Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 9e54f1a2ec3e0d62121c418ff7424a0a
SHA1: f2ea6f13e74b6ea6c035155de6e389e13127c6cb
SHA256: 60b2a17ba7caee2b028c89fef7c5e6f257c387a39c00744345db92d538fe9166
SSDeep: 12288:Plp30ATAnFK8Ur97/KfeXyVqQC8WoNJCQaZi9ULAtcSXdaGXLL:PH3h0rGB/Kk85CL8eBSX9
Size: 724536 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Catalina Group Ltd.
Created at: 2016-03-31 18:06:05
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
CatalinaUpdate.exe:1176
CatalinaUpdate.exe:1076
CatalinaUpdate.exe:1824
CatalinaUpdate.exe:2000
CatalinaUpdate.exe:1388
CatalinaUpdate.exe:1484
citrio.exe:1436
citrio.exe:900
citrio.exe:2980
citrio.exe:1836
citrio.exe:1716
citrio.exe:2092
citrio.exe:304
citrio.exe:1152
citrio.exe:1032
citrio.exe:1452
citrio.exe:1484
citrio.exe:436
citrio.exe:364
citrio.exe:2064
citrio.exe:252
CatalinaCrashHandler.exe:788
setup.exe:132
%original file name%.exe:1108
citrio_48.0.2564.270_1.exe:916
The Trojan injects its code into the following process(es):
citrio.exe:2624
citrio.exe:2876
citrio.exe:2736
citrio.exe:1520
citrio.exe:2764
citrio.exe:516
citrio.exe:4016
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process CatalinaUpdate.exe:1824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (0 bytes)
The process CatalinaUpdate.exe:1388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_uk.dll (26 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdate.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-CN.dll (19 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_it.dll (28 bytes)
The process CatalinaUpdate.exe:1484 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install\{6314A6BB-F8EF-431B-8E6C-E0F22F781FA8}\citrio_48.0.2564.270_1.exe (449813 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\48.0.2564.270\citrio_48.0.2564.270_1.exe (449813 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{E03D1AAF-D0C9-4509-B59A-C2EA9CC865D3}-citrio_48.0.2564.270_1.exe (0 bytes)
The process citrio.exe:1436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\jquery-1.11.0.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\download-all-disable.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\theme.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\id\messages.json (994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\static.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\disable.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all-active.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\download-all.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\sprite.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\locale.js (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\en\messages.json (981 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\background.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all-hover.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\manifest.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_IMAGES (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\js.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\open-icon.png (15904 bytes)
The process citrio.exe:900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ms\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16-old.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\manifest.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16.png (497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_MESSAGE_CATALOGS (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\en\messages.json (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\fil\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\locale.js (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.tw.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\css\template.css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.fb.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\id\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon35.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\background.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\pt_BR\messages.json (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon64.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\popup.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.gp.png (1 bytes)
The process citrio.exe:2980 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\uk\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\reg-logo.png (64797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\man.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osble700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossce600.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\pt_BR\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\login\login.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\dollar-green.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ms\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossc600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular-animate.min.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osce400.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recoverOk.html (635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osl400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\id\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossl600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\manifest.json (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\fil\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslle300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\header-dollar-icon.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\animation.css (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registrationOk.html (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbce700.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslce300.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\login\loginCtrl.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ar\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon128.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon32.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\background.js (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_IMAGES (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recover.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registrationCtrl.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\statistic\statisticCtrl.js (709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular.js (64174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossle600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\statistic.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbc700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registration.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osc400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular-route.min.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslc300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbl700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\globalService.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\fonts.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_MESSAGE_CATALOGS (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osll300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\jquery-2.1.4.min.js (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recoverCtrl.js (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\en\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\app.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\statistic\statistic.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ru\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\th\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osle400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\close.png (64683 bytes)
The process citrio.exe:1032 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\debug.log (129 bytes)
The process citrio.exe:1520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ms\messages.json (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (287042 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\uk\messages.json (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7YjEcZG5LWFE2yA (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\fil\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon128.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\pt_BR\messages.json (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\static.png (546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\download_all.crx (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ar\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\id\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ru\messages.json (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data (3478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1C.tmp (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\11.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ru\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\pt_BR\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\th\messages.json (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\19.tmp (327 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_3 (2808 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_2 (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_1 (18792 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_0 (53600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hhft7kb30WbZELS (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\id\messages.json (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\citrio_ext.crx (114298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\en\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0L6kzSrLIHtUDZV (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\media_downloader.crx (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\18.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000001 (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\proxy.crx (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon16.png (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\th\messages.json (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data (29629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\id\messages.json (517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\manifest.json (983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\pt_BR\messages.json (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\16.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\uk\messages.json (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\pt_BR\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\uk\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000003.log (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\LOG (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ms\messages.json (473 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000002 (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\en\messages.json (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xmqsjnT2msxoNHR (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QpsafpCJEzphWcA (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\1B.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\fil\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ar\messages.json (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\LOG (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\id\messages.json (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1A.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon16.png (420 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Visited Links (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\15.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ms\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QccOEVX8Z1CTdLn (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\fil\messages.json (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor (5093 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ru\messages.json (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites-journal (12948 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\10.tmp (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\en\messages.json (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vg9F8HkO8Hkm7Sp (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\fil\messages.json (490 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_19.png (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\14.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History (21181 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16.png (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\README (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\th\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\share_page.crx (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Current Session (4849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_X39xQmJOdX9TZjg (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_16.png (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ms\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons (4342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (4998877 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data-journal (13750 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History-journal (12512 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\LOG (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon32.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\en\messages.json (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1D.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000003.log (9746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ar\messages.json (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\17.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor-journal (11985 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\C.tmp (1478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts-journal (532 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Local State~RFf06ec.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RFefe9f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\citrio_ext.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Secure Preferences~RFf1ed9.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_1520_18659 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RFed369.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\media_downloader.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\static.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_1520_9175 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_1520_30470 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_1520_17873 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_1520_15353 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_19.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\download_all.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RFf2532.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\share_page.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon128.png (0 bytes)
The process citrio.exe:1452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ao.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ml.png (463 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mm.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ad.png (540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ag.png (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\doT.min.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ck.png (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cx.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bt.png (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pf.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kn.png (662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\am.png (414 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\io.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ee.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ht.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\om.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ch.png (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bj.png (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bw.png (425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bv.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dk.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nu.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kr.png (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\aq.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pe.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lc.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dz.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ng.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kg.png (525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\speed.png (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\tmpl.js (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bh.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gt.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gu.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mx.png (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\th\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ir.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pl.png (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mp.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ms.png (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cz.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hn.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jm.png (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fi.png (405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gy.png (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ki.png (679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\co.png (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ke.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dm.png (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lu.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\er.png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\es.png (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kz.png (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gl.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\at.png (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mq.png (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ly.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gq.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mn.png (546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cl.png (424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ru\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cy.png (456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gw.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fj.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\et.png (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hk.png (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\au.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gg.png (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\it.png (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cc.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\settings.png (871 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\je.png (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bl.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\model.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mu.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ie.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fo.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pg.png (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bo.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gd.png (683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ge.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cd.png (621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bf.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\la.png (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bb.png (573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bm.png (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lb.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mg.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pa.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\close.png (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\no.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gm.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mr.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ai.png (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bd.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jo.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mk.png (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\id\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\is.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\logging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ae.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gp.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\me.png (555 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ci.png (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cu.png (513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dj.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kw.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ar\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bg.png (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ec.png (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\iq.png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kh.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\eg.png (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\eh.