Skip to main content

Trojan.GenericKD.2153628_499f319ba2


HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.GenericKD.2153628 (B) (Emsisoft), Trojan.GenericKD.2153628 (AdAware), GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 499f319ba2ebf0241a81f913cb940a24

SHA1: fe7d207f8c1767e5b287a1344e746fd75889c23e

SHA256: 7304685e0fc5bb0f0a0ff6bca7f35a1fd2869b62ae74324750331bea8f81de9c

SSDeep: 3072:SRd9BPe9m39tB8BliqKh86F6HSxd3irUm8M772D386PtSACvWDnCEC3lxZd50XFI:QBG9K3eBlZS81HSxNSUXRtTFuEe

Size: 286208 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: TheaterMaxV08.02

Created at: 2015-02-07 19:03:20

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

GoogleUpdate.exe:1992
GoogleUpdate.exe:940
GoogleUpdate.exe:1040
GoogleUpdate.exe:1368
GoogleUpdate.exe:1596
GoogleUpdate.exe:1036
GoogleUpdate.exe:728
chrome_installer.exe:1776
chrome.exe:740
chrome.exe:2712
chrome.exe:1140
chrome.exe:1208
chrome.exe:572
chrome.exe:2736
chrome.exe:3440
chrome.exe:1484
chrome.exe:1716
chrome.exe:3028
chrome.exe:3124
chrome.exe:1376
chrome.exe:500
chrome.exe:2012
chrome.exe:2816
chrome.exe:1156
chrome.exe:2764
chrome.exe:380
chrome.exe:1932
chrome.exe:1620
chrome.exe:2216
chrome.exe:3372
chrome.exe:2000
chrome.exe:2352
chrome.exe:924
chrome.exe:1512
%original file name%.exe:1392
Chromium.exe:396
Chromium.exe:1936
setup.exe:844

The Trojan injects its code into the following process(es):

chrome.exe:2704
chrome.exe:2496

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process GoogleUpdate.exe:1368 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Update\1.3.24.15\goopdateres_hu.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pt-BR.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_de.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ml.dll (40 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_vi.dll (37 bytes)
%Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_cs.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fi.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (51 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_zh-CN.dll (31 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_is.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_lv.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1281 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_am.dll (36 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (312970 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_en.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_da.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fr.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1425 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_et.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ko.dll (33 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ar.dll (35 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_hr.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_iw.dll (35 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pt-PT.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_it.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_bg.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_th.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_nl.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_bn.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ro.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdate.dll (10815 bytes)
%Program Files%\Google\Update\1.3.24.15\psuser_64.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sk.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ru.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_gu.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sw.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sl.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sv.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_el.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ta.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\psmachine.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_kn.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_es-419.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\psmachine_64.dll (673 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_mr.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\psuser.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (51 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_en-GB.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sr.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_zh-TW.dll (31 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ca.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_id.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ur.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ms.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_lt.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ja.dll (34 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_tr.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_hi.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pl.dll (38 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (5 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateSetup.exe (322985 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_no.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_te.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_uk.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fa.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fil.dll (38 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_es.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll (4185 bytes)

The process GoogleUpdate.exe:728 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%WinDir%\Temp\gui3.tmp (107 bytes)
%Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe (312970 bytes)
%Program Files%\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe (312970 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (0 bytes)
%Program Files%\Google\Update\Install (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7} (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96} (0 bytes)

The process chrome_installer.exe:1776 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (1656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (17312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (307964 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (0 bytes)

The process chrome.exe:1140 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\manifest.json (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\de\messages.json (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ar\messages.json (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\et\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fr\messages.json (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sk\messages.json (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_GB\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\cs\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_US\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ro\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sr\messages.json (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\32.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hu\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ja\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ru\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_PT\messages.json (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\el\messages.json (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pl\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\he\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hr\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\it\messages.json (298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ca\messages.json (300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_BR\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es_419\messages.json (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\no\messages.json (300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\16.png (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\da\messages.json (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fi\messages.json (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lv\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fil\messages.json (315 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ko\messages.json (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\bg\messages.json (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sl\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\nl\messages.json (301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lt\messages.json (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hi\messages.json (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\48.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\id\messages.json (297 bytes)

The process chrome.exe:572 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_57Pb6fGDZOtlQMM (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sqE0lbmGPa8MXZ6 (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (20339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xXoAQXVBWAkjVUV (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (4342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (21181 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_COISweXrjgllKSj (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_572_11982\docs.crx (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (564 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFd76b7.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (0 bytes)

The process chrome.exe:1716 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ja\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_BR\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sk\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\de\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_CN\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\manifest.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_PT\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\it\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pl\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sr\messages.json (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ko\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\th\messages.json (313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ar\messages.json (301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\en\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ca\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fr\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\id\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lv\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\128.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lt\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\da\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\se\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ro\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\tr\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\uk\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\el\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\cs\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hi\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_TW\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fi\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fil\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hr\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\bg\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\es\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hu\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\no\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ru\messages.json (275 bytes)

The process chrome.exe:3028 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\error.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio_input.html (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options-compiled.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-normal.gif (524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_en-gb.nmf (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_de.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword-x86-32.nexe (21968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-hotword.gif (482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword.data (18240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio\1_short_Open_16_16.wav (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_.nmf (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-manager-compiled.js (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\hotword.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_metadata\verified_contents.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-input-compiled.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\speech.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_fr.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\content-bundle-compiled.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_ru.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\background.html (276 bytes)

The process chrome.exe:3124 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.js (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\no\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (243 bytes)

The process chrome.exe:2012 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\it\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\128.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\de\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\el\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\da\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\no\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\th\messages.json (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\et\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\he\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\id\messages.json (241 bytes)

The process chrome.exe:1156 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.js (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (66 bytes)

The process chrome.exe:1620 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (1454 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\17.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\search.crx (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\youtube.crx (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (3596 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (7647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (1678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (3340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\gmail.crx (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000004.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (9448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bNd36tTOLoR3h7H (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\18.tmp (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GtiYnPzbOv7mbuG (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2692 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\7.tmp (854 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (12870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bwgWHZEk4opAHGG (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\drive.crx (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (2527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\E.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PTU8u5A3XtVHHVY (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (19573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (745 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFda420.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT~RFd97ac.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_1620_13770 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFd7d9d.TMP (0 bytes)

The process chrome.exe:2216 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\id\messages.json (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\de\messages.json (571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\da\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\et\messages.json (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\it\messages.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lt\messages.json (563 bytes)

The process chrome.exe:3372 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_background.js (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (655 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_window.js (10864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (1 bytes)

