunch Setup_o2u43.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-7MKBH.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):99170056
          Entropy (8bit):7.99940771746919
          Encrypted:true
          SSDEEP:
          MD5:A7FD7BA743A0FF68CF3406CC969C4EC1
          SHA1:AF4C67D1151F82EC6C2BBB461421F47CD8479B6D
          SHA-256:9CC3E7DF4AC2F1E5D0ACF8ED3A67DB75D9573FC24F694CE3075CA18DFAB9E312
          SHA-512:81DD0121D9474AF6A5320E93DD8AFC1F8B1E416E49684CE19A93B9F01F4588160B196C39B8DA3EC5D30E4740354E8C6DA6094D04E9BB4DC4AF2BD4D7AE068347
          Malicious:false
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...n.._.................P...P.......^.......p....@.......................................@......@...................@....... ..6....p..............0%.......................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

          C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp

          Download File
          Process:C:\Users\user\Desktop\OneLaunch - PDF_o2u43.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3127296
          Entropy (8bit):6.421966857564619
          Encrypted:false
          SSDEEP:
          MD5:3F1B17D86DEF206837175C166777D695
          SHA1:FA172EA459C22C9E3637A08719F9D1EA8C1C5A0F
          SHA-256:CCF304D8957FB6E7C4F92B2F452D4E91A7ECED9D22BFBF1C5B225952B13C34D4
          SHA-512:3E8E7C713A6E0E8FCC29122E64EB2F9DCC9F1AFA290554D4ED4F67B24081876DC78F07B736C856767271CAE35E6C2961F231CFEA3EDF6BF74F145859121A29AE
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@...........................0...........@......@....................-......`-.49....-.d.....................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...d.....-.......-.............@..@......................-.............@..@........................................................

          C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\checkmark-10-light.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 32 x 32 x 32, resolution 3780 x 3780 px/m, cbSize 4150, bits offset 54
          Category:dropped
          Size (bytes):4150
          Entropy (8bit):2.8650206999627694
          Encrypted:false
          SSDEEP:
          MD5:B44D6DC836E9611AE20DA70754AF360F
          SHA1:9566706032BE3E6118E7BD0D63101C5858C2110E
          SHA-256:CE12D9D70B17337E6197FF86832F7A42247792CD989EEA27A2BE6F6CE2EBCBCD
          SHA-512:CF1A09F8774528995B79C98ABDA56279236F3EAB588A3C22192D85527A2E5BDE22EAC2BCE9B2DC5DD6BD66631C7F8DC9F8B3BF99D940F01CF7BD230A1150D481
          Malicious:false
          Reputation:low
          Preview:BM6.......6...(... ... ..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z.....x...x...x...x...x...x......Z..................................................................................Z..x...x...x...x...x...x...x...x...x...x...x...x...Z........................................................................x...x...x...x...x...x...x...x...x...x...x...x...x...x..................................................................x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x......................................................x...x...x...x...x...x...x

          C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\checkmark-10-light.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:PNG image data, 32 x 32, 4-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):363
          Entropy (8bit):6.445618577053504
          Encrypted:false
          SSDEEP:
          MD5:A4D4DC66A41D9C3B54A2ED3EE8D4B3DF
          SHA1:E91A5E7A6690C14C6F799E2433BEB2F6388C4DF6
          SHA-256:46E9C171E2115CD43E5D05F6A5F6015B27BDA065FBAB939916FEE2FD5C06D5A4
          SHA-512:99D5425AA653B93D0B6065020F88C095C39D982FB20A0ED0078418E8E862A104B4F0392791C79D2DF86410A0BA5BA60E644852943A9FC602F7EAF82FECAAEFD4
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR... ... ......Tg.....gAMA......a.....sRGB........'PLTEGpL.x..x.....x..x..x..y..x..w..w..x..x...k.....tRNS.!...@`P....$H....IDAT(.c` .0... .%t.9...............@..(8........B`1X..!p..g<.....,0.$ ...`..O.......T`2..8....*0...G..5@ZP....4.;.. ....jQdt.+.k..yK....l(.ZE....`.....p..t..1X!..!!..(.....:....X..@....#..Q...O. 6.............IEND.B`.

          C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\features.json

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):917
          Entropy (8bit):4.600802423129361
          Encrypted:false
          SSDEEP:
          MD5:F9EFF3539962E941E2C8389E7FF3B03F
          SHA1:C4FC63586750C6132D2BB99B7B493B84E3BEEB6D
          SHA-256:3C3E85B89969AA3313848BC7944D8E8648FFD95DFF755ADF9C28BBF10613A3BE
          SHA-512:8B97D5A7A8C1F3653D2B665ABF0075858F76031C3A4DF20B2F957F31E2DAAA9DD6AFD94A6E23275947D26357681C07860F021527C1ED2995EA1C8987C637AF31
          Malicious:false
          Reputation:low
          Preview:{.. "onelaunch":["Browser","Apps","Free"],.. "maps":["Maps","Directions","Free"],.. "email":["Email Access","Fast","Free"],.. "games":["Games","Fun","Free"],.. "office":["Office Apps","Tools","Free"],.. "pdf":["Edit PDFs","Easy","Free"],.. "packagetracker":["Package Tracking","Easy","Free"],.. "templates":["Templates","Fast","Free"],.. "recipe":["Recipe Search","Quick","Free"],.. "tv":["TV","Movies","Free"],.. "speedtest":["Speed Test","Reliable","Free"],.. "forms":["Forms","Quick Access","Free"],.. "manuals":["Product Manuals","Fast","Free"],.. "weather":["Forecasts","Daily Weather","Free"],.. "social":["Social Platforms","Quick","Free"],.. "ecards":["Digital Cards","Templates","Free"],.. "news":["News","Daily","Free"],.. "calendars":["Calendars","Printables","Free"],.. "earthview":["Earth","Satellite","3D"],.. "print":["Print","Easy","Free"],.. "howto":["How To","Easy","Free"]..}..