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\af.png (534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hr.png (553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\manifest.json (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\uk\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lt.png (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cr.png (364 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\az.png (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\de.png (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nz.png (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\settings-act.png (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\in.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bz.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\base64.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\profile_detail.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\br.png (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ls.png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\sandbox.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mw.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cf.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.route.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\an.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\mochi.js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gs.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\list-img.png (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\id.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gh.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gi.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\il.png (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ba.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ar.png (439 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\as.png (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\na.png (717 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\km.png (561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ph.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gr.png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.local.js (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\new.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cv.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\np.png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nr.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gn.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mv.png (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mo.png (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\ui.js (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\im.png (543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\aw.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hm.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\be.png (452 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\sandbox.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ca.png (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cn.png (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cm.png (502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\md.png (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\popup.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\list-img-ac.png (620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\do.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ax.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\by.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mh.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cg.png (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\styles\mochi.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ni.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fr.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nl.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\my.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lr.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fm.png (565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mt.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kp.png (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\al.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\agent.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ne.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hu.png (369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ma.png (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\styles\style.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bn.png (654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lk.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mz.png (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\li.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bs.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ky.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gb.png (707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ga.png (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jp.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pk.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nc.png (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\sl_arrow.png (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\popup.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mc.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bi.png (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lv.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pm.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\profile_list.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\en\messages.json (1 bytes)
The process citrio.exe:436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\button.logo.inactive.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_MESSAGE_CATALOGS (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.ui.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\pt_BR\messages.json (525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.popup.js (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\manifest.json (774 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\uk\messages.json (862 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon.close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\en\messages.json (489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ar\messages.json (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\id\messages.json (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\th\messages.json (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ms\messages.json (503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ru\messages.json (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.interface.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\fil\messages.json (520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\locale.js (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\css\template.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon128.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\button.logo.png (60000 bytes)
The process citrio.exe:252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\QtCore4.dll (152471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_notification.js (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_16.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\python34.dll (164484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_lzma.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\background.html (346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\msvcp100.dll (27336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_IMAGES (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\QtGui4.dll (541377 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\youtube-dl.exe (195990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\unicodedata.pyd (48768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\content_dv.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\dlnlib.dll (38624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\msvcr100.dll (49672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\pywintypes34.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_socket.pyd (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libeay32.dll (76989 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\select.pyd (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_bz2.pyd (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libtorrent.dll (129574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_empty.png (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\Include\pyconfig.h (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\ssleay32.dll (18768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\imageformats\qico4.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_elementtree.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_ssl.pyd (66767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\zlib1.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_hashlib.pyd (49912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_dv.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\win32wnet.pyd (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\citrio_ext.dll (34392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\pyexpat.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\base_library.zip (206432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_19.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_ctypes.pyd (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libcurl.dll (22840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\manifest.json (988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_stats.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\content_stats.js (605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\win32api.pyd (6984 bytes)
The process setup.exe:132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_watcher.dll (1661 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\48.0.2564.270.manifest (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\el.pak (1752 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sr.pak (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\wow_helper.exe (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\et.pak (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ca.pak (265 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\th.pak (1798 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hu.pak (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sk.pak (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_elf.dll (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\mr.pak (1812 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\delegate_execute.exe (3802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pt-BR.pak (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\Installer\setup.exe (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\secondarytile.png (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\chrome.VisualElementsManifest.xml (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\PepperFlash\pepflashplayer.dll (124061 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\share_page.crx (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl_irt_x86_64.nexe (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libexif.dll (307 bytes)
%Documents and Settings%\%current user%\Desktop\Facebook.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\media_downloader.crx (1670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\he.pak (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\es.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hi.pak (1820 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\citrio.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\kn.pak (3680 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_child.dll (321430 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\zh-TW.pak (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libglesv2.dll (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\nb.pak (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\icudtl.dat (75554 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\lt.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\gu.pak (1805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\nl.pak (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fa.pak (1654 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\natives_blob.bin (1711 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\en-GB.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\vi.pak (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\te.pak (1870 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\id.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\am.pak (1647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hr.pak (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pl.pak (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\bg.pak (1714 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fr.pak (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\resources.pak (150724 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio.dll (259439 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\en-US.pak (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\cs.pak (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\bn.pak (1839 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\de.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\it.pak (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ms.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl_irt_x86_32.nexe (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\da.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\zh-CN.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\tr.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\download_all.crx (1766 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sw.pak (241 bytes)
%Documents and Settings%\%current user%\Desktop\YouTube.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fi.pak (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\widevinecdmadapter.dll (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ml.pak (3743 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ar.pak (1641 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\VisualElements\smalllogo.png (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\citrio_ext.crx (110258 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\uk.pak (1698 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\PepperFlash\version.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fil.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\metro_driver.dll (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\VisualElements\logo.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\proxy.crx (1676 bytes)
%Documents and Settings%\%current user%\Desktop\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libegl.dll (78 bytes)
%Documents and Settings%\%current user%\Desktop\Chrome Web Store.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sv.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\citrio.7z (1358422 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\lv.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ko.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ja.pak (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ta.pak (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\snapshot_blob.bin (1802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_100_percent.pak (6303 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ru.pak (1688 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_material_200_percent.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_material_100_percent.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pt-PT.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\es-419.pak (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\external_extensions.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_200_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sl.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ro.pak (268 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\citrio.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\wow_helper.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533 (0 bytes)
The process %original file name%.exe:1108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (0 bytes)
The process citrio_48.0.2564.270_1.exe:916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\setup.exe (20838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\SETUP.EX_ (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\CITRIO.PACKED.7Z (443233 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\CITRIO.PACKED.7Z (0 bytes)
Registry activity
The process CatalinaUpdate.exe:1176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 DF 53 B3 AC 7D C1 93 BA AC FA 03 D5 1B CB F4"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "auto"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "03 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "03 00 00 00 00 00 00 00"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process CatalinaUpdate.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 90 FB 62 93 54 D0 67 01 43 64 8C A6 83 6A DB"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "05 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process CatalinaUpdate.exe:1824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 E8 B0 72 71 0E 5F 59 0C CB 03 F9 96 CD E0 D4"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "02 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "02 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update]
"LastServerAddress" = "1"
[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "auto"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process CatalinaUpdate.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"CLSID" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
"(Default)" = "ICatalinaUpdate3WebSecurity"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser]
"(Default)" = "Update3COMClass"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}]
"(Default)" = "IAppBundle"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}]
"(Default)" = "ICoCreateAsyncStatus"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\NumMethods]
"(Default)" = "39"
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\NumMethods]
"(Default)" = "8"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\NumMethods]
"(Default)" = "13"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}]
"(Default)" = "ICredentialDialog"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
"(Default)" = "ICatalinaUpdate"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\NumMethods]
"(Default)" = "10"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}]
"(Default)" = "Update3COMClass"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\CLSID\{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}\InProcServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}\InProcServer32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}]
"(Default)" = "IAppVersionWeb"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}]
"(Default)" = "IOneClickProcessLauncher"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}]
"(Default)" = "ICoCreateAsync"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}]
"(Default)" = "ICurrentState"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}]
"(Default)" = "IAppBundleWeb"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}]
"(Default)" = "IApp"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\NumMethods]
"(Default)" = "5"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 8A 28 B6 A4 16 26 30 46 64 AA A1 D2 EC 11 5B"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\NumMethods]
"(Default)" = "44"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\NumMethods]
"(Default)" = "9"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\NumMethods]
"(Default)" = "6"
[HKCU\Software\Classes\CLSID\{E9DD6CE9-5DC9-4484-80FC-EBCAFEDD6775}\InprocHandler32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"Policy" = "3"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\NumMethods]
"(Default)" = "14"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
"(Default)" = "ICatalinaUpdateCore"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\CLSID\{E9DD6CE9-5DC9-4484-80FC-EBCAFEDD6775}\InprocHandler32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\NumMethods]
"(Default)" = "10"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
"(Default)" = "ICatalinaUpdate3"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}]
"(Default)" = "IJobObserver"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}]
"(Default)" = "IAppVersion"
[HKCU\Software\Classes\CLSID\{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}]
"(Default)" = "PSFactoryBuffer"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
"(Default)" = "ICatalinaUpdate3Web"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\NumMethods]
"(Default)" = "8"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}]
"(Default)" = "IBrowserHttpRequest2"
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
"(Default)" = "Update3COMClass"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\NumMethods]
"(Default)" = "24"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}]
"(Default)" = "IPackage"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\ProxyStubClsid32]
"(Default)" = "{A9DEC561-8DB2-4613-BD7A-544A9CCD0EC5}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}]
"(Default)" = "IAppWeb"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\NumMethods]
"(Default)" = "24"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}]
"(Default)" = "IProcessLauncher"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}]
"(Default)" = "IProgressWndEvents"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}]
"(Default)" = "IRegistrationUpdateHook"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\CLSID\{E9DD6CE9-5DC9-4484-80FC-EBCAFEDD6775}\InprocHandler32]
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}]
[HKCU\Software\Classes\CLSID\{E9DD6CE9-5DC9-4484-80FC-EBCAFEDD6775}]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process CatalinaUpdate.exe:1388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"vendor" = "Catalina Group Ltd."