The process chrome.exe:2496 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\22.tmp (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9936 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2B.tmp (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000002 (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5097 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (655 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\20.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_tyxbQ2jGgiGmaPw (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_FBAnhFdYjaHhnn8 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000006 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (844 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (732 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS (1932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (7005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\23.tmp (840 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PqEbG3oWHswgdzP (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000002 (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CY1CTTavDQSS5c9 (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager (5791 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (6215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (618 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000004.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ew7Rjwo7eR2qtqJ (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (4056 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS-JOURNAL (1208 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (507756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index-journal (21474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (46613 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000001 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000006.log (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs (2093 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (115472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (2898 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (16786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (26368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (160432 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2024 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\25.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (7612 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\27.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (969152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IpNmEptaMtzPlTw (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000006.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_1 (12440 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_0 (6404 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_3 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_2 (3368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000008.log (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (3712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (19820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (672 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (929 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\26.tmp (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (16088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (2960 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (10304 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (36336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (7005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (764 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\29.tmp (703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index (16655 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004 (69 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_8177 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFed240.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFde84d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFe313d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_14298 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT~RFdd581.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFf23ab.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\__MACOSX (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\index (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFde81e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_6863 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT~RFdd1f6.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFde7b1.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFf10b0.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFe1931.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe11af.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\CURRENT~RFdd60d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe5a7f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFdc247.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old~RFdc12d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (0 bytes)

The process chrome.exe:2000 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ca\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\el\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\it\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hi\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hu\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fi\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fil\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\he\messages.json (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lv\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ja\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\id\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ko\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\de\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\da\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\cs\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\no\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\nl\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\bg\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\pl\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\es\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hr\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\en\messages.json (216 bytes)

The process %original file name%.exe:1392 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Chromium.exe (36452 bytes)

The process Chromium.exe:396 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\default_apps\app.crx (1 bytes)
%Program Files%\Google\Chrome\Application\default_apps\external_extensions.json (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State (425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Chromium.exe (5491424 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (0 bytes)

The process Chromium.exe:1936 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Program Files%\GUM1.tmp\goopdateres_en.dll (36 bytes)
%Program Files%\GUM1.tmp\psuser_64.dll (189 bytes)
%Program Files%\GUM1.tmp\goopdateres_ur.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ml.dll (40 bytes)
%Program Files%\GUM1.tmp\goopdateres_sl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ca.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ta.dll (39 bytes)
%Program Files%\GUT2.tmp (356471 bytes)
%Program Files%\GUM1.tmp\goopdateres_es-419.dll (38 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (51 bytes)
%Program Files%\GUM1.tmp\goopdateres_sr.dll (37 bytes)
%Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (153282 bytes)
%Program Files%\GUM1.tmp\goopdateres_hi.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files%\GUM1.tmp (32 bytes)
%Program Files%\GUM1.tmp\goopdateres_en-GB.dll (36 bytes)
%Program Files%\GUM1.tmp\goopdateres_it.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_ko.dll (33 bytes)
%Program Files%\GUM1.tmp\goopdateres_de.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_fa.dll (36 bytes)
%Program Files%\GUM1.tmp\npGoogleUpdate3.dll (1126 bytes)
%Program Files%\GUM1.tmp\psmachine.dll (166 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_id.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_th.dll (36 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (51 bytes)
%Program Files%\GUM1.tmp\goopdateres_cs.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_uk.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_tr.dll (37 bytes)
%Program Files%\GUM1.tmp\psmachine_64.dll (189 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (31 bytes)
%Program Files%\GUM1.tmp\goopdateres_hu.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_es.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_bn.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_el.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_ms.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ja.dll (34 bytes)
%Program Files%\GUM1.tmp\GoogleUpdate.exe (116 bytes)
%Program Files%\GUM1.tmp\goopdateres_sk.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_nl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdate.dll (3850 bytes)
%Program Files%\GUM1.tmp\goopdateres_no.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_fil.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ro.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_mr.dll (38 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler.exe (230 bytes)
%Program Files%\GUM1.tmp\goopdateres_lv.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_da.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\GUM1.tmp\goopdateres_te.dll (39 bytes)
%Program Files%\GUM1.tmp\psuser.dll (166 bytes)
%Program Files%\GUM1.tmp\goopdateres_am.dll (36 bytes)
%Program Files%\GUM1.tmp\goopdateres_is.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_fr.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_sw.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_pl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_et.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_vi.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_lt.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (114 bytes)
%Program Files%\GUM1.tmp\goopdateres_sv.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ar.dll (35 bytes)
%Program Files%\GUM1.tmp\goopdateres_iw.dll (35 bytes)
%Program Files%\GUM1.tmp\goopdateres_bg.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ru.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_kn.dll (39 bytes)
%Program Files%\GUM1.tmp\OfflineManifest.gup (5 bytes)
%Program Files%\GUM1.tmp\goopdateres_gu.dll (39 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (322985 bytes)
%Program Files%\GUM1.tmp\goopdateres_fi.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_hr.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (31 bytes)

The Trojan deletes the following file(s):

%Program Files%\GUM1.tmp\goopdateres_en.dll (0 bytes)
%Program Files%\GUM1.tmp\psuser_64.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ur.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ml.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ca.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ta.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_et.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_es-419.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sr.dll (0 bytes)
%Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hi.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (0 bytes)
%Program Files%\GUM1.tmp (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_en-GB.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_it.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ko.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_de.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fa.dll (0 bytes)
%Program Files%\GUM1.tmp\npGoogleUpdate3.dll (0 bytes)
%Program Files%\GUM1.tmp\psmachine.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_id.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_th.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_cs.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_uk.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_tr.dll (0 bytes)
%Program Files%\GUM1.tmp\psmachine_64.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hu.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_es.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_bn.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_el.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ms.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ja.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdate.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sk.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_nl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdate.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_no.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_gu.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ro.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_mr.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_lv.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_da.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_te.dll (0 bytes)
%Program Files%\GUM1.tmp\psuser.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_am.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_is.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fr.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sw.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fil.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_vi.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_lt.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sv.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ar.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_iw.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_bg.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ru.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_kn.dll (0 bytes)
%Program Files%\GUM1.tmp\OfflineManifest.gup (0 bytes)
%Program Files%\GUT2.tmp (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fi.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hr.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (0 bytes)