          C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\profile_descriptions.json

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):3193
          Entropy (8bit):4.447533580441715
          Encrypted:false
          SSDEEP:
          MD5:D23E9F5A6BFF3160B1BA511CCC6135FA
          SHA1:FB8954917F695AF80B607C8FCA8C16563B0571FA
          SHA-256:C4D2D5B80624095A2F2ACB0DB4CB05DDCDFC9E3022567C82D5227EC515EA1E4A
          SHA-512:1C46992F3F23306E911DCEE65D1C6EC073765DE3AAC3DE3A5F9D9EBD55CFF908E1036467BA04AB82803442D07C44A23B1615AECEB8F8C120AE1226BDE3B0550F
          Malicious:false
          Reputation:low
          Preview:{.. "email":"Login to your inbox faster and easily check your emails by installing OneLaunch, an omni-present search application located conveniently at the top of your desktop.",.. "manuals": "Find all the manuals you need for free! Install OneLaunch to access free manuals from an omni-present search application located conveniently at the top of your desktop!",.. "pdf":"View, create, manage and convert PDF files for free! Install OneLaunch to access all the PDF features you need from an omni-present search application located conveniently at the top of your desktop.",.. "docklesspdf":"View, create, manage and convert PDF files for free! Install OneLaunch to access all the PDF features you need.",.. "maps":"Get driving directions and maps for free! Install OneLaunch to access maps and driving directions from an omni-present search application located conveniently at the top of your desktop.",.. "packagetracker":"Track your package easily and for free! Install OneLaun

          C:\Users\user\AppData\Local\Temp\is-H73FM.tmp\profile_headlines.json

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):800
          Entropy (8bit):4.567250207920884
          Encrypted:false
          SSDEEP:
          MD5:752C01EBE7DFB51CA60FB6161C55B582
          SHA1:11303EDFB61B10ED5A22D513ED748E7FA154073D
          SHA-256:18E328F40E5A54EBBB28DD121CF429F2B51603D1A90F26FD52DE1ABD68E0D6CA
          SHA-512:67B21CD8F0B2E04DAC8F44A351F42127DCBE036EA07468066C54CCE927AE29F0D739B4ED2BD09678CCA70A36156DF92CE7671200A96386E0EBEFEA9FF128A80D
          Malicious:false
          Reputation:low
          Preview:{.. "email":"Quick Email Access - Easy and Free",.. "manuals": "Free Manuals - Easy and Free",.. "pdf":"Free PDF Software - Easy and Free",.. "maps":"Free Maps && Driving Directions",.. "packagetracker":"Free Package Tracking - Easy and Free",.. "calendars":"Free Calendars - Easy and Free",.. "templates":"Free Templates - Easy and Free",.. "recipe":"Thousands Of Free Recipes",.. "forms":"Free Forms - Easy and Free",.. "games":"Play Card Games, Puzzles && Board Games",.. "ecards":"Free eCards - Easy and Free",.. "translate":"Translate Text, Documents && Websites",.. "horoscope":"Free Daily Horoscopes",.. "earthview":"Earth View 3D - Easy and Free",.. "print":"Free Print - Easy and Free",.. "howto":"Search How To articles and instructions"..}..

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\Win32Library.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):47616
          Entropy (8bit):5.738395874332668
          Encrypted:false
          SSDEEP:
          MD5:9EC3EE72759AFB099D48C96CBE0B6FDF
          SHA1:84465B923613356A0BB29B1284F05433B1EE0E5A
          SHA-256:C35C0B40E44EAB85E9E5C78A489A44DEFF2936C20B51DF1024661711CCACFE49
          SHA-512:07429CF6F641E017EBF390E0FF8550E851FC1C17B2EB9B5744D0FEE6B3F2C2C303C8406336D529E1583A11C44672ECFBA8E0BBC9A05B303BC2702FE6173111FF
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S.d...........!................~.... ........... .......................@............@.............................(...,...O............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata..............................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\_isetup\_setup64.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PE32+ executable (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):6144
          Entropy (8bit):4.720366600008286
          Encrypted:false
          SSDEEP:
          MD5:E4211D6D009757C078A9FAC7FF4F03D4
          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\button-10-light.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PNG image data, 304 x 240, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):1181
          Entropy (8bit):6.3531504585829595
          Encrypted:false
          SSDEEP:
          MD5:A879852024BF6DE33C3BB293704E6FE5
          SHA1:8487AF86F572F80D18720157906C6B74DE2A52A8
          SHA-256:A45A7BF12D8E17D5B05C81CC3BD5EE5E9299B9B522E4B883ED00808635D99BBA
          SHA-512:34666447F27F4355F991B66E4781738400619A4553415060C2C0DDE59198B797999BE4F24734EE04FA3C1C6DD3B4EB26BA48C361CD891855B30EED7586D521A7
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...0..........d8.....iCCPICC profile..(.}.=H.@...JE*.. .:Y..q.*..Bi+..`r..41$)...k........... ......"%~..Z.x.q..}...w..2....4.6....H.W.h..`@f...,d.;.....].g...9....D<...&^'......"+.*.9.I.$~..........lz.X$.J..t0+....qT.t..r....8k..k..0\.3\.5....D....PA.6b..XH.y..?..S.R.U.#.<6.Av....Vqr.K........B.@..8...<.......o4..O..m-z..o...mM...w..'C6eW....E....).Dn..U.o.s.>.Y....pp...({...=.}.....@.r.(P.A....bKGD......e.......pHYs.................tIME..........F....tEXtComment.Created with GIMPW......uIDATx...;.. .DA>W...a.W....dF../...'.|....0....0@....@.....0....0@....@.....0....0@....@.....0....0@....@.....0....0@....@.....0....0@....@.....0....0@....@.....0....0.....@.....0....0.....@.....0....0.....@.....0....0.....@.....0.?D...... `............... `............... `............... `............... `............... `............... `............... `............... `... `.......... `... `.......... `... `.......... `..D.e.....0.....@....@.....0.....@....@.