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"opt_in_uid_generated" = "01 00 00 00 00 00 00 00"
"setup_should_install_total" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_install_google_update_total_ms" = "01 00 00 00 00 00 00 00 88 04 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"ProductName" = "CatalinaGroup Update"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"iid" = "{170A3ADB-EE3F-4AFB-9E9E-D677FD645106}"
[HKCU\Software\CatalinaGroup\Update]
"UID" = "{0F5B39A2-90B2-4507-BFD6-4790D2300363}"
[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
"CLSID" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9\CLSID]
"(Default)" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
"CLSID" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_phase2_ms" = "01 00 00 00 00 00 00 00 C1 01 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppName" = "CatalinaUpdate.exe"
[HKCU\Software\CatalinaGroup\Update]
"Version" = "1.3.25.223"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Description" = "CatalinaGroup Update"
[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"Name" = "Catalina Update"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"InstallTime" = "1461316489"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update]
"CatalinaUpdate.exe" = "CatalinaGroup Update"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
"(Default)" = "CatalinaGroup.OneClickCtrl.9"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_do_self_install_total" = "01 00 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_lock_acquire_ms" = "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Description" = "CatalinaGroup Update"
"ProductName" = "CatalinaGroup Update"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"vendor" = "Catalina Group Ltd."
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_files_total" = "01 00 00 00 00 00 00 00"
"goopdate_main" = "06 00 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Version" = "9"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.223"
[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3\CLSID]
"(Default)" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppName" = "CatalinaUpdateOnDemand.exe"
[HKCU\Software\CatalinaGroup\Update]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "06 00 00 00 00 00 00 00"
"setup_do_self_install_succeeded" = "01 00 00 00 00 00 00 00"
"setup_install_succeeded" = "01 00 00 00 00 00 00 00"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Version" = "3"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA C0 71 61 29 06 FC 78 82 8E 60 F3 F6 07 D9 03"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.223"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_should_install_true_fresh_install" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
"(Default)" = "CatalinaGroup.Update3WebControl.3"
[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_files_ms" = "01 00 00 00 00 00 00 00 BA 02 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_install_total" = "01 00 00 00 00 00 00 00"
"setup_files_verification_succeeded" = "01 00 00 00 00 00 00 00"
"setup_install_task_succeeded" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"brand" = "GGLS"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_install_task_ms" = "01 00 00 00 00 00 00 00 84 00 00 00 00 00 00 00"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update]
"ui"
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"UpdateAvailableSince"
[HKCU\Software\CatalinaGroup\Update\network\secure]
"c"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"UpdateAvailableCount"
[HKCU\Software\CatalinaGroup\Update]
"LastChecked"
The process CatalinaUpdate.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"pv" = "48.0.2564.270"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_package_cache_put_succeeded" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"brand" = "GGLS"
"LastInstallerError" = "0"
"LastInstallerResult" = "0"
"referral" = "1:citrio_website"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_download_total" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update]
"LastServerAddress" = "1"
[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "auto"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_package_cache_put_total" = "01 00 00 00 00 00 00 00"
"worker_download_succeeded" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerError" = "0"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
"lang" = "en"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "04 00 00 00 00 00 00 00"
"worker_install_execute_total" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"bt" = "1"
"LastCheckSuccess" = "1461316609"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "04 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 22 4D 8F 8A"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update]
"CatalinaUpdate.exe" = "CatalinaGroup Update"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 71 D3 4A 8A 53 D7 8C AB DA 7C F0 D9 D9 B6 F7"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallTime" = "1461316595"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerResult" = "0"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"iid" = "{170A3ADB-EE3F-4AFB-9E9E-D677FD645106}"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"browser"
"LastInstallerError"
"LastInstallerResultUIString"
"eulaaccepted"
"UpdateAvailableSince"
"tttoken"
[HKCU\Software\CatalinaGroup\Update\network\secure]
"c"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"experiment_labels"
"InstallerResult"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerExtraCode1"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerError"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerError"
"LastInstallerResult"
"UpdateAvailableCount"
"InstallerSuccessLaunchCmdLine"
"ap"
[HKCU\Software\CatalinaGroup\Update]
"LastInstallerResultUIString"
"LastInstallerExtraCode1"
"LastInstallerResult"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"iid"
The process citrio.exe:1436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 BB 5E 13 02 E0 3D 27 4A 70 50 FD 6D B8 AE F5"
The process citrio.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 D2 9A DF 06 3B 18 41 52 EF 1A E2 05 8B B0 15"
The process citrio.exe:2980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 72 17 01 97 AD 99 FE 58 28 80 C4 53 0A 05 0C"
The process citrio.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 48 A0 7F 14 1F CE 9F FE 0B A8 8E 30 4A E0 6E"
The process citrio.exe:1716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B DD E1 20 08 E0 37 BA A6 FA 4A 15 7A 3A D6 85"
The process citrio.exe:2624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 F8 A9 62 94 48 76 C4 3B DC 2C BA 57 DD B7 0A"
The process citrio.exe:2876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 25 BD 0C EC B1 69 BD 67 69 7F 8C 8A 9D 45 4C"
[HKCU\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.39_0\binaries\win\imageformats]
"qico4.dll" = "40806, 0, Windows msvc release full-config, 2016-03-31T12:19:48"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
The process citrio.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 40 BA 2F 89 60 6C 12 73 02 24 44 94 4A D8 34"
The process citrio.exe:304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 03 21 D6 97 5C 26 A6 DC 56 A1 46 41 67 75 1B"
The process citrio.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 02 29 4A 30 4C 5E 70 E6 59 8D 00 EC 3C 1A D1"
The process citrio.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 C9 97 22 CA 49 86 12 1B D1 54 69 F3 DA 72 A7"
The process citrio.exe:1032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 74 B6 D8 10 7D F0 5F 9B 8C A3 1E 1B B0 27 18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process citrio.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"dr" = "1"
"usagestats" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"Version" = "48.0.2564.270"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
[HKCU\Software\CatalinaGroup\Citrio\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"
[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"State" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"lastrun" = "13105790222553375"
[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastWasDefault" = "Type: REG_QWORD, Length: 8"
"_NumSignedIn" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"
[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"failed_count" = "0"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 0D 33 22 E3 6B 44 30 9C 92 4F BE 2C 7E 4F 5C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"_NumAccounts" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
The Trojan deletes the following registry key(s):
[HKCU\Software\CatalinaGroup\Citrio\BLFinchList]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"FirstNotDefault"
The process citrio.exe:1452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 2C EC D0 70 28 2B 91 4D 96 42 40 57 62 07 C1"
The process citrio.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A F3 1B 67 93 F7 79 B9 A7 9A 13 EF 7E 79 07 58"
The process citrio.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 18 6D 5A E7 0F DF 16 5C F9 D8 3D 21 11 A0 AE"
The process citrio.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 92 2F 9D B9 C8 EA 71 0B B9 B0 68 70 68 EB 0F"
The process citrio.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 0A 2D 72 22 F1 36 1C 52 C6 B3 89 FE F0 BF A1"
The process citrio.exe:2064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 CF FE EA 14 74 CD 2F 78 62 78 AA 21 43 79 50"
The process citrio.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 1A F5 FC 38 96 0F 21 E0 51 23 09 88 48 D0 15"
The process citrio.exe:516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 8F 24 7B 02 A0 8D 1A 5F 56 13 3E 04 F2 6D 25"
The process CatalinaCrashHandler.exe:788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF B3 19 BF 83 C5 27 8A 8E 88 6A F7 F6 C1 4C D9"
The process setup.exe:132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".avi" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".webp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".AAC" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\magnet\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio,"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"HideIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --hide-icons"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"NoRepair" = "1"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKCR\.xht\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\delegate_execute.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationName" = "Citrio"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mov" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".xhtml" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xa" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"nntp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".flv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".torrent" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"https" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"Publisher" = "© Catalinagroup Ltd."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"lang" = "en"
[HKCU\Software\Classes\ftp]
"URL Protocol" = ""
[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".shtml" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"pv" = "48.0.2564.270"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"IconsVisible" = "1"
"ReinstallCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --make-default-browser"
[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"pv" = "48.0.2564.270"
[HKCU\Software\Classes\.xht]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".m4v" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".au" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".xht" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\citrio.exe]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application"
[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}]
"(Default)" = "CommandExecuteImpl Class"
[HKCU\Software\Classes\.html]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"bt" = "1"
[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""
[HKCR\.htm\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerError" = "0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ShowIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --show-icons"
[HKCR\.webp\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayVersion" = "48.0.2564.270"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastWasDefault" = "Type: REG_QWORD, Length: 8"
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\Installer\setup.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mpg" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".nsv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"news" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".asf" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Citrio]
"AssociationsRegistry" = "1"
[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"
[HKCU\Software\Classes\Magnet\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"Version" = "48.0.2564.270"
[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\LocalServer32]
"ServerExecutable" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\delegate_execute.exe"
[HKCU\Software\Classes\.xhtml]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"tel" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerExtraCode1" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D C3 D1 85 E6 32 5B D2 6A E3 96 72 41 E3 83 25"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".wma" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".FLAC" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap" = "-stage:preconditions-full"
"InstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".MP3" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".MP2" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"oopcrashes" = "1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".pdf" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayName" = "Citrio"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mp4" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\Magnet]
"URL Protocol" = ""
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}\Commands\on-os-upgrade]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\Installer\setup.exe --on-os-upgrade --verbose-logging"
[HKCU\Software\Classes\.pdf]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"oopcrashes" = "1"
[HKLM\SOFTWARE\RegisteredApplications]
"Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = "Software\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities"
[HKCU\Software\Classes\https]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".TTA" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\https\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationDescription" = "Citrio is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Citrio."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".3gp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".webm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".tac" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".dts" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".mkv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"NoModify" = "1"
[HKCU\Software\Classes\http\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"ftp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\Startmenu]
"StartMenuInternet" = "Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".wmv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".mka" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\http]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"smsto" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ram" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"