The process setup.exe:844 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lv.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\splash-620x300.png (10 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Extensions\external_extensions.json (99 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (3916 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nb.pak (259 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\resources.pak (113371 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-PT.pak (282 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (73 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\VisualElementsManifest.xml (399 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\uk.pak (1728 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_elf.dll (133 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\id.pak (258 bytes)
%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\youtube.crx (23 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\icudtl.dat (76792 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libegl.dll (211 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nl.pak (277 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hu.pak (301 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\manifest.json (2 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\ffmpegsumo.dll (9606 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fil.pak (291 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sl.pak (264 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\mr.pak (1859 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-US.pak (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1551 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ja.pak (1626 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\tr.pak (284 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\pdf.dll (67091 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\am.pak (1676 bytes)
%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hr.pak (268 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_100_percent.pak (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\chrome.7z (1212312 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\et.pak (251 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\cs.pak (286 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\widevinecdmadapter.dll (142 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_32.nexe (15801 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pl.pak (283 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bg.pak (1755 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\gu.pak (1849 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\40.0.2214.115.manifest (224 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\delegate_execute.exe (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\vi.pak (326 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ca.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\xinput1_3.dll (81 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sv.pak (263 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\gmail.crx (24 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\pepflashplayer.dll (110258 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\d3dcompiler_46.dll (22433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\secondarytile.png (637 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\it.pak (279 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome.dll (247928 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\docs.crx (4 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hi.pak (1867 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\search.crx (26 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\metro_driver.dll (1787 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\smalllogo.png (9 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ta.pak (3760 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_200_percent.pak (9606 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_64.nexe (20507 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\el.pak (1801 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\da.pak (259 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ru.pak (1727 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-CN.pak (232 bytes)
%Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-TW.pak (234 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\drive.crx (25 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl64.exe (12288 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ar.pak (1662 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\he.pak (1610 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sk.pak (297 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\de.pak (247 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-BR.pak (277 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ms.pak (215 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sw.pak (240 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libexif.dll (310 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin (4 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\logo.png (3 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es-419.pak (286 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_child.dll (258733 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ml.pak (3823 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fr.pak (304 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-GB.pak (238 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lt.pak (282 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ko.pak (290 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ro.pak (291 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libglesv2.dll (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sr.pak (1715 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es.pak (292 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libpeerconnection.dll (22433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bn.pak (3678 bytes)
%Program Files%\Google\Chrome\Application\master_preferences (107 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\external_extensions.json (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fa.pak (1689 bytes)
%Program Files%\Google\Chrome\Application\chrome.exe (5873 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\te.pak (3711 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\kn.pak (3727 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fi.pak (270 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\th.pak (1857 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Chrome\Temp (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881 (0 bytes)
%WinDir%\Temp\gui3.tmp (0 bytes)
%Program Files%\Google\Chrome (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (0 bytes)

Registry activity

The process GoogleUpdate.exe:1992 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods]
"(Default)" = "13"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Google.OneClickProcessLauncherMachine]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods]
"(Default)" = "41"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}]
"(Default)" = "IAppCommand2"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\GoogleUpdate.Update3WebMachine\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}]
"(Default)" = "IProgressWndEvents"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
"(Default)" = "IGoogleUpdate3"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
"(Default)" = "IGoogleUpdate"

[HKCR\GoogleUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\GoogleUpdate.CoreMachineClass\CurVer]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}]
"(Default)" = "IAppCommand"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\GoogleUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}]
"(Default)" = "IJobObserver"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CoreMachineClass\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods]
"(Default)" = "5"

[HKCR\Google.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods]
"(Default)" = "24"

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}]
"(Default)" = "CoCreateAsync"

[HKCR\GoogleUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}]
"(Default)" = "PSFactoryBuffer"

[HKCR\GoogleUpdate.CoCreateAsync\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}]
"(Default)" = "IAppBundle"

[HKCR\GoogleUpdate.ProcessLauncher\CurVer]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\GoogleUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}]
"(Default)" = "IAppWeb"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Google.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods]
"(Default)" = "41"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 24 B8 03 02 06 48 06 B8 B0 1E 4D E5 CC CD E5"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}\InProcServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}]
"(Default)" = "ICurrentState"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods]
"(Default)" = "17"

[HKCR\GoogleUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass"

[HKCR\GoogleUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}]
"(Default)" = "IPackage"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\GoogleUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}]
"(Default)" = "IProcessLauncher2"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.CoCreateAsync\CurVer]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}]
"(Default)" = "IAppVersion"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods]
"(Default)" = "10"

[HKCR\GoogleUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"(Default)" = "Google Update Core Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync"

[HKCR\GoogleUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}]
"(Default)" = "IAppCommandWeb"

[HKCR\GoogleUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}]
"(Default)" = "IApp"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods]
"(Default)" = "12"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}]
"(Default)" = "IApp2"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods]
"(Default)" = "11"

[HKCR\GoogleUpdate.Update3WebMachine\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}]
"(Default)" = "IAppVersionWeb"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\GoogleUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}]
"(Default)" = "IAppBundleWeb"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"CLSID" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods]
"(Default)" = "43"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}]
"(Default)" = "IProcessLauncher"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}]
"(Default)" = "ICoCreateAsync"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"Policy" = "3"

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\GoogleUpdate.ProcessLauncher\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}]
"(Default)" = "ICredentialDialog"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}]
"(Default)" = "IBrowserHttpRequest2"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:940 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C AE 24 5E 8F B4 9E 93 31 36 42 2C 86 4E AF 07"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1040 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.Update3WebSvc\CurVer]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\GoogleUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3COMClassService\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\GoogleUpdate.Update3WebSvc\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\GoogleUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc"

[HKCR\GoogleUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "ServiceModule"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"LocalService" = "gupdatem"

[HKCR\GoogleUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "ServiceModule"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreClass"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.CoreClass\CurVer]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 0C 95 7D 68 E1 AA B6 99 CB AE 42 39 E0 C4 65"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.CoreClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"LocalService" = "gupdate"

[HKCR\GoogleUpdate.CoreClass.1\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKCR\GoogleUpdate.Update3COMClassService\CurVer]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\GoogleUpdate.CoreClass\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

The Trojan deletes the following registry key(s):

[HKCR\AppID\GoogleUpdate.exe]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1368 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKCR\Google.Update3WebControl.3\CLSID]
"(Default)" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\Google.OneClickCtrl.9]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppName" = "GoogleUpdateBroker.exe"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastActivity" = "4294967295"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1424649037"

[HKCR\Google.Update3WebControl.3]
"(Default)" = "Google Update Plugin"

[HKCR\Google.OneClickCtrl.9\CLSID]
"(Default)" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppPath" = "%Program Files%\Google\Update\1.3.24.15"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
"(Default)" = "Google.OneClickCtrl.9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description" = "Google Update"