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\button-hover.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 304 x 80 x 32, resolution 2835 x 2835 px/m, cbSize 97334, bits offset 54
          Category:dropped
          Size (bytes):97334
          Entropy (8bit):2.0067245075787934
          Encrypted:false
          SSDEEP:
          MD5:82EBBC3800C3BB5E5E0B2215806FAB91
          SHA1:65279E1491D28E66D721F8BD560345E1DF0E550B
          SHA-256:CAC6CDAA9E776B7CD504152E90B760A650E008A3AF56AB73AF143457B4D50C38
          SHA-512:F6A0A9F12330ABE42EA84A05128C078F6A2FDEC749C62203055F6A734A34E6B7B3A49A9847C091087821709530861B23B9A658D4A3F4575FBDD3AEF4EE2B2B48
          Malicious:false
          Reputation:low
          Preview:BM6|......6...(...0...P..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\button-pressed.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 304 x 80 x 32, resolution 2835 x 2835 px/m, cbSize 97334, bits offset 54
          Category:dropped
          Size (bytes):97334
          Entropy (8bit):2.0067245075787934
          Encrypted:false
          SSDEEP:
          MD5:B74A8ED182B79A9FCE54806727A79AFF
          SHA1:00293992F5E6EA11C304EA627A8957C0E0AB26A8
          SHA-256:27E358564C55757F04F682B0AAB12E80BA3D36D05E60234464305E6CF54EF0BC
          SHA-512:16EABCC2B4A2006E875E925AB31DF42C3A6006620A9B979ED14DE61358A7F3AA20A25BB17AFBA7C50BD5194C22CF8D5766069E7DC10AD5E0ADDF97CE2B773067
          Malicious:false
          Reputation:low
          Preview:BM6|......6...(...0...P..... ..........................[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\button-rest.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 304 x 80 x 32, resolution 2835 x 2835 px/m, cbSize 97334, bits offset 54
          Category:dropped
          Size (bytes):97334
          Entropy (8bit):2.0067245075787934
          Encrypted:false
          SSDEEP:
          MD5:35B504CA889960B5EF306894DC9315FE
          SHA1:38E0FDA1828DE12F9C88F4BE2711CDC413A7FF8B
          SHA-256:85386BD819C2A097ABF8225E96980235D536A825629C9481AAFEDA3C09055D91
          SHA-512:3055D9EB57BA71270CE420C5691C11900CC00DE5E79689FAB772C7CD26DC10760615E6FAEC746C06D0F79FA8C0876D38E946555054D994EF28AC8C7A1C348A82
          Malicious:false
          Reputation:low
          Preview:BM6|......6...(...0...P..... ..........................k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k...k

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\exit-10-light.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PNG image data, 96 x 192, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):6.1710732658669105
          Encrypted:false
          SSDEEP:
          MD5:2CCE6763F61DDDB4599CB058D6761C56
          SHA1:40BB1A5E735E52791C7C3F0A22CA4A63EC9A3737
          SHA-256:0FC8E40A3B0E7A516E108DC0F3267DCCCB4DE04D28A21EB68A45A8AC1BB9DF8F
          SHA-512:BDA0D42E1A844B2A9608816B07160EE42E1F4C8705D820CADF5CD5E714B7C9FB0C6E066DB04B74D573A1F8F435324D807634648C348D5E456A61CC9DAB684FA2
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...`...........f....6zTXtRaw profile type exif..x..mz.*.....Y...`9|>..`.?/....+};w..Uvl.G:B:j.......'.....\s.|RM54...?.......G....o...".x.Y.7..Op..W.a...$.........A....D..(...<....R.}4...<.,)...<n..y...dxo*...V.............v.2Pb.:..D{...W~z.T...5.....[oW.+[)<C..'.....N.5+..?...s.>...v.}....=.l..2..Qo.\W..,q...h.._e....Q..A(L?|..R%@.$S.lY.y..b.....!......j...Cv.X.....G.w,r-[.p.j...04......./.}....._.~C8...a..2.Fd?N...o....5../.-Rql...*.e.x......=(6..p.K+`$...IT..-........CL......b.pS.Y.WL..A....If0.1....5.JI..K..j.5.jV.U[.9e.9[>I.Y..L-.Y.j....\..RK..F...\..Zkk....vc@k=..SW.s.^z.m.>#..y.(..6...1.Yf.m.".VZ..UV]m.j;....m.]w{gM.m....k.....@{g..foS.I'z8..........p8.ER......]...z8.r....$.7.\..=..O.9K.x...9w..!s.....y....w.q...m...Z...}....1#./.LG.N6..3.....(.....z.....i...`.w..z..e....u..;&.b...q.g._.....%..Z..!#&.........>.m./'.A.*....h..=.5../N...Z.....i....Ak.c..VdX7....I9.:u8]..|.60....!"q.Ed.@..z..I..C.~t..0.a....i.*b=f@.