[HKCU\Software\Classes\.shtml]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mailto" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ogv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"webcal" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"lang" = "en"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"magnet" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".3g2" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\.htm]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallArguments" = " --uninstall"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCR\.xhtml\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Classes\Magnet\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"Name" = "Citrio App Launcher"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\Installer\setup.exe --uninstall"
[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"sms" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
"mms" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerResult" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".html" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Citrio Document"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCR\.shtml\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"urn" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCR\.html\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"VersionMajor" = "2564"
"VersionMinor" = "270"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ra" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Classes\.torrent]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".a52" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".rm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".RV" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".htm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\Magnet\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"irc" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"bt" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\citrio.exe]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"http" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".m2v" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"InstallDate" = "20160422"
[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"Name" = "Citrio"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".OGG" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".WAV" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".ogm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Citrio"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application]
"citrio.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe:*:Enabled:Citrio"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap"
"FirstNotDefault"
"InstallerExtraCode1"
The process %original file name%.exe:1108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 37 F1 92 69 1D 93 5E 32 71 7F BB 8F 1B FD 6F"
The process citrio_48.0.2564.270_1.exe:916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 41 FA DB 33 67 ED 13 0C A2 32 77 B7 A1 2B 86"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap" = "-full"
Dropped PE files
| MD5 | File path |
|---|---|
| 7d0b6bb354a3f6b6691502c5bd503dc9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaCrashHandler.exe |
| 7d0b6bb354a3f6b6691502c5bd503dc9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdate.exe |
| 1c6a131e0323a3d713b3f0f1a5f10d44 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateBroker.exe |
| 6cc3b08da9fa41d390632639052fe1a8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe |
| b87ddf1ac52d90617514312ac5d00d84 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdate.dll |
| f0c84a277c8592b525a873a8ab4c01dc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_am.dll |
| 656a00e97bae809b0eaddf58bcee7e18 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ar.dll |
| c5ea0de503e4ed1f152a3ff5e5fc9dbc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bg.dll |
| 7864b7fc5bd7cc3f3fc66ad7ca590531 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bn.dll |
| 6d5c333a5c1ec30a4ba7e746ba573d8e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ca.dll |
| 665942ea4cce982dc8b6ae565b7ed9c1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_cs.dll |
| a757dc0ae5b5785e0fb621c5dab4384c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_da.dll |
| 32a09f1479b908c047d02a63a04a976b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_de.dll |
| fb296504678c1621ff23ffdcedfd8cac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_el.dll |
| 9e69f21ab21d6f6b08b6fdf2edebdd11 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en-GB.dll |
| 8bc4b42d2f5d9a43a2231238f68f68df | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en.dll |
| 175e9d591d1fe35ba99057c928bbcdfe | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es-419.dll |
| bd4070f2a82d186b0ce640cac32cef4b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es.dll |
| 0b7c562451dde20bbbcc525717a34c66 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_et.dll |
| 5e3a22452b0e4dd95508905b61ae7ced | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fa.dll |
| d9b69a0efd534c155208bcb015809c06 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fi.dll |
| 342e67d723afc84a4e1d9502dcfc2bf5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fil.dll |
| 25696887c9607fd39d150298b8273c7a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fr.dll |
| d0ec1b6035a5ef0036c552a36a42603a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_gu.dll |
| ab38adc0e4b51d4c21431668e8d91981 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hi.dll |
| c9eae0fc9f7bf6d3bcd993b79cc6c991 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hr.dll |
| 7694f8d6f5283f5dc9cdfc6d0d183b04 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hu.dll |
| 9de5b3a597581b10bf2460b8dd1df903 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_id.dll |
| a8615f74d25d020e9c7f3d1de648c0d7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_is.dll |
| 9d72401205110ff71170c7e9ca4c8790 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_it.dll |
| a175800550d164070134f430848bd257 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_iw.dll |
| 1bd96b5449e7f4e49599eecdfc4c0c6b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ja.dll |
| f009bc876b0d5c2896104c5497ca9747 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_kn.dll |
| 983708ab4bc45225d61c37ed110f25fc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ko.dll |
| be9feb87d36efe8fc7832fa2c2b29d11 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lt.dll |
| 498a3247a2d4113117ac68dbeb626a73 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lv.dll |
| b2208bd9296e3ff89100743b64d65ec9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ml.dll |
| c9c73019d8a628e9058580975069878f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_mr.dll |
| 0db87ba47c50eefb5a19d8b637901839 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ms.dll |
| 18d4678bca5f87e4e7bda4e78fd7520e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_nl.dll |
| 97ace99fe631f6c38e843c0218ccba22 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_no.dll |
| 0913df5e9c19a049944455216d6c90af | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pl.dll |
| 462c0d5d7cd340418a8dfbc1187f5946 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-BR.dll |
| a3678075d56943c14d5bbc48d3758287 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-PT.dll |
| ca4865cf13eb7258d13a45ea1f7ab5d8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ro.dll |
| 8315343ac4fa8b98aa546906c5eb3c6a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ru.dll |
| 8a594c5410f37e6beae7a3cbfb54479c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sk.dll |
| e24a2defa5c3cf20ae1da44755a44777 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sl.dll |
| db52f5401a058170c8d41d4aba550ab2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sr.dll |
| 4c3942d1ce30fb9d483b6bd534f764fe | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sv.dll |
| 679de67d4897f15b9273b2eccbfeac88 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sw.dll |
| b25247beeb2ab330af23bdf557057b5d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ta.dll |
| 19a6eeaff2b6cea27949ecc5a59c5b03 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_te.dll |
| b516ee24868e6d6ced3c52025e524740 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_th.dll |
| 8906d7cad6007e9eaa5718fb14fb4fd0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_tr.dll |
| 9900d06b8027222609d6f53e160dfe79 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_uk.dll |
| 28ce05e08253d40ca84ff3c156e8f151 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ur.dll |
| 7d4383d6a1d8a63d9878184ebdc097b7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_vi.dll |
| bd7575143d50b9b40fa56b90e4d26f7d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-CN.dll |
| 283ffa3ea779b4ecd75d525a14921daf | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-TW.dll |
| e412837bc5148eeddbc06ae0c9464bbb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll |
| 156f6226a3c2fa34198aafc978c8f53f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psmachine.dll |
| ed9ae12a56cce0d9f905153d74971958 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll |
| 7d0b6bb354a3f6b6691502c5bd503dc9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe |
| 7d0b6bb354a3f6b6691502c5bd503dc9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe |
| 7d0b6bb354a3f6b6691502c5bd503dc9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe |
| 1c6a131e0323a3d713b3f0f1a5f10d44 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe |
| 6cc3b08da9fa41d390632639052fe1a8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe |
| b87ddf1ac52d90617514312ac5d00d84 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdate.dll |
| f0c84a277c8592b525a873a8ab4c01dc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll |
| 656a00e97bae809b0eaddf58bcee7e18 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll |
| c5ea0de503e4ed1f152a3ff5e5fc9dbc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll |
| 7864b7fc5bd7cc3f3fc66ad7ca590531 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll |
| 6d5c333a5c1ec30a4ba7e746ba573d8e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll |
| 665942ea4cce982dc8b6ae565b7ed9c1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll |
| a757dc0ae5b5785e0fb621c5dab4384c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll |
| 32a09f1479b908c047d02a63a04a976b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll |
| fb296504678c1621ff23ffdcedfd8cac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll |
| 9e69f21ab21d6f6b08b6fdf2edebdd11 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll |
| 8bc4b42d2f5d9a43a2231238f68f68df | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll |
| 175e9d591d1fe35ba99057c928bbcdfe | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll |
| bd4070f2a82d186b0ce640cac32cef4b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll |
| 0b7c562451dde20bbbcc525717a34c66 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll |
| 5e3a22452b0e4dd95508905b61ae7ced | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll |
| d9b69a0efd534c155208bcb015809c06 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll |
| 342e67d723afc84a4e1d9502dcfc2bf5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll |
| 25696887c9607fd39d150298b8273c7a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll |
| d0ec1b6035a5ef0036c552a36a42603a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll |
| ab38adc0e4b51d4c21431668e8d91981 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll |
| c9eae0fc9f7bf6d3bcd993b79cc6c991 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll |
| 7694f8d6f5283f5dc9cdfc6d0d183b04 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll |
| 9de5b3a597581b10bf2460b8dd1df903 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll |
| a8615f74d25d020e9c7f3d1de648c0d7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll |
| 9d72401205110ff71170c7e9ca4c8790 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll |
| a175800550d164070134f430848bd257 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll |
| 1bd96b5449e7f4e49599eecdfc4c0c6b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll |
| f009bc876b0d5c2896104c5497ca9747 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll |
| 983708ab4bc45225d61c37ed110f25fc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll |
| be9feb87d36efe8fc7832fa2c2b29d11 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll |
| 498a3247a2d4113117ac68dbeb626a73 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll |
| b2208bd9296e3ff89100743b64d65ec9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll |
| c9c73019d8a628e9058580975069878f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll |
| 0db87ba47c50eefb5a19d8b637901839 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll |
| 18d4678bca5f87e4e7bda4e78fd7520e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll |
| 97ace99fe631f6c38e843c0218ccba22 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll |
| 0913df5e9c19a049944455216d6c90af | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll |
| 462c0d5d7cd340418a8dfbc1187f5946 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll |
| a3678075d56943c14d5bbc48d3758287 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll |
| ca4865cf13eb7258d13a45ea1f7ab5d8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll |
| 8315343ac4fa8b98aa546906c5eb3c6a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll |
| 8a594c5410f37e6beae7a3cbfb54479c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll |
| e24a2defa5c3cf20ae1da44755a44777 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll |
| db52f5401a058170c8d41d4aba550ab2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll |
| 4c3942d1ce30fb9d483b6bd534f764fe | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll |
| 679de67d4897f15b9273b2eccbfeac88 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll |
| b25247beeb2ab330af23bdf557057b5d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll |
| 19a6eeaff2b6cea27949ecc5a59c5b03 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll |
| b516ee24868e6d6ced3c52025e524740 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll |
| 8906d7cad6007e9eaa5718fb14fb4fd0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll |
| 9900d06b8027222609d6f53e160dfe79 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll |
| 28ce05e08253d40ca84ff3c156e8f151 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll |
| 7d4383d6a1d8a63d9878184ebdc097b7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll |
| bd7575143d50b9b40fa56b90e4d26f7d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll |
| 283ffa3ea779b4ecd75d525a14921daf | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll |
| e412837bc5148eeddbc06ae0c9464bbb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll |
| 156f6226a3c2fa34198aafc978c8f53f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psmachine.dll |
| ed9ae12a56cce0d9f905153d74971958 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psuser.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
CatalinaUpdate.exe:1176
CatalinaUpdate.exe:1076
CatalinaUpdate.exe:1824
CatalinaUpdate.exe:2000
CatalinaUpdate.exe:1388
CatalinaUpdate.exe:1484
citrio.exe:1436
citrio.exe:900
citrio.exe:2980
citrio.exe:1836
citrio.exe:1716
citrio.exe:2092
citrio.exe:304
citrio.exe:1152
citrio.exe:1032
citrio.exe:1452
citrio.exe:1484
citrio.exe:436
citrio.exe:364
citrio.exe:2064
citrio.exe:252
CatalinaCrashHandler.exe:788
setup.exe:132
%original file name%.exe:1108