[HKLM\SOFTWARE\Google\Update]
"LastOSVersion" = "1C 01 00 00 05 00 00 00 01 00 00 00 28 0A 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update]
"Version" = "1.3.24.15"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
"(Default)" = "Google.Update3WebControl.3"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description" = "Google Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3]
"CLSID" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "4294967295"
"DayOfInstall" = "4294967295"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.24.15"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"iid" = "{2E976F3D-8707-0D9C-A62E-FF8283930175}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.24.15"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Google\Update]
"IsMSIHelperRegistered" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF CD 2B 3B D8 83 3E D5 9B 0F 9D 15 9B 31 7D A7"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Version" = "9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppPath" = "%Program Files%\Google\Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"ProductName" = "Google Update"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

[HKLM\SOFTWARE\Google\Update]
"UninstallCmdLine" = "%Program Files%\Google\Update\GoogleUpdate.exe /uninstall"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Version" = "3"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"ProductName" = "Google Update"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppName" = "GoogleUpdate.exe"

[HKLM\SOFTWARE\Google\Update]
"Path" = "%Program Files%\Google\Update\GoogleUpdate.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"Policy" = "3"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9]
"CLSID" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"Policy" = "3"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"Name" = "Google Update"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"LastChecked"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Google\Update]
"LastCodeRedCheck"
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Google\Update]
"ui"
"old-uid"
"mi"

The process GoogleUpdate.exe:1596 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 77 FE EB F5 39 D7 95 8C AA 3D C5 09 1B 03 9D"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1036 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 AC C7 7D EC 40 9A 3D 6C 20 3E 8A 05 96 1B A2"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"
"eulaaccepted"

The process GoogleUpdate.exe:728 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"InstallProgressPercent" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "40.0.2214.115"
"browser" = "4"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastRollCall" = "4294967295"
"DayOfInstall" = "4294967295"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"iid" = "{2E976F3D-8707-0D9C-A62E-FF8283930175}"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "4"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallTime" = "1424649040"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResult" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "4294967295"
"LastInstallerError" = "0"
"LastCheckSuccess" = "1424649050"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"DownloadProgressPercent" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 F0 6F A7 B6 45 35 41 23 C0 7C 97 08 D4 32 13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"usagestats" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"LastInstallerResult" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"
"eulaaccepted"
"InstallerError"
"UpdateAvailableCount"
"InstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResultUIString"
"InstallerResult"
"tttoken"
"ap"
"LastInstallerResult"
"experiment_labels"

[HKLM\SOFTWARE\Google\Update]
"uid"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerError"
"LastInstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine"
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerExtraCode1"

The process chrome_installer.exe:1776 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE A1 90 04 61 C1 44 4C DE 1D F2 AA F6 46 7D 7D"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-full"

The process chrome.exe:740 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 D7 B4 9E 46 B0 B8 32 3D CD 55 EF C8 86 27 5B"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2712 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 90 C0 21 D2 93 CE 4D 1F 97 2D 02 52 3B 83 57"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1140 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 90 ED C1 FD 4D EA 8A D7 24 79 90 B8 41 3C 0D"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1208 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 27 FB E3 3B 9C A9 62 BD 6A 59 04 0D 94 D9 DC"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:572 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 3B 4E 14 54 3E A4 43 4C 6D 2F 2E 88 6B DE B3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The process chrome.exe:2736 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 73 36 19 90 60 AE 53 F9 66 87 AD B6 D1 77 3C"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3440 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 AB B8 2F 74 DD A9 FD 17 9D 21 71 E3 17 87 41"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1716 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D E2 BE 6D 24 23 2F 76 93 E7 95 72 ED 31 46 0A"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3028 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 3A 38 E4 3D 7D B2 F4 81 88 AA BF 0E 43 67 B7"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3124 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C B9 EF 08 46 10 84 96 B2 5F 3F BF D1 94 84 2E"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:500 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 19 A0 54 0C 46 30 79 10 DB 6B 76 61 CB CB DF"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2012 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 8D 2F 36 49 F7 60 06 CC 55 ED 11 39 9A 0B A1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2816 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 40 32 3C 2C 40 C1 4B 54 F7 2C 4A 7A 24 06 74"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2704 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 E9 B2 4B 2B 7D 70 EC F4 C5 F9 D6 28 C5 0C 9C"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1156 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "74 5C 40 11 BD 99 D8 AD AB 66 1E BE A2 02 42 5B"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2764 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 EB FE 95 32 5A AB F1 90 07 2F CB A3 55 5D 32"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:380 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 FC 4B AC B2 20 3C 09 7C C6 62 98 25 17 58 D0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1932 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 55 1C 5C A5 9D 9F 18 8A 3E 90 DA FE 4D FA 71"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1620 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Google\Chrome\BLBeacon]
"Version" = "40.0.2214.115"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Chrome\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13069122655844500"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 11 C5 96 A4 FB CA E1 95 E3 E3 F8 81 02 60 C0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan deletes the following registry key(s):

[HKCU\Software\Google\Chrome\BLFinchList]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels"

The process chrome.exe:2216 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 5D F3 F2 51 7F EF A6 CB 17 C9 5C 4C 98 79 03"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3372 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 A5 C0 2F 4B 0D 78 01 9E 71 0E 72 C7 A5 67 07"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2496 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Google\Common\Rlz\Events\C]
"C7F" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels" = "CrVar1=3310785|Sun, 22 Feb 2016 23:51:18 GMT;CrVar2=3300085|Sun, 22 Feb 2016 23:51:18 GMT;CrVar3=3300129|Sun, 22 Feb 2016 23:51:18 GMT;CrVar4=3300133|Sun, 22 Feb 2016 23:51:18 GMT;CrVar5=3300106|Sun, 22 Feb 2016 23:51:18 GMT;CrVar6=3300135|Sun, 22 Feb 2016 23:51:18 GMT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Chrome\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13069122673016375"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 E4 CF 02 08 41 88 94 3C 9C 26 47 04 BB 62 13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan deletes the following registry key(s):

[HKCU\Software\Google\Chrome\BLFinchList]

The process chrome.exe:2000 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 DC 90 0C 9F CC 73 AC E1 16 1A D8 8A 1B 20 EB"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2352 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 B1 47 FD 74 99 0A CA F4 1B ED 53 D7 25 C6 8F"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:924 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D BD 83 C2 68 9E 8B BA 4E 4C D4 B9 75 98 B2 5E"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process %original file name%.exe:1392 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium" = "%Documents and Settings%\%current user%\Application Data\Chromium.exe"

The process Chromium.exe:396 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 AF 68 D9 23 16 92 C4 AE 6D 3A 23 2B C1 B9 9B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-dev-multi-chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-dev-multi-chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Policies\Google\Update]
"UpdateDefault" = "0"
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}" = "0"
"AutoUpdateCheckPeriodMinutes" = "0"
"DisableAutoUpdateChecksCheckboxValue" = "1"