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\exit-hover.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):1.7452965745987936
          Encrypted:false
          SSDEEP:
          MD5:D33F497718C0BF3C5705941BA5666A5A
          SHA1:61107329DD6576AEC0B2CDF34EB146D24748D2E8
          SHA-256:C61FB1333511D8E78C4606DD2A800F1CF9D94307B26C01862128FF11C0B5E333
          SHA-512:E6F2C2E7F6B3A4AD4899DCC547ADF16A61F823096B7530C5422E3989D94A2D1AE0E138E382304AB2942BEEF949D1193DE485097A2DDA8C54C0E998EA589F3C39
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%...........CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC..CC

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\exit-pressed.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):1.731446850397158
          Encrypted:false
          SSDEEP:
          MD5:53178FD9661AE74BBFA7A562653A7773
          SHA1:FA3BAAE7B8442F47DFA18AAC1361112F7E8E3C4B
          SHA-256:FFE6D8F0EA0ACB8660389C9E7F399133BC570803789638AA884AE2F247D8BF10
          SHA-512:C50C0822F228C123B41A4B14A63F625B3A299FAA36322D98A2DB001774953A342058149C90971D4E3E713005E5481BC92ED2F03D5D86FFAF415CCD565AEFB913
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%...........==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==..==

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\exit-rest.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):1.0551032985832818
          Encrypted:false
          SSDEEP:
          MD5:B8AD3B36AE539BBB3D8C41FAA57FE4F6
          SHA1:16E75AA762DF3EDD1DDCB69B7A0AEE196C553E7C
          SHA-256:33BD571330E590730A52C6880EA744A63B8D5342A0C8BF2DF871C41D190D57F0
          SHA-512:158341605CE52FA2E7EE1BBDFE8A5D4A42115BB1063F4826A560156E0634F1A35A39A65B9A949F2C7ADE96B9B592C936309F99E75A9FFF4630C40DF530322E09
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\min-10-light.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PNG image data, 96 x 192, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):5793
          Entropy (8bit):5.506205157290013
          Encrypted:false
          SSDEEP:
          MD5:2257B1D0D33A41F509E7C3E117819F8B
          SHA1:87583BFBC655AEC4E8CC4465B341C3F7889A6317
          SHA-256:D43E4B285B5B54313B53E87D2A56CA9BA0C85F8F55C9C5FDCDB4FAC815FF4D02
          SHA-512:702D1A126A0A7A64AF5CEE9450DAEED74364AA9E9F123E1BC398ECD4215C082E7F55E43DD292A4119749E84999B015109BFF8B11732DF11143D202B385411CC5
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...`...........f....,zTXtRaw profile type exif..x.W[v.(..g...$$...y..`.?%?z.....d... ......?........h.\s...J...j......W.~.k...`4%...i..t....Y4..#.<Q..Q..oO.....Q...z9J|v..k)...%.u..^..O.W.....}.-..M.8.y%J.oNvN ..!5T...!%A]R.[.$...N..bF.*...c.~..]..l._&....(?l....r@.fd.....'..B|B....c.XE....{)G.v.C..../.G..w.m..P.q.{P%.]..&5..r....W`p....h..H'..isI5.d y...V~..ak....0.$.2..y\.z.W?..S.(^.../...i8s.....}......|9......)R.l?]t... .D'.*.3..... ...P..`..R.X....4..0uN....*OL..8........a..h.h....M.9g`..,.E..1.P...Y..Vm9e.s..E..T$.-..b..f....3..*....k.Vkm.c6xn......=u..z.[......#.2l..&.4..3.2m...-...+..l..6Bm..e..l.u..kt.....kt...SnX..........s..8..... ..9.F"..9g.2.B..T.l.3..e....'...x.E....e.8u/2.+o..6}...cg.:.1!.v.......2.....uGm#o..0.@...6....Q.....,......V......H]i.9......'.=.g.....<.<Y.'...N.N'.j.....}.R+.*.....5?h4.w.....C..6..U..|$......iM.F........_..'K....2|f.X..DE...U.,DA...4....<..$...$..K_.HhT..\.&{SC.P..A..q.7-8d(#E=b0f..

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\min-hover.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):0.08151757699737566
          Encrypted:false
          SSDEEP:
          MD5:C94A77553F2C392D5F1FE2F08E30EFB2
          SHA1:8FB56E5E4896133281A2627A92A3A33D13E378C5
          SHA-256:8DAA69B6252F6F773CEB6D7090664B933537478731473E1B54CAF67791C2D336
          SHA-512:8E22363FF52C116B5D36BE212F79B610C520CB156B8902BE501B8420A7568D62CF52C6742EF03F328558B506D47B9421ADD713A916AB0F5BFABD4E7422F10587
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\min-pressed.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):0.8883785617172046
          Encrypted:false
          SSDEEP:
          MD5:4B549427F8B753A01272BEC3A658E7BA
          SHA1:8DB761FC5A1DE900858D193D54759ED9F910BB71
          SHA-256:FE03E30C13229D50685E3387F4F271BEFE57DFA74BE890D09C089FB3688469A1
          SHA-512:D84CDFB52D88BD25A09F805CCC8968ECA7054F55C50673A7919DDB146ED65B3B8B36B1C70469C12655E8ADE5202E257491D648E0FAFE527C289747ED8F34EC4D
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\min-rest.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 96 x 64 x 32, resolution 5669 x 5669 px/m, cbSize 24630, bits offset 54
          Category:dropped
          Size (bytes):24630
          Entropy (8bit):0.8883785617172046
          Encrypted:false
          SSDEEP:
          MD5:2484489C7443EC4745488A77ED084D80
          SHA1:FCF49D1BE8BBBAE3D0DEA49BB5E677FB19D98D9D
          SHA-256:70B6921812F29B698F454927802DB818C1625402BAEFD53CED1BFB9135C17D5A
          SHA-512:A4776969B6BF215A85E7CFBC8F13DBB1BEB4EF42EB5ABFA572BB7F54C0032941C8BB178E7B77EDA0C442741C29FCCB02D8DE157068DD31203BFED4E49CE051A5
          Malicious:false
          Reputation:low
          Preview:BM6`......6...(...`...@..... .........%...%.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\onelaunch.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 431 x 431 x 32, resolution 3543 x 3543 px/m, cbSize 743098, bits offset 54
          Category:dropped
          Size (bytes):743098
          Entropy (8bit):5.204280125781986
          Encrypted:false
          SSDEEP:
          MD5:00DE2DFF1787F6D7904189476B307BFB
          SHA1:098A2C23F651D08730927ADC8C63518744B199F9
          SHA-256:CC24488A078D3E92DD7DFB96C22CEBD4004EE7FCB297A438E2D3848B633A9F71
          SHA-512:33A06AFFEBCA41E4580279D3AB0F5A2E798584F1AC7F15A19B2364825CABA06D8CF57D4EA1AE15BB41D7B14B6ED48F0D3F472C4A4231B7FF792BFCA97E93250F
          Malicious:false
          Reputation:low
          Preview:BM.V......6...(............. ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................p...Qw..5b...\..'W...Q...Q...H...H...F...B...A...<...;...<...A...B...F...H...H...P.. Q..'W...\..3`..Jr..h..............................