citrio_48.0.2564.270_1.exe:916 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_uk.dll (26 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdate.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_zh-CN.dll (19 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install\{6314A6BB-F8EF-431B-8E6C-E0F22F781FA8}\citrio_48.0.2564.270_1.exe (449813 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\48.0.2564.270\citrio_48.0.2564.270_1.exe (449813 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\jquery-1.11.0.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\download-all-disable.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\theme.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\id\messages.json (994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\static.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\disable.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all-active.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\download-all.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\sprite.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\locale.js (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\en\messages.json (981 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\background.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\select-all-hover.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\manifest.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\DECODED_IMAGES (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\js.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\CRX_INSTALL\skin\icons\open-icon.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ms\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16-old.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\manifest.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\16.png (497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\DECODED_MESSAGE_CATALOGS (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\en\messages.json (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\fil\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\locale.js (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.tw.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\css\template.css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.fb.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\id\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon35.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\background.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\_locales\pt_BR\messages.json (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon64.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\js\popup.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\CRX_INSTALL\images\icon.gp.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\uk\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\reg-logo.png (64797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\man.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osble700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossce600.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\pt_BR\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\login\login.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\dollar-green.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ms\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossc600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular-animate.min.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osce400.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recoverOk.html (635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osl400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\id\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossl600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\manifest.json (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\fil\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslle300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\header-dollar-icon.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\animation.css (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registrationOk.html (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbce700.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslce300.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\login\loginCtrl.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ar\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon128.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\icon32.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\background.js (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_IMAGES (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recover.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registrationCtrl.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\statistic\statisticCtrl.js (709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular.js (64174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\ossle600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\statistic.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbc700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\registration\registration.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osc400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\angular-route.min.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\oslc300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osbl700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\globalService.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\fonts.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\DECODED_MESSAGE_CATALOGS (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osll300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\libs\jquery-2.1.4.min.js (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\recover\recoverCtrl.js (873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\en\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\app.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\app\statistic\statistic.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\ru\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\_locales\th\messages.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\css\font\osle400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\CRX_INSTALL\images\close.png (64683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\debug.log (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (287042 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\uk\messages.json (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7YjEcZG5LWFE2yA (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\download_all.crx (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ru\messages.json (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data (3478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1C.tmp (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\11.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\19.tmp (327 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_3 (2808 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_2 (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_1 (18792 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_0 (53600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hhft7kb30WbZELS (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\citrio_ext.crx (114298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0L6kzSrLIHtUDZV (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_8429\media_downloader.crx (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\18.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000001 (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\proxy.crx (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\th\messages.json (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data (29629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\16.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\pt_BR\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000003.log (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\LOG (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ms\messages.json (473 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000002 (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xmqsjnT2msxoNHR (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QpsafpCJEzphWcA (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\1B.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\LOG (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\id\messages.json (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1A.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon16.png (420 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Visited Links (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\15.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QccOEVX8Z1CTdLn (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor (5093 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites-journal (12948 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_3034\10.tmp (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vg9F8HkO8Hkm7Sp (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\fil\messages.json (490 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_19.png (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\14.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History (21181 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\README (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_21420\share_page.crx (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Current Session (4849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_X39xQmJOdX9TZjg (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_16.png (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons (4342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (4998877 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data-journal (13750 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History-journal (12512 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\LOG (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\en\messages.json (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1D.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000003.log (9746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\_locales\ar\messages.json (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\17.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor-journal (11985 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\C.tmp (1478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ao.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ml.png (463 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mm.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ad.png (540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ag.png (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\doT.min.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ck.png (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cx.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bt.png (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pf.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kn.png (662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\am.png (414 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\io.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ee.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ht.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\om.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ch.png (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bj.png (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bw.png (425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bv.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dk.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nu.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kr.png (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\aq.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pe.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lc.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dz.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ng.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kg.png (525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\speed.png (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\tmpl.js (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bh.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gt.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gu.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mx.png (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\th\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ir.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pl.png (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mp.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ms.png (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cz.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hn.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jm.png (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fi.png (405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gy.png (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ki.png (679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\co.png (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ke.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dm.png (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lu.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\er.png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\es.png (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kz.png (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gl.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\at.png (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mq.png (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ly.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gq.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mn.png (546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cl.png (424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ru\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cy.png (456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gw.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fj.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\et.png (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hk.png (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\au.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gg.png (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\it.png (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cc.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\settings.png (871 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\je.png (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bl.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\model.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mu.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ie.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fo.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pg.png (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bo.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gd.png (683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ge.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cd.png (621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bf.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\la.png (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bb.png (573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bm.png (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lb.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mg.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pa.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\close.png (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\no.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gm.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mr.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ai.png (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bd.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jo.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mk.png (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\id\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\is.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\logging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ae.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gp.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\me.png (555 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ci.png (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cu.png (513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\dj.