The process Chromium.exe:1936 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 73 CF 38 B8 FD 2C 7F 85 CF 3F A8 5B F7 84 03"

The process setup.exe:844 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --show-icons"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerResult" = "0"

[HKCR\.shtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"oopcrashes" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --uninstall --multi-install --chrome --system-level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Google\Chrome,"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayVersion" = "40.0.2214.115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription" = "Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm" = "ChromeHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"

[HKCR\.xht\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"

[HKCR\ChromeHTML]
"(Default)" = "Chrome HTML Document"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --make-default-browser"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\.webp\OpenWithProgids]
"ChromeHTML" = ""

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto" = "ChromeHTML"
"mms" = "ChromeHTML"

[HKCR\ChromeHTML\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"

[HKCR\.html\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn" = "ChromeHTML"
"https" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-stage:preconditions-full"

[HKCR\ChromeHTML\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml" = "ChromeHTML"

[HKCR\.htm\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 42 0B 77 A5 8F CF 66 C6 60 1A F4 50 43 54 37"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "40.0.2214.115"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --query-eula-acceptance --system-level"

[HKCR\.xhtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerError" = "0"

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoRepair" = "1"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path" = "%Program Files%\Google\Chrome\Application"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"
"DisplayIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files%\Google\Chrome\Application"
"VersionMajor" = "2214"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"

[HKLM\SOFTWARE\RegisteredApplications]
"google chrome" = "Software\Clients\StartMenuInternet\Google Chrome\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallDate" = "20150223"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Google\Chrome\Application]
"Chrome.exe" = "%Program Files%\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"
"InstallerExtraCode1"