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\onelaunch.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PNG image data, 431 x 431, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):72255
          Entropy (8bit):7.989944094177029
          Encrypted:false
          SSDEEP:
          MD5:D3110FB775EE7FD24426503D67840C25
          SHA1:54F649C8BF3AF2AD3A4D92CD8B1397BAD1A49A75
          SHA-256:F8392390DC81756E79EC5F359DBDCAC3B4BD219B5188A429B814FC51AABB6E36
          SHA-512:F6B79F728BE17C9060EDB2DF2DAC2B0F59A4DFFD8C416E7E957BC3FA4696F4237E5969647309F5425A6297F189E351E20C99C642F90D1476050285929657C32F
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR..............kZ.....iCCPICC profile..(.}.=H.@.._.jE*.v..:Y..q.*..Bi+..`r..!Iqq.\..~,V.\.uup.....G''E.)..I.E....xw.q........q@.,#.......|E...@....z2.........w1..}....L..D.Y....:....s.'.........tA.G....q.9,...M.....R.....J<E.UT.....-.j..Z../......iF..".HA...6P.....)&.....;...drm..c.U...?.....,NN.I.8..b..#@p.h.m....'.......j...$...G@.6pq...=.r..z.%Cr$?M.X.......-............n..C`.D.k.......3..~.'.r...>B....bKGD..............pHYs.........B(.x....tIME.......K6a... .IDATx..y.eGU/.]u.;......0a........d...DQ.!..T....O}..O@..2.0. `HL...H Ig.L$d.tz.;.sv...g..j....>......O....v.}.[.5|..jU..1.p7..&A.....8p.|v..8.......M#.Sp..h..o.su.O. .M.1.`.\6......o.n..}..u.j..~......p.>0..o..{........A....Z...%..........6....d.':rgx.N.j..L..&...7.<..&<.>np.w...{.#....W........\?...h....~0....Y...?......4q..r.nG..BV.\.*.Z.V/@......k?..3=.N#......$.........4`d..F\.....Y..1...........~?...~..{.3..?.-0..j...}...u....3u3.N}.OA....U.U.....L..k...h.=.9..k.l06..4|.f.<

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\pdf.bmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PC bitmap, Windows 3.x format, 432 x 432 x 32, resolution 3543 x 3543 px/m, cbSize 746550, bits offset 54
          Category:dropped
          Size (bytes):746550
          Entropy (8bit):4.772665126336352
          Encrypted:false
          SSDEEP:
          MD5:EF3A82016D96F7272609ED2E4F1F82A8
          SHA1:28E75FC45A3E764C0736512400C6EAF1293577E6
          SHA-256:F7291B0F18F97A0C73FE320E8140B19EDCD547EF42C7ABE98EEA5817ABA4A637
          SHA-512:F8A76F6847CADF1C1ADA6597E3882471779203E0E084669077AE7EA8D13C6BBCD768ECBEAC8A343D95A66DC71CA60CA160A71E2A0AAAD98A7233D561D468EFA1
          Malicious:false
          Reputation:low
          Preview:BM6d......6...(............. .........................................................................................................................................................................................................................................................................................................................................................................................................................................v...I^..(A...7...2...+...&...#..."..."..."..."..."..."..."...#...#...#...#...#...#...#...#...#...#...#...#...$...$...$...$...$...$...$...$...$...$...$...%...%...%...%...%...%...%...%...%...%...%...&...&...&...&...&...&...&...&...&...&...&...'...'...'...'...'...'...'...'...'...'...'...(...(...(...(...(...(...(...(...(...(...(...)...)...)...)...)...)...)...)...)...)...)...)...*...*...*...*...*...*...*...*...*...*...*...+...+...+...+...+...+...+...+...+...+...+...,...,...,...,...,...,...,...,...,...,...,...-...-...-...-...-...-...-...-...-...-

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\pdf.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:PNG image data, 432 x 432, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):19727
          Entropy (8bit):7.961007282620135
          Encrypted:false
          SSDEEP:
          MD5:485CD5451B6A5E12380AA2E181ABF046
          SHA1:E1FE4637B2568AA8B26057BA6E653C0D37C8ABC8
          SHA-256:1D227C280D121311A0C7EC32ACF8DA0FFB34090DA2C4C1E47CCA701CD8B32C47
          SHA-512:3DD90236103A52B112BFE4B90BA1BF985FEC0D23F70F21EE7B2D677A0F29E929266FB1F2ABB37E06A0029448F08E0FEB5D4F8612115A7E81B05DE0A5875A85F3
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR..............N0*....iCCPICC profile..(.}.=H.@.....T:.A.!Cu. *.(U,...Vh....?h...8..........:.............]Rh....=.../w..B..T30...e..q1._.{_.D.a.C.3.df1...u....b<.....L..D.9........s.'.........tA.G....q.9,...M..G..R..]..J<M.UT.....-.j...../......i. .%$....uTP.....)&.t....;...drU....TH....~..,NM.I.8..b...@...j....m.N..3p.u..&0.Iz..E...6pq...=.r..|.%Cr$?-.X.......-....}... K.Z.......e.{.;...k....6.r.........bKGD......e.......pHYs.........B(.x....tIME......7.V.... .IDATx..w|.e..?...f.PB......i.. ...Y.w..<{/.;.{9.....r.a9.YN,..`A.&E@ !m....#m..&........k^$..)......w.. .GJ)..`O.i.C...`.../... .@;..?{Yb$....w..'.y.......%L2.`.d..F.c.`..r.....c.t.,......-.. ..Pb..s..K(.9CHy..8.&."...W*.Rb.-..p$J.....V(.:B..tHy...Gl.}%.T....e...C............*.......B.A..Y"$....._.lm..P$.i.pFb...Z*++.k..U....i...+Qt..j?.m[.e.".#..c$F.."0E\{....5.g...(/..RK$.ZI...n..L^.V.b.Y..........x<.B.?....M..T".x.j".x...W.z.X.j.k.P`6&.......B..$.%B.".../)..?...Rb.......