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kw.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\ar\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bg.png (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ec.png (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\iq.png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kh.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\eg.png (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\eh.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\af.png (534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hr.png (553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\manifest.json (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\uk\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lt.png (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cr.png (364 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\az.png (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\de.png (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nz.png (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\settings-act.png (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\in.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bz.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\base64.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\profile_detail.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\br.png (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ls.png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\sandbox.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mw.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cf.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.route.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\an.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\mochi.js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gs.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\list-img.png (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\id.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gh.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gi.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\il.png (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ba.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ar.png (439 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\as.png (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\na.png (717 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\km.png (561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ph.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gr.png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\spine.local.js (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\new.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cv.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\np.png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nr.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gn.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mv.png (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mo.png (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\ui.js (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\im.png (543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\aw.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hm.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\be.png (452 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\sandbox.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ca.png (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cn.png (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cm.png (502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\md.png (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\popup.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\list-img-ac.png (620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\do.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ax.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\by.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mh.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\cg.png (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\styles\mochi.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ni.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fr.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nl.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\my.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lr.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\fm.png (565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mt.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\kp.png (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\al.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\agent.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ne.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\hu.png (369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ma.png (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\styles\style.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bn.png (654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lk.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mz.png (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\li.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bs.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ky.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\gb.png (707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\ga.png (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\jp.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pk.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\nc.png (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\sl_arrow.png (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\popup.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\mc.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\bi.png (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\lv.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\image\flags\pm.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\scripts\profile_list.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_32672\CRX_INSTALL\_locales\en\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\button.logo.inactive.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_MESSAGE_CATALOGS (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.ui.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.popup.js (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\icon.close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\DTA.interface.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\js\locale.js (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\css\template.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_27275\CRX_INSTALL\images\button.logo.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\QtCore4.dll (152471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_notification.js (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\python34.dll (164484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_lzma.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\background.html (346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\msvcp100.dll (27336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_IMAGES (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\QtGui4.dll (541377 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\youtube-dl.exe (195990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\unicodedata.pyd (48768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\content_dv.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\dlnlib.dll (38624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\msvcr100.dll (49672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\pywintypes34.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_socket.pyd (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libeay32.dll (76989 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\select.pyd (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_bz2.pyd (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libtorrent.dll (129574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\icon_empty.png (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\Include\pyconfig.h (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\ssleay32.dll (18768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\imageformats\qico4.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_elementtree.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_ssl.pyd (66767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\zlib1.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_hashlib.pyd (49912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_dv.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\win32wnet.pyd (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\citrio_ext.dll (34392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\pyexpat.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\base_library.zip (206432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\_ctypes.pyd (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\libcurl.dll (22840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\background_stats.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\scripts\content_stats.js (605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1520_20544\CRX_INSTALL\binaries\win\win32api.pyd (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_watcher.dll (1661 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\48.0.2564.270.manifest (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\el.pak (1752 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sr.pak (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\wow_helper.exe (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\et.pak (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ca.pak (265 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\th.pak (1798 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hu.pak (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sk.pak (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_elf.dll (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\mr.pak (1812 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\delegate_execute.exe (3802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pt-BR.pak (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\48.0.2564.270\Installer\setup.exe (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\secondarytile.png (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\chrome.VisualElementsManifest.xml (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\PepperFlash\pepflashplayer.dll (124061 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\share_page.crx (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl_irt_x86_64.nexe (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libexif.dll (307 bytes)
%Documents and Settings%\%current user%\Desktop\Facebook.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\media_downloader.crx (1670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\he.pak (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\es.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hi.pak (1820 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\citrio.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\kn.pak (3680 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_child.dll (321430 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\zh-TW.pak (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libglesv2.dll (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\nb.pak (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\icudtl.dat (75554 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\lt.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\gu.pak (1805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\nl.pak (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fa.pak (1654 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\natives_blob.bin (1711 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\en-GB.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\vi.pak (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\te.pak (1870 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\id.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\am.pak (1647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\hr.pak (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pl.pak (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\bg.pak (1714 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fr.pak (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\resources.pak (150724 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio.dll (259439 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\en-US.pak (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\cs.pak (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\bn.pak (1839 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\de.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\it.pak (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ms.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\nacl_irt_x86_32.nexe (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\da.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\zh-CN.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\tr.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\download_all.crx (1766 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sw.pak (241 bytes)
%Documents and Settings%\%current user%\Desktop\YouTube.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fi.pak (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\widevinecdmadapter.dll (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ml.pak (3743 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ar.pak (1641 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\VisualElements\smalllogo.png (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\citrio_ext.crx (110258 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\uk.pak (1698 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\PepperFlash\version.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\fil.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\metro_driver.dll (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\VisualElements\logo.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\proxy.crx (1676 bytes)
%Documents and Settings%\%current user%\Desktop\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\libegl.dll (78 bytes)
%Documents and Settings%\%current user%\Desktop\Chrome Web Store.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sv.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\citrio.7z (1358422 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\lv.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ko.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ja.pak (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ta.pak (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\snapshot_blob.bin (1802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_100_percent.pak (6303 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ru.pak (1688 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_material_200_percent.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_material_100_percent.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\pt-PT.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\es-419.pak (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Extensions\external_extensions.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\citrio_200_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\sl.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source132_27533\Citrio-bin\48.0.2564.270\Locales\ro.pak (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\setup.exe (20838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\SETUP.EX_ (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_8A650.tmp\CITRIO.PACKED.7Z (443233 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Catalina Group Ltd.