Dropped PE files

MD5 File path
731ed7b4b5e834c40f9ee689b9e4c4e4c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Chromium.exe
51fd155d4cc266d9c79444db6883b58dc:\Program Files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
51fd155d4cc266d9c79444db6883b58dc:\Program Files\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe
579862fc2cf26cc6457ed1cd14b63cd7c:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
b6f074942656e1513c7188db04cb2b9ac:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome.dll
16972129842ab6fe6385df48b6c081dac:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome_child.dll
75f6587ce8b903d844281d6d8e79b976c:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome_elf.dll
c81e0c917d5db4fecd2ec3c7e2712bbfc:\Program Files\Google\Chrome\Application\40.0.2214.115\d3dcompiler_46.dll
722abca36fb218da6cef55df251f054ac:\Program Files\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe
f5f69d245835a8607c32a7bccde444c8c:\Program Files\Google\Chrome\Application\40.0.2214.115\ffmpegsumo.dll
1c985061e0c51be6da9bda0ab65874cec:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
b92561960839e078dddd9571b9557e2ac:\Program Files\Google\Chrome\Application\40.0.2214.115\libexif.dll
427a2b0c6be5abfae1c0ef59a8911232c:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
3bb16474f3f4aeaf8ee875ededf3e0dbc:\Program Files\Google\Chrome\Application\40.0.2214.115\libpeerconnection.dll
7384e0ff709a1fd959185511ea350952c:\Program Files\Google\Chrome\Application\40.0.2214.115\metro_driver.dll
4cac46ba392e93b6c0b1c8359993896ac:\Program Files\Google\Chrome\Application\40.0.2214.115\nacl64.exe
8b56fcfcb0f84733070d97d39fbcd2f6c:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
a306f7b7cf83964b01baf307b89f1a5fc:\Program Files\Google\Chrome\Application\40.0.2214.115\widevinecdmadapter.dll
77f595dee5ffacea72b135b1fce1312ec:\Program Files\Google\Chrome\Application\40.0.2214.115\xinput1_3.dll
b9d6d7e6e5c4fcd8dd7f88ec9d563085c:\Program Files\Google\Chrome\Application\chrome.exe
397d14958d6c9c2b365469a857b2ac4ec:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
aa0e4f73727bfc8ba404884b1c1db719c:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
506708142bc63daba64f2d3ad1dcd5bfc:\Program Files\Google\Update\1.3.24.15\GoogleUpdate.exe
ac6998d92a311e7cf0b4daec3566f444c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
80e350e0aa963b2125896b13e60a4d68c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
956672375af066d958e4d07f5abafc1ac:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
731ed7b4b5e834c40f9ee689b9e4c4e4c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
77e585edd4c7eb7ab2acc36bc1dc32a5c:\Program Files\Google\Update\1.3.24.15\goopdate.dll
d61afdfe740a994d0a22a34de3f61137c:\Program Files\Google\Update\1.3.24.15\goopdateres_am.dll
4793909a18ee5b63ce94e7d70a0f3a1cc:\Program Files\Google\Update\1.3.24.15\goopdateres_ar.dll
77634ccb5198292e632b9a80da42365ec:\Program Files\Google\Update\1.3.24.15\goopdateres_bg.dll
deab1c19fd1250b1bf8aea1cb608bc70c:\Program Files\Google\Update\1.3.24.15\goopdateres_bn.dll
98667f712c9e5003127928ed7a9829adc:\Program Files\Google\Update\1.3.24.15\goopdateres_ca.dll
1afceb20c750b72179d18135514ba15dc:\Program Files\Google\Update\1.3.24.15\goopdateres_cs.dll
2cd601f2fcf8f05e8ab7a6a4d7d0496ec:\Program Files\Google\Update\1.3.24.15\goopdateres_da.dll
c18197508a939adbfa6c5c9833977feec:\Program Files\Google\Update\1.3.24.15\goopdateres_de.dll
3002b7337b3b433ec63a24772e142d8ec:\Program Files\Google\Update\1.3.24.15\goopdateres_el.dll
cbec3fb2f1f095a046e15dca0c2093cec:\Program Files\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c8e5975c1ec98961829cd03d615d2fe4c:\Program Files\Google\Update\1.3.24.15\goopdateres_en.dll
f691dcfc0ba183bef640123fa60a4949c:\Program Files\Google\Update\1.3.24.15\goopdateres_es-419.dll
32a0279c8aa3391e9662bc0bbe91fa52c:\Program Files\Google\Update\1.3.24.15\goopdateres_es.dll
be7435d5b2a981e2265661b2df955435c:\Program Files\Google\Update\1.3.24.15\goopdateres_et.dll
e07c4b44856b55051efd06826851f5aec:\Program Files\Google\Update\1.3.24.15\goopdateres_fa.dll
f5c61c06b7de5aa92cc8eeb552a6e932c:\Program Files\Google\Update\1.3.24.15\goopdateres_fi.dll
8e44acb717ff41bd092fae58c9750ef0c:\Program Files\Google\Update\1.3.24.15\goopdateres_fil.dll
8e8da223c55765a3cdec58e16de67214c:\Program Files\Google\Update\1.3.24.15\goopdateres_fr.dll
30e80d4a719c0b5701457dde799ff27ec:\Program Files\Google\Update\1.3.24.15\goopdateres_gu.dll
e6b0cb3f2a470027ed6f7ce3ce704422c:\Program Files\Google\Update\1.3.24.15\goopdateres_hi.dll
4ad419c381e707716ed7e875a1dd65dec:\Program Files\Google\Update\1.3.24.15\goopdateres_hr.dll
f4c27dd0880ac9e00cdc712dd3c3aba2c:\Program Files\Google\Update\1.3.24.15\goopdateres_hu.dll
352cf322bdd962f593a8e38fa388db01c:\Program Files\Google\Update\1.3.24.15\goopdateres_id.dll
0d346fc09f0f2c775709afa01e861fb4c:\Program Files\Google\Update\1.3.24.15\goopdateres_is.dll
cae8a960d617a6cff108aa5507895dabc:\Program Files\Google\Update\1.3.24.15\goopdateres_it.dll
2f31dc69dd73c671a59bb4fe22b581a2c:\Program Files\Google\Update\1.3.24.15\goopdateres_iw.dll
1c74d17be2033500720247f26d77a8bac:\Program Files\Google\Update\1.3.24.15\goopdateres_ja.dll
2ba497841e523a47cc83a9eb48ef519ac:\Program Files\Google\Update\1.3.24.15\goopdateres_kn.dll
d183a7a80e49c7b8ac029e75fc31997ec:\Program Files\Google\Update\1.3.24.15\goopdateres_ko.dll
ffa1a0345357580e29b1374dd90b1befc:\Program Files\Google\Update\1.3.24.15\goopdateres_lt.dll
c51d8057ac63568fc618d9b955675580c:\Program Files\Google\Update\1.3.24.15\goopdateres_lv.dll
6ed8817955adea5261d176dd0427b0ecc:\Program Files\Google\Update\1.3.24.15\goopdateres_ml.dll
4b601ef2f120b45368a2cbf13d8f6eebc:\Program Files\Google\Update\1.3.24.15\goopdateres_mr.dll
a6e227d8771e01f52ce33097fe155debc:\Program Files\Google\Update\1.3.24.15\goopdateres_ms.dll
32a715bf2150cd22ae7bb938a20d257dc:\Program Files\Google\Update\1.3.24.15\goopdateres_nl.dll
4a3cae163d513ed055ded1c41af9dd62c:\Program Files\Google\Update\1.3.24.15\goopdateres_no.dll
2bb71089aee677eaf7775a71375e6e76c:\Program Files\Google\Update\1.3.24.15\goopdateres_pl.dll
2c1e65c9952b0fe8877ece76d68268eec:\Program Files\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
258baec048b3f5504720e7177bb22871c:\Program Files\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
2b539ec15ef21e546d9f111f478e5649c:\Program Files\Google\Update\1.3.24.15\goopdateres_ro.dll
d62d91dcde594126c880c8f0b8fbc927c:\Program Files\Google\Update\1.3.24.15\goopdateres_ru.dll
1a39fed7fb204a55bd326ca4f6c3f8dcc:\Program Files\Google\Update\1.3.24.15\goopdateres_sk.dll
10ea323471e0a7af98e3d75c220ff219c:\Program Files\Google\Update\1.3.24.15\goopdateres_sl.dll
e34524d1a7bd56d987158fa429c10fb9c:\Program Files\Google\Update\1.3.24.15\goopdateres_sr.dll
43bd01839066f2612d1e8c85d98da6f4c:\Program Files\Google\Update\1.3.24.15\goopdateres_sv.dll
d29376eb1ebe1bdf7fa07cd7cbcf6ed2c:\Program Files\Google\Update\1.3.24.15\goopdateres_sw.dll
925795bc2a01cffa36b1ca5e808a2972c:\Program Files\Google\Update\1.3.24.15\goopdateres_ta.dll
5376c422235370d7dc5ca2457a297f6ec:\Program Files\Google\Update\1.3.24.15\goopdateres_te.dll
96a9cc8bf87af86ec0d5d91d66f6e23dc:\Program Files\Google\Update\1.3.24.15\goopdateres_th.dll
6fbd9fcb6b477ed5df12cdf5cae089a3c:\Program Files\Google\Update\1.3.24.15\goopdateres_tr.dll
f67d150a2eb5eb0093513d6d52d2628fc:\Program Files\Google\Update\1.3.24.15\goopdateres_uk.dll
169711868ee1ce7362556830cd162e97c:\Program Files\Google\Update\1.3.24.15\goopdateres_ur.dll
652b04c7f141d91bfd6d628580aa211cc:\Program Files\Google\Update\1.3.24.15\goopdateres_vi.dll
909b5c55403e06e4d1b0076ce0525178c:\Program Files\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
b3dc1334fb59cb869efbcd00a21c5626c:\Program Files\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
fb5621842fdabf9f8359775573498fbcc:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
84180917aab55ee4392c54e0e0bd4022c:\Program Files\Google\Update\1.3.24.15\psmachine.dll
c95cddf65f9f8c9433aff8f0a811375ac:\Program Files\Google\Update\1.3.24.15\psmachine_64.dll
3d58798bd1d1f96381c0b47ca859739dc:\Program Files\Google\Update\1.3.24.15\psuser.dll
715ccb3f5eda626198ccadc7ab8ce9a2c:\Program Files\Google\Update\1.3.24.15\psuser_64.dll
c5fd49b0561203a17bbf947738cb124ac:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe
506708142bc63daba64f2d3ad1dcd5bfc:\Program Files\Google\Update\GoogleUpdate.exe
c5fd49b0561203a17bbf947738cb124ac:\Program Files\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    GoogleUpdate.exe:1992
    GoogleUpdate.exe:940
    GoogleUpdate.exe:1040
    GoogleUpdate.exe:1368
    GoogleUpdate.exe:1596
    GoogleUpdate.exe:1036
    GoogleUpdate.exe:728
    chrome_installer.exe:1776
    chrome.exe:740
    chrome.exe:2712
    chrome.exe:1140
    chrome.exe:1208
    chrome.exe:572
    chrome.exe:2736
    chrome.exe:3440
    chrome.exe:1484
    chrome.exe:1716
    chrome.exe:3028
    chrome.exe:3124
    chrome.exe:1376
    chrome.exe:500
    chrome.exe:2012
    chrome.exe:2816
    chrome.exe:1156
    chrome.exe:2764
    chrome.exe:380
    chrome.exe:1932
    chrome.exe:1620
    chrome.exe:2216
    chrome.exe:3372
    chrome.exe:2000
    chrome.exe:2352
    chrome.exe:924
    chrome.exe:1512
    %original file name%.exe:1392
    Chromium.exe:396
    Chromium.exe:1936
    setup.exe:844