          C:\Users\user\AppData\Local\Temp\is-V8T8C.tmp\split_tests.json

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-762QD.tmp\OneLaunch - PDF_o2u43.tmp
          File Type:JSON data
          Category:dropped
          Size (bytes):210
          Entropy (8bit):4.70237720440175
          Encrypted:false
          SSDEEP:
          MD5:AB64ADB8BC84F8A5E66878FB8F32E979
          SHA1:4C1100B2C9077BE47A4E05631182B42BFF9847D3
          SHA-256:C82702FBB452AEA17B947BBAE1B7225730DE69BB9FC86E16F7E002DA2437686F
          SHA-512:4C6A6664C222B7D59FFB25086EF6E11079CCDD616A0571A0906D441BA30019BFC38936FFD1C23B90E29D3CF4E5990F9CFDD6E4493B1E2474DB70DE076A9072D0
          Malicious:false
          Reputation:low
          Preview:[.. {.. "splitName": "split_22_12_more_educational_miniprompts",.. "threeWaySplit": false.. },.. {.. "splitName": "split_23_06_omnibox_clean_search_suggestion",.. "threeWaySplit": false.. }..]..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneLaunch\OneLaunch.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Jul 21 05:32:12 2023, mtime=Fri Jul 21 05:32:13 2023, atime=Wed Jul 19 18:21:54 2023, length=12994008, window=hide
          Category:dropped
          Size (bytes):1289
          Entropy (8bit):4.8674923998788
          Encrypted:false
          SSDEEP:
          MD5:16410DB56BAD0966B1F0BBCF4E7B0C4D
          SHA1:D5005C9B46C7A4D49B6587D270BBB22F4460DDBF
          SHA-256:6B48D5E6E53EC61C8702BB29728268E2643CD7FF52DB9127330321783CEAD094
          SHA-512:FA4162A62127D8FBEFCCA6DD774E2FCA452A371766E888250A1A26F456D2972953CA978495B0077212D66AA2EBF0CE3F4EE9B551533988B3935D93DB5EC7144C
          Malicious:false
          Reputation:low
          Preview:L..................F.... .....!............u.Fv....E......................&.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.....h.2..E...V.. .ONELAU~1.EXE..L.......V.4.V.4....9.........................O.n.e.L.a.u.n.c.h...e.x.e.......i...............-.......h...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe..6.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.O.n.e.L.a.u.n.c.h...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.../.a.=.b.r.o.w.s.e.r.........|....I.J.H..K..:...`.......X.......0

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunch.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Jul 21 05:32:12 2023, mtime=Fri Jul 21 05:33:02 2023, atime=Wed Jul 19 18:21:54 2023, length=12994008, window=hide
          Category:dropped
          Size (bytes):1321
          Entropy (8bit):4.851620307878633
          Encrypted:false
          SSDEEP:
          MD5:61F9C83B93D77F48DEFF9C035C0F4E73
          SHA1:1909C4AAC42697CA4112A592B96F8875EC4478EE
          SHA-256:6DEA89A57D19BEE302DC07F638484C501365326FBC1FB917A4DBE3D8960FB8FF
          SHA-512:39A1D1FC7947A47B31C497ACAD02BD886DD57F64C1087EF1A6B8F334D03155CFD3222682244DBA1B1665BFBCCD367974BAF61D7E7114475E8F32CBE1AFC2CD3D
          Malicious:false
          Reputation:low
          Preview:L..................F.... .....!.....R..3.....u.Fv....E......................&.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.....h.2..E...V.. .ONELAU~1.EXE..L.......V.4.V.4....9.........................O.n.e.L.a.u.n.c.h...e.x.e.......i...............-.......h...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe..6.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.O.n.e.L.a.u.n.c.h...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.../.s.t.a.r.t.e.d.F.r.o.m.=.s.t.a.r.t.u.p.F.o.l.d.e.r.........|....

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchChromium.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Jul 21 05:32:04 2023, mtime=Fri Jul 21 05:32:04 2023, atime=Wed Jul 19 18:21:48 2023, length=190464, window=hide
          Category:dropped
          Size (bytes):1322
          Entropy (8bit):4.883492812864732
          Encrypted:false
          SSDEEP:
          MD5:FA33C077B84E5D730071EDA5776978BD
          SHA1:81E14B5A24718AAEA76F4E750371D96CE5604163
          SHA-256:AA4A13DF60F7A3B212BC2623C8666DE6728F71C447B802CCD06C94166435871C
          SHA-512:2697953B0533EDCB2AE881BFFB9C2DD900B31BAA61A55D6BBA6D849EE52F02F8448DEB554EF2F6220522111487C8FAB604C44FBF0944157545DE74AFCC32652C
          Malicious:false
          Reputation:low
          Preview:L..................F.... ...w.o.......q.......+Cv...........................<.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.....~.2......V.. .CHROMI~1.EXE..b.......V.4.V.4..............................C.h.r.o.m.i.u.m.S.t.a.r.t.u.p.P.r.o.x.y...e.x.e.......t...............-.......s...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\ChromiumStartupProxy.exe..A.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.C.h.r.o.m.i.u.m.S.t.a.r.t.u.p.P.r.o.x.y...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.........|...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunchUpdater.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Jul 21 05:32:12 2023, mtime=Fri Jul 21 05:33:02 2023, atime=Wed Jul 19 18:21:54 2023, length=12994008, window=hide
          Category:dropped
          Size (bytes):1293
          Entropy (8bit):4.861633854798619
          Encrypted:false
          SSDEEP:
          MD5:47FFA278637F4F1DBA2714207A905915
          SHA1:A72E1810ADBB596D708EFFBBE59ADA1A47CB78F5
          SHA-256:DC1B9580859420A94C90D6FAAB8C3EEE88079EFF23E0FD058AEE8AABA6755596
          SHA-512:B478C718D18E554F2D2E01BD5EA66A57804D1D2802A6C2496F03AA7C85AC73C990D2C2735A4BF21FA1D770C5EF11AF5170E1DB550C33BEECAAE0F4698B72BFD6
          Malicious:false
          Reputation:low
          Preview:L..................F.... .....!........3.....u.Fv....E......................&.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.....h.2..E...V.. .ONELAU~1.EXE..L.......V.4.V.4....9.........................O.n.e.L.a.u.n.c.h...e.x.e.......i...............-.......h...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe..6.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.O.n.e.L.a.u.n.c.h...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.../.u.p.d.a.t.e.C.h.e.c.k.........|....I.J.H..K..:...`.......X....