Product Name: CatalinaGroup Update
Product Version: 1.3.25.223
Legal Copyright: Copyright 2013 Catalina Group Ltd.
Legal Trademarks:
Original Filename: CatalinaUpdateSetup.exe
Internal Name: CatalinaGroup Update Setup
File Version: 1.3.25.223
File Description: CatalinaGroup Update Setup
Comments:
Language: English (United States)
Company Name: Catalina Group Ltd.Product Name: CatalinaGroup UpdateProduct Version: 1.3.25.223Legal Copyright: Copyright 2013 Catalina Group Ltd.Legal Trademarks: Original Filename: CatalinaUpdateSetup.exeInternal Name: CatalinaGroup Update SetupFile Version: 1.3.25.223File Description: CatalinaGroup Update SetupComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 47535 | 47616 | 4.63635 | 2752a1441fa592610b94de20c1f02a58 |
| .rdata | 53248 | 10788 | 11264 | 3.70498 | f8b087598f2912cfeac2e6c544d973d1 |
| .data | 65536 | 6460 | 3584 | 1.72368 | 8e425fbedc6927dfabb8fdfaaf8e8d97 |
| .rsrc | 73728 | 651528 | 651776 | 5.29872 | 8f31078265e68ca8bd2c7c465bdd0aab |
| .reloc | 729088 | 5598 | 5632 | 2.64966 | 17957bd86fff892742280f82a0bf537a |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://c-0001.c-msedge.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
| hxxp://c-0001.c-msedge.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
| hxxp://gs1.wpc.v2cdn.net/80A164/ch-cdn/download/citrio_48.0.2564.270_1.exe | |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 13.107.4.50 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | 13.107.4.50 |
| hxxp://wpc.A164.taucdn.net/80A164/ch-cdn/download/citrio_48.0.2564.270_1.exe | |
| catalinahub.net | 95.211.171.218 |
| wpc.a164.taucdn.net | 93.184.221.133 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Length: 18
Content-Type: text/plain
Last-Modified: Thu, 28 Jan 2016 17:51:53 GMT
Accept-Ranges: bytes
ETag: "80823092f459d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-CID: 7
X-CCC: RU
X-MSEdge-Ref: Ref A: 555255EDE5EB43EF9710372C41C1094C Ref B: 0783A5C2F0384DA8C6A9618408859E22 Ref C: Fri Apr 22 02:15:02 2016 PST
Date: Fri, 22 Apr 2016 09:15:01 GMT
1401D159F4929680B9....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Length: 49661
Content-Type: application/octet-stream
Last-Modified: Thu, 28 Jan 2016 18:43:43 GMT
Accept-Ranges: bytes
ETag: "80d9e4cffb59d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-CID: 7
X-CCC: RU
X-MSEdge-Ref: Ref A: 21F5CECDC8D44B7C922E5BE835A3F154 Ref B: 06BD794EFD41FDE7615E08842E039B20 Ref C: Fri Apr 22 02:15:02 2016 PST
Date: Fri, 22 Apr 2016 09:15:02 GMT
MSCF............,...................I.......d.........<H.T .authroot.stl. ..-.8..CK...<Tk........./.........Z..e..P..D.&.BRTH...E..E.b.["$qS)....-...[..}.o~g...q...Y...n...........aF\!.lI.4..0..ef.W.....C`....Y..F.D5...Y.A....1.|..c.1...Nc.Y..x..D...NP[FX...O.s@.aN.....'.B......."(~3z-.@~..|}(.......g4.p.........h.n.dQz..t.V.......;.....Q...d/../.pJ...6....E...A.@..]..T9..28..,..p...).....P:}.K...]=.7X.f..9..yB.P....uP$$...Q.u..y..".=......7...........#.X..P.8....>U....v.[.$.e...H.@~..........ea`.3...tLX...].-....<.........v.....M../..z6.t^.....p....M...v(CP%F.......!eX..a...-..G.....S%..l.....Y..(.*.-....C.L0...G.....).rm8...(7.T{.Q...."...B`H.....3..9..-..Vv.5Q.e.W.../...RY.v.P. .........l......8'.&z......3.;:...U4.."....yu... .."....d .e/7.;.XD*tn%$.........];..fY.R...7.....o.=xh...]..4...\.:...v....t..9 .nO.i}.T../(uke..p.&.6.E#.=b...@.R.P...*.s....h......(/.s.%.3g...:*X.].7.IE....E,.w.8......v...r4.qOh}~..E.5t...l...(*..2....`..F..".a:.t....9...W.kO?5..=..HhYrI.Sf..[:...3..2..)DB...;......(...B.......U(...._F./#.k@....9c.Y..G'..]...p..;M_o..~.3?.}.1M.5.f5)._......t _.6...l..K....OsY.0......H...^..\$P;U....8..)...1........J...uE..#n.......h.......17.P=,P.....}z.&..../..a.........p@.|KB..o.E..|..o.mr......m=.(v.:.i....@..I..w>4y....P........F...&... ....r$d..{B...)..A.`..x4E'~`V.."..(..(./G...@_Q`.....O...~`..~...x..KN~....Dko/A{..!...W..G,`)...*...#......q`..H.........%m..G....5..4.....?.......F...{.%..2....l.L....."...Y........ ...].\........... D..Y...!1..*.....M?..G..A.|Ex......~...s.!.=..
<<< skipped >>>
HEAD /80A164/ch-cdn/download/citrio_48.0.2564.270_1.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: wpc.A164.taucdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, public
Content-Type: application/octet-stream;charset=UTF-8
Date: Fri, 22 Apr 2016 09:15:08 GMT
Etag: W/"59175824-1459869281000"
Expires: Fri, 22 Apr 2016 09:15:09 GMT
Last-Modified: Tue, 05 Apr 2016 15:14:41 GMT
Server: Apache-Coyote/1.1
X-Cache: HIT
Content-Length: 59175824
HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=0, public..Content-Type: application/octet-stream;charset=UTF-8..Date: Fri, 22 Apr 2016 09:15:08 GMT..Etag: W/"59175824-1459869281000"..Expires: Fri, 22 Apr 2016 09:15:09 GMT..Last-Modified: Tue, 05 Apr 2016 15:14:41 GMT..Server: Apache-Coyote/1.1..X-Cache: HIT..Content-Length: 59175824......