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Program Files%\Google\Update\1.3.24.15\goopdateres_hu.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pt-BR.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_de.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ml.dll (40 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_vi.dll (37 bytes)
    %Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_cs.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fi.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (51 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_zh-CN.dll (31 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_is.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_lv.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1281 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_am.dll (36 bytes)
    %Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (312970 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_en.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_da.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fr.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1425 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_et.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ko.dll (33 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ar.dll (35 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_hr.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_iw.dll (35 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pt-PT.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_it.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_bg.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_th.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_nl.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_bn.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ro.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdate.dll (10815 bytes)
    %Program Files%\Google\Update\1.3.24.15\psuser_64.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sk.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ru.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_gu.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sw.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sl.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sv.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_el.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ta.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\psmachine.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_kn.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_es-419.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\psmachine_64.dll (673 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_mr.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\psuser.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (51 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_en-GB.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sr.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_zh-TW.dll (31 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ca.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_id.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ur.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ms.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_lt.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ja.dll (34 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_tr.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_hi.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pl.dll (38 bytes)
    %Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (5 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateSetup.exe (322985 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_no.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_te.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_uk.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fa.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fil.dll (38 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_es.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll (4185 bytes)
    %WinDir%\Temp\gui3.tmp (107 bytes)
    %Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe (312970 bytes)
    %Program Files%\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe (312970 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (1656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (17312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (307964 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\manifest.json (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\de\messages.json (285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ar\messages.json (305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\et\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fr\messages.json (303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sk\messages.json (296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_GB\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\cs\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_US\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ro\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sr\messages.json (325 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\32.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hu\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ja\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ru\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_PT\messages.json (305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\el\messages.json (355 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pl\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\he\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hr\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\it\messages.json (298 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ca\messages.json (300 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_BR\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es_419\messages.json (307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\no\messages.json (300 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\16.png (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\da\messages.json (294 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fi\messages.json (283 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lv\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fil\messages.json (315 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ko\messages.json (307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\bg\messages.json (337 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sl\messages.json (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\nl\messages.json (301 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lt\messages.json (311 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hi\messages.json (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\48.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\id\messages.json (297 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_57Pb6fGDZOtlQMM (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sqE0lbmGPa8MXZ6 (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (20339 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xXoAQXVBWAkjVUV (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (21181 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_COISweXrjgllKSj (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_572_11982\docs.crx (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ja\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_BR\messages.json (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sk\messages.json (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\de\messages.json (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_CN\messages.json (247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\manifest.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_PT\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\it\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pl\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sr\messages.json (284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ko\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\th\messages.json (313 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ar\messages.json (301 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\en\messages.json (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ca\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fr\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\id\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lv\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\128.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lt\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\da\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\se\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ro\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\tr\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\uk\messages.json (293 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\el\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\cs\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hi\messages.json (278 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_TW\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fi\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fil\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hr\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\bg\messages.json (281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\es\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hu\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\no\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ru\messages.json (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\error.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.html (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio_input.html (175 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options-compiled.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-normal.gif (524 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_en-gb.nmf (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_de.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword-x86-32.nexe (21968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\off.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-hotword.gif (482 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword.data (18240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio\1_short_Open_16_16.wav (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_.nmf (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-manager-compiled.js (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\hotword.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.css (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_metadata\verified_contents.json (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-input-compiled.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\speech.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_fr.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\content-bundle-compiled.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_ru.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\background.html (276 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (448 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (205 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.js (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (199 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (191 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\no\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\it\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\128.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\de\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\el\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\da\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\no\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\th\messages.json (336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\et\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\he\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\id\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.js (79 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (370 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (1121 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (1454 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\17.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\search.crx (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\youtube.crx (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (7647 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (1678 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (3340 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\gmail.crx (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000004.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bNd36tTOLoR3h7H (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\18.tmp (62 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (46 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GtiYnPzbOv7mbuG (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\7.tmp (854 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (12870 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bwgWHZEk4opAHGG (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\drive.crx (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (57 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (2527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\E.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PTU8u5A3XtVHHVY (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (19573 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\id\messages.json (469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\de\messages.json (571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\da\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\et\messages.json (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\it\messages.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_background.js (9352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (671 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (655 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_window.js (10864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (585 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\22.tmp (86 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9936 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2B.tmp (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000002 (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5097 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\20.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_tyxbQ2jGgiGmaPw (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_FBAnhFdYjaHhnn8 (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000006 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (844 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (732 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS (1932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\23.tmp (840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PqEbG3oWHswgdzP (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000002 (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CY1CTTavDQSS5c9 (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager (5791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (6215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000004.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ew7Rjwo7eR2qtqJ (753 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS-JOURNAL (1208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (56 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log (833 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (50 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (56 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (507756 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index-journal (21474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (46613 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000001 (40 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000006.log (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (2898 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (16786 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (26368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (160432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2024 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\25.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (7612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\27.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (969152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IpNmEptaMtzPlTw (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000006.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_1 (12440 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_0 (6404 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_3 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_2 (3368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000008.log (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\26.tmp (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (16088 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\29.tmp (703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ca\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\el\messages.json (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\it\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hi\messages.json (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hu\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fi\messages.json (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fil\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\he\messages.json (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lv\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ja\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\id\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ko\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\de\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fr\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\da\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\cs\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\no\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\nl\messages.json (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\bg\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\pl\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\es\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hr\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\en\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Application Data\Chromium.exe (36452 bytes)
    %Program Files%\Google\Chrome\Application\default_apps\app.crx (1 bytes)
    %Program Files%\Google\Chrome\Application\default_apps\external_extensions.json (88 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State (425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Chromium.exe (5491424 bytes)
    %Program Files%\GUM1.tmp\goopdateres_en.dll (36 bytes)
    %Program Files%\GUM1.tmp\psuser_64.dll (189 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ur.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ml.dll (40 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ca.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ta.dll (39 bytes)
    %Program Files%\GUT2.tmp (356471 bytes)
    %Program Files%\GUM1.tmp\goopdateres_es-419.dll (38 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (51 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sr.dll (37 bytes)
    %Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (153282 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hi.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (550 bytes)
    %Program Files%\GUM1.tmp\goopdateres_en-GB.dll (36 bytes)
    %Program Files%\GUM1.tmp\goopdateres_it.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ko.dll (33 bytes)
    %Program Files%\GUM1.tmp\goopdateres_de.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fa.dll (36 bytes)
    %Program Files%\GUM1.tmp\npGoogleUpdate3.dll (1126 bytes)
    %Program Files%\GUM1.tmp\psmachine.dll (166 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_id.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_th.dll (36 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (51 bytes)
    %Program Files%\GUM1.tmp\goopdateres_cs.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_uk.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_tr.dll (37 bytes)
    %Program Files%\GUM1.tmp\psmachine_64.dll (189 bytes)
    %Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (31 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hu.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_es.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_bn.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_el.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ms.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ja.dll (34 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdate.exe (116 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sk.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_nl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdate.dll (3850 bytes)
    %Program Files%\GUM1.tmp\goopdateres_no.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fil.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ro.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_mr.dll (38 bytes)
    %Program Files%\GUM1.tmp\GoogleCrashHandler.exe (230 bytes)
    %Program Files%\GUM1.tmp\goopdateres_lv.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_da.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\GUM1.tmp\goopdateres_te.dll (39 bytes)
    %Program Files%\GUM1.tmp\psuser.dll (166 bytes)
    %Program Files%\GUM1.tmp\goopdateres_am.dll (36 bytes)
    %Program Files%\GUM1.tmp\goopdateres_is.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fr.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sw.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_et.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_vi.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_lt.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (114 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sv.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ar.dll (35 bytes)
    %Program Files%\GUM1.tmp\goopdateres_iw.dll (35 bytes)
    %Program Files%\GUM1.tmp\goopdateres_bg.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ru.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_kn.dll (39 bytes)
    %Program Files%\GUM1.tmp\OfflineManifest.gup (5 bytes)
    %Program Files%\GUM1.tmp\goopdateres_gu.dll (39 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (322985 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fi.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hr.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (31 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lv.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\splash-620x300.png (10 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Extensions\external_extensions.json (99 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (3916 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nb.pak (259 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\resources.pak (113371 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-PT.pak (282 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (73 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\VisualElementsManifest.xml (399 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\uk.pak (1728 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_elf.dll (133 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\id.pak (258 bytes)
    %Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\youtube.crx (23 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\icudtl.dat (76792 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libegl.dll (211 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nl.pak (277 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hu.pak (301 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\manifest.json (2 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\ffmpegsumo.dll (9606 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fil.pak (291 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sl.pak (264 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\mr.pak (1859 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-US.pak (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1551 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ja.pak (1626 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\tr.pak (284 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\pdf.dll (67091 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\am.pak (1676 bytes)
    %Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hr.pak (268 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_100_percent.pak (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\chrome.7z (1212312 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\et.pak (251 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\cs.pak (286 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\widevinecdmadapter.dll (142 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_32.nexe (15801 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pl.pak (283 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bg.pak (1755 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\gu.pak (1849 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\40.0.2214.115.manifest (224 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\delegate_execute.exe (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\vi.pak (326 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ca.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\xinput1_3.dll (81 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sv.pak (263 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\gmail.crx (24 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\pepflashplayer.dll (110258 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\d3dcompiler_46.dll (22433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\secondarytile.png (637 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\it.pak (279 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome.dll (247928 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\docs.crx (4 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hi.pak (1867 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\search.crx (26 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\metro_driver.dll (1787 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\smalllogo.png (9 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ta.pak (3760 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_200_percent.pak (9606 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_64.nexe (20507 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\el.pak (1801 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\da.pak (259 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ru.pak (1727 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-CN.pak (232 bytes)
    %Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-TW.pak (234 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\drive.crx (25 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl64.exe (12288 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ar.pak (1662 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\he.pak (1610 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sk.pak (297 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\de.pak (247 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-BR.pak (277 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ms.pak (215 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sw.pak (240 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libexif.dll (310 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\logo.png (3 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es-419.pak (286 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_child.dll (258733 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ml.pak (3823 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fr.pak (304 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-GB.pak (238 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lt.pak (282 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ko.pak (290 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ro.pak (291 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libglesv2.dll (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sr.pak (1715 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es.pak (292 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libpeerconnection.dll (22433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bn.pak (3678 bytes)
    %Program Files%\Google\Chrome\Application\master_preferences (107 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\external_extensions.json (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fa.pak (1689 bytes)
    %Program Files%\Google\Chrome\Application\chrome.exe (5873 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\te.pak (3711 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\kn.pak (3727 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fi.pak (270 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\th.pak (1857 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Chromium" = "%Documents and Settings%\%current user%\Application Data\Chromium.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: The Chromium Authors
Product Name: Chromium
Product Version: 42.0.2298.0
Legal Copyright: Copyright 2014 The Chromium Authors. All rights reserved.
Legal Trademarks:
Original Filename: chrome.exe
Internal Name: chrome_exe
File Version: 42.0.2298.0
File Description: Chromium
Comments:
Language: Language Neutral