          C:\Users\user\Desktop\OneLaunch.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Jul 21 05:32:12 2023, mtime=Fri Jul 21 05:33:02 2023, atime=Wed Jul 19 18:21:54 2023, length=12994008, window=hide
          Category:dropped
          Size (bytes):1325
          Entropy (8bit):4.869440325890778
          Encrypted:false
          SSDEEP:
          MD5:8A40897F0F160D8354355AD701481060
          SHA1:67BA2159F45AC1353C9653A2F2F73AA373B0246F
          SHA-256:CDBE64ED34520DE4353A3845256C5ED93D4EBE49D3D59715A7BC806C01E4B12D
          SHA-512:D8CCC97401596FE73752DEBC90A9A8B30743537C66DD05D2FBA2FD90A85AE8C42BFEE19CC955AF0219758FC5B989582E758FD5A3E902557B1C2B9F29CA81EB21
          Malicious:false
          Reputation:low
          Preview:L..................F.... .....!.....N..3.....u.Fv....E......................&.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.....h.2..E...V.. .ONELAU~1.EXE..L.......V.4.V.4....9.........................O.n.e.L.a.u.n.c.h...e.x.e.......i...............-.......h...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\OneLaunch.exe../.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.O.n.e.L.a.u.n.c.h...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.#./.a.=.b.r.o.w.s.e.r. ./.s.t.a.r.t.e.d.F.r.o.m.=.d.e.s.k.t.o.p.I.c.o.n.........|

          C:\Users\user\Desktop\PDF.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\is-P4CSS.tmp\OneLaunch Setup_o2u43.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri Jul 21 05:32:14 2023, mtime=Fri Jul 21 05:32:14 2023, atime=Wed Jul 19 18:21:56 2023, length=381912, window=hide
          Category:dropped
          Size (bytes):2270
          Entropy (8bit):3.766989371053551
          Encrypted:false
          SSDEEP:
          MD5:1B10F88CFA5D3BDF33F58ECC5B0261D3
          SHA1:75164A850ACB323F9CBCD386E288B45D2E65E263
          SHA-256:FA02CAA693D186EA15E66125A007857F96ACAD3DAC3DAA2A1E24DA6AFEAF2C33
          SHA-512:B750FE3677B8D858A456EDE28E56E42EE190544CD86F46DF1776A8C426517BBB60A09635F997C4CF1F75F73A72F5B4B5BF168382F4BFC563EFCC9A817CE0D254
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...B.i.......j........Gv...........................@.:..DG..Yr?.D..U..k0.&...&........#.S.. -..)...1.2........t...CFSF..1......RJr..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......RIr.V.3.....]......................'.A.p.p.D.a.t.a...B.P.1......V.4..Local.<......RIr.V.4.....]....................,...L.o.c.a.l.....\.1......V.4..ONELAU~1..D.......V.4.V.4....fc....................1.}.O.n.e.L.a.u.n.c.h.....T.1......V!4..519~1.1.>.......V.4.V!4..........................M...5...1.9...1.......2......V.. .ONELAU~2.EXE..f.......V.4.V.4....;.........................O.n.e.l.a.u.n.c.h.S.h.o.r.t.c.u.t.P.r.o.x.y...e.x.e.......v...............-.......u...........w,p......C:\Users\user\AppData\Local\OneLaunch\5.19.1\OnelaunchShortcutProxy.exe..<.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.\.O.n.e.l.a.u.n.c.h.S.h.o.r.t.c.u.t.P.r.o.x.y...e.x.e.,.C.:.\.U.s.e.r.s.\.e.y.u.p.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.L.a.u.n.c.h.\.5...1.9...1.../.a.=.p.d.f. .

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.778258414706219
          TrID:
          • Win32 Executable (generic) a (10002005/4) 98.45%
          • Inno Setup installer (109748/4) 1.08%
          • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
          • Win16/32 Executable Delphi generic (2074/23) 0.02%
          • Generic Win/DOS Executable (2004/3) 0.02%
          File name:OneLaunch - PDF_o2u43.exe
          File size:3'144'960 bytes
          MD5:2be3f4b1c3636088bb2b3558c1b73543
          SHA1:31b9e4aa5f1225ecee8f46194e7f6699519dc77b
          SHA256:268a240f2b137f210f9350bce7dc444529b3a7159c438aec112415f1fc1d649e
          SHA512:a277ee1b066eda44f1a1a47b1f023b7da20da2da208505db3ced2dfc3784ea8dd9dbebed52ffa1e5af22a50576e0f289ca30effe6b5e680877f8e3b2992837fa
          SSDEEP:49152:pqe3f6RzJksJbyhuwhddqQxgVSjqVX5rIJwI2J5PiH7nBGtd:ASiRzJks5ckSjgJLTiH7BUd
          TLSH:9EE5F13FB268A13ED5AA0B3245B39360497B7E61B81A8C1F07F0395CDF765601E3BA15
          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