GET /80A164/ch-cdn/download/citrio_48.0.2564.270_1.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: wpc.A164.taucdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, public
Content-Type: application/octet-stream;charset=UTF-8
Date: Fri, 22 Apr 2016 09:15:08 GMT
Etag: W/"59175824-1459869281000"
Expires: Fri, 22 Apr 2016 09:15:10 GMT
Last-Modified: Tue, 05 Apr 2016 15:14:41 GMT
Server: Apache-Coyote/1.1
X-Cache: HIT
Content-Length: 59175824
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W...6...6...6..d.?..6...6...6...O...6...d/..6...6c..6...O*..6..Rich.6..........................PE..L....<.V.................&..........:#.......@....@..........................0......h........................................P..P....`....................... ..........8............................................P...............................text...'%.......&.................. ..`.data........@......................@....idata.......P.......*..............@..@.rsrc........`.......0..............@..@.reloc....... ......................@..B.....................................................................................................................................................................................................................................................................................................................................................................<.V........m... ... ........<.V....................{.9.2.F.8.A.2.1.9.-.E.7.4.0.-.4.9.D.5.-.B.7.8.5.-.B.9.6.2.A.D.8.1.9.7.2.4.}.....{.E.9.F.2.4.A.7.C.-.1.3.C.A.-.4.2.F.B.-.A.4.D.9.-.7.9.C.3.C.9.D.2.1.B.2.8.}.....{.D.E.2.8.A.2.E.A.-.7.7.F.A.-.4.F.2.B.-.8.2.5.2.-.C.3.B.5.8.4.4.F.6.4.5.5.}.....{.F.0.B.5.0.D.5.A.-.4.B.B.A.-.4.5.1.4.-.A.D.2.C.-.E.B.A.5.0.C.2.9.C.4.6.0.}.......@.-.-.c.h.r.o.m.e.-.s.x.s.....-.-.c.h.r.o.m.e.....-.-.c.h.r.o.m.e.-.f.r.a.m.e.....-.-.m.u.l.t.i.-.i.n.s.t.a.l.l...-.-.s.y.s.t
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
CatalinaCrashHandler.exe_788:
.text
.text
`.data
`.data
.text/DE
.text/DE
@.rsrc
@.rsrc
@.reloc
@.reloc
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
CatalinaUpdate_unsigned.pdb
CatalinaUpdate_unsigned.pdb
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
ole32.dll
ole32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
###7777_{
###7777_{
###____777
###____777
###````87{
###````87{
2 2$2(2,20242~2
2 2$2(2,20242~2
4 4$4(4,4
4 4$4(4,4
?$?(?,?4?
?$?(?,?4?
> >@>\>`>
> >@>\>`>
? ?@?\?`?
? ?@?\?`?
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaCrashHandler.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.223\CatalinaCrashHandler.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
goopdate.dll
goopdate.dll
CatalinaUpdate.exe
CatalinaUpdate.exe
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
1.3.25.223
1.3.25.223
2007-2010
2007-2010
2007-2010
2007-2010
citrio.exe_1520:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_516:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_516_rwx_06E0A000_000F5000:
webk
webk
=.DOU
=.DOU
=.DOUu
=.DOUu
=WWW.
=WWW.
citrio.exe_2736:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_2764:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_2736_rwx_06E0A000_000F5000:
XVWSSShH
XVWSSShH
citrio.exe_2624:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_2764_rwx_07A0A000_000F5000:
Ph%xi
Ph%xi
Phß
Phß
j.hYv
j.hYv
webk
webk
=.DOU
=.DOU
=.DOUu
=.DOUu
=.ha"
=.ha"
=.ha"u
=.ha"u
citrio.exe_2764_rwx_0860A000_000F5000:
.facu
.facu
Ph%dX
Ph%dX
webv
webv
=.FAC
=.FAC
=.FACu
=.FACu
Ph%Un
Ph%Un
=HTTP
=HTTP
citrio.exe_2624_rwx_0520A000_00038000:
Ph-%c
Ph-%c
citrio.exe_2624_rwx_0680A000_000F5000:
PhÃ
PhÃ
citrio.exe_2876:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_4016:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe
citrio.exe_4016_rwx_06F0A000_000F5000:
WebK
WebK
citrio.exe_1300:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
HtdHtHHHt.HH
HtdHtHHHt.HH
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
.PjRW
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
Failed to load Chrome DLL from
ChromeMain
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
Could not find exported function
1.3.21.115
1.3.21.115
Chrome
Chrome
0.0.0.0-devel
0.0.0.0-devel
font_key_name
font_key_name
url-chunk
url-chunk
subresource_url
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s-%x
CHROME_MAIN_TICKS
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
No valid Chrome version found
chrome-sxs
chrome-sxs
googlechrome
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
iexplore.exe
googlechromeframe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Failed to open key "
Skipping over key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
CreateNamedPipeW
NtCreateKey
NtCreateKey
NtOpenKey
NtOpenKey
NtOpenKeyEx
NtOpenKeyEx
MetricsReportingEnabled
MetricsReportingEnabled
widevinecdmadapter.dll
widevinecdmadapter.dll
CHROME_VERSION
CHROME_VERSION
CHROME_HEADLESS
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_CRASHED
CHROME_RESTART
CHROME_RESTART
user_experience_metrics.reporting_enabled
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
NTDLL.DLL
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
GetProcessWindowStation
GetProcessWindowStation
operator
operator
(0x%X)
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
%s-%Iu
(%d = %3.1f%%)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
Histogram: %s recorded %d samples
(flags = 0x%x)
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
PlatformFile.UnknownErrors.Windows
user32.dll
user32.dll
.thunks
.thunks
.syzygy
.syzygy
Dictionary keys must be quoted.
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
Line: %i, column: %i, %s
full-memory-crash-report
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
SignalChromeElf
citrio_elf.dll
citrio_elf.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
CreateWindowStationW
CreateWindowStationW
SetProcessWindowStation
SetProcessWindowStation
USER32.dll
USER32.dll
SetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHandleCount
GetProcessHandleCount
KERNEL32.dll
KERNEL32.dll
USERENV.dll
USERENV.dll
WTSAPI32.dll
WTSAPI32.dll
GetCPInfo
GetCPInfo
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
zcÃ
zcÃ
444.44...4
444.44...4
4.4....4.
4.4....4.
..44.44@4
..44.44@4
4@444@4.
4@444@4.
.4@4@@4.
.4@4@@4.
}.GnO
}.GnO
Ôjo
Ôjo
k.SZ[
k.SZ[
j.oii
j.oii
00J0
00J0
4O4
4O4
>">'>,>9>
>">'>,>9>
=&=/=6=>=!>
=&=/=6=>=!>
8!8)8/888
8!8)8/888
8 8$8(8,8
8 8$8(8,8
4 4(40484
4 4(40484
4 4$4(4,40444
4 4$4(4,40444
7 7$7(7,7
7 7$7(7,7
5(545@5`5
5(545@5`5
citrio_watcher.dll
citrio_watcher.dll
citrio.dll
citrio.dll
citrio_child.dll
citrio_child.dll
metro_driver.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeCanary
ChromeSSHTM
ChromeSSHTM
Chrome Canary HTML Document
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chrome
-chromeframe
-chromeframe
WebAccessible
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
DGoogle Chrome Frame
Chrome in a Frame.
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
ntdll.dll
ntdll.dll
pipe\
pipe\
Ckernel32.dll
Ckernel32.dll
kernelbase.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
ALPC Port
eKey
eKey
gdi32.dll
gdi32.dll
xntdll.dll
xntdll.dll
wow_helper.exe"
wow_helper.exe"
shell32.dll
shell32.dll
Crash Reports
Crash Reports
script.log
script.log
resources.pak
resources.pak
chrome
chrome
pepflashplayer.dll
pepflashplayer.dll
version.json
version.json
NPSWF32.dll
NPSWF32.dll
${windows}
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
\\.\pipe\CitrioCrashServices
error %u
error %u
chrome.exe
chrome.exe
hunspecified-crash-key
hunspecified-crash-key
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
Ndebug.log
Ndebug.log
\StringFileInfo\xx\%ls
\StringFileInfo\xx\%ls
Chrome_MessageWindow
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
IDR_X006_CITRIO_CHROMESTORE
48.0.2564.270
48.0.2564.270
citrio_exe
citrio_exe