Company Name: The Chromium AuthorsProduct Name: ChromiumProduct Version: 42.0.2298.0Legal Copyright: Copyright 2014 The Chromium Authors. All rights reserved.Legal Trademarks: Original Filename: chrome.exeInternal Name: chrome_exeFile Version: 42.0.2298.0File Description: ChromiumComments: Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text40961549931551364.37784df82a14ba2afdd79f01b88b2fe9dc17
.rdata15974438168384003.213828036dfbe69cebb2504e31a834d51f762
.data2007041408861442.9572745b1ac47bba4424adfe5ae1aed2c0773
.rsrc21708869453696321.3756119d3464c19ba195994fc70030747214b
.reloc28672015628158722.99068d2243b94d2ba90b5d58ef8c47b974575

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://filmpika.com/cpp/state104.24.127.216
hxxp://filmpika.com/cpp/app.crx104.24.127.216
hxxp://ssl.gstatic.com/chrome/profile_avatars/NothingToDownload64.233.165.94
hxxp://www.gstatic.com/chrome/profile_avatars/NothingToDownload64.233.165.94
clients3.google.com64.233.165.102
www.googleapis.com64.233.165.95
translate.googleapis.com64.233.165.95
safebrowsing-cache.google.com64.233.165.101
clients2.google.com64.233.165.102
clients2.googleusercontent.com64.233.165.132
www.google.com64.233.165.104
safebrowsing.google.com64.233.165.136
www.google.com.ua64.233.165.94
tools.google.com64.233.165.102
apis.google.com64.233.165.101
clients4.google.com64.233.165.113
dl.google.com64.233.165.190

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /chrome/profile_avatars/NothingToDownload HTTP/1.1

Host: VVV.gstatic.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36

Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Date: Sun, 22 Feb 2015 23:51:12 GMT

Server: sffe

Content-Length: 1465

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.08

<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//VVV.