          File Icon

          Icon Hash:1f17e96de9712317

          Static PE Info

          General

          Entrypoint:0x4b5eec
          Entrypoint Section:.itext
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:1
          File Version Major:6
          File Version Minor:1
          Subsystem Version Major:6
          Subsystem Version Minor:1
          Import Hash:5a594319a0d69dbc452e748bcf05892e

          Authenticode Signature

          Signature Valid:false
          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
          Signature Validation Error:A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
          Error Number:-2146762495
          Not Before, Not After
          • 6/16/2023 2:00:00 AM 9/11/2025 1:59:59 AM
          Subject Chain
          • CN=ONELAUNCH TECHNOLOGIES INC., O=ONELAUNCH TECHNOLOGIES INC., L=Victoria, S=British Columbia, C=CA
          Version:3
          Thumbprint MD5:1DFA48C90A12FA93252D3272CBB7A2C4
          Thumbprint SHA-1:DCC4E5F8C45B3139DD88CE1E42A224013B81D55E
          Thumbprint SHA-256:9EF74106802ED78FC995F2B01AEAECEBC1A60A7479A257F405D3520D19EAACFF
          Serial:08EB9739B29536226513191EC7264032
          Instruction
          push ebp
          mov ebp, esp
          add esp, FFFFFFA4h
          push ebx
          push esi
          push edi
          xor eax, eax
          mov dword ptr [ebp-3Ch], eax
          mov dword ptr [ebp-40h], eax
          mov dword ptr [ebp-5Ch], eax
          mov dword ptr [ebp-30h], eax
          mov dword ptr [ebp-38h], eax
          mov dword ptr [ebp-34h], eax
          mov dword ptr [ebp-2Ch], eax
          mov dword ptr [ebp-28h], eax
          mov dword ptr [ebp-14h], eax
          mov eax, 004B10F0h
          call 00007FB4AC8ACA15h
          xor eax, eax
          push ebp
          push 004B65E2h
          push dword ptr fs:[eax]
          mov dword ptr fs:[eax], esp
          xor edx, edx
          push ebp
          push 004B659Eh
          push dword ptr fs:[edx]
          mov dword ptr fs:[edx], esp
          mov eax, dword ptr [004BE634h]
          call 00007FB4AC94F13Fh
          call 00007FB4AC94EC92h
          lea edx, dword ptr [ebp-14h]
          xor eax, eax
          call 00007FB4AC8C2488h
          mov edx, dword ptr [ebp-14h]
          mov eax, 004C1D84h
          call 00007FB4AC8A7607h
          push 00000002h
          push 00000000h
          push 00000001h
          mov ecx, dword ptr [004C1D84h]
          mov dl, 01h
          mov eax, dword ptr [004237A4h]
          call 00007FB4AC8C34EFh
          mov dword ptr [004C1D88h], eax
          xor edx, edx
          push ebp
          push 004B654Ah
          push dword ptr fs:[edx]
          mov dword ptr fs:[edx], esp
          call 00007FB4AC94F1C7h
          mov dword ptr [004C1D90h], eax
          mov eax, dword ptr [004C1D90h]
          cmp dword ptr [eax+0Ch], 01h
          jne 00007FB4AC9557AAh
          mov eax, dword ptr [004C1D90h]
          mov edx, 00000028h
          call 00007FB4AC8C3DE4h
          mov edx, dword ptr [004C1D90h]
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
          IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x20194.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x2feb280x11d8
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xb361c0xb3800False0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .itext0xb50000x16880x1800False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .data0xb70000x37a40x3800False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .bss0xbb0000x6de80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .idata0xc20000xf360x1000False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .didata0xc30000x1a40x200False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .edata0xc40000x9a0x200False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rdata0xc60000x5d0x200False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0xc70000x201940x20200False0.3993798638132296data6.059653346161097IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0xc75280x47f4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9856134636264929
          RT_ICON0xcbd1c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.23426594108600496
          RT_ICON0xdc5440x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.4005668398677374
          RT_ICON0xe076c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.4962655601659751
          RT_ICON0xe2d140x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.5984990619136961
          RT_ICON0xe3dbc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.7881205673758865
          RT_STRING0xe42240x360data0.34375
          RT_STRING0xe45840x260data0.3256578947368421
          RT_STRING0xe47e40x45cdata0.4068100358422939
          RT_STRING0xe4c400x40cdata0.3754826254826255
          RT_STRING0xe504c0x2d4data0.39226519337016574
          RT_STRING0xe53200xb8data0.6467391304347826
          RT_STRING0xe53d80x9cdata0.6410256410256411
          RT_STRING0xe54740x374data0.4230769230769231
          RT_STRING0xe57e80x398data0.3358695652173913
          RT_STRING0xe5b800x368data0.3795871559633027
          RT_STRING0xe5ee80x2a4data0.4275147928994083
          RT_RCDATA0xe618c0x10data1.5
          RT_RCDATA0xe619c0x2c4data0.6384180790960452
          RT_RCDATA0xe64600x2cdata1.2045454545454546
          RT_GROUP_ICON0xe648c0x5adataEnglishUnited States0.7666666666666667
          RT_VERSION0xe64e80x584dataEnglishUnited States0.27124645892351273
          RT_MANIFEST0xe6a6c0x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317
          DLLImport
          kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
          comctl32.dllInitCommonControls
          version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
          user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
          oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
          netapi32.dllNetWkstaGetInfo, NetApiBufferFree
          advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW
          NameOrdinalAddress
          TMethodImplementationIntercept30x454060
          __dbk_fcall_wrapper20x40d0a0
          dbkFCallWrapperAddr10x4be63c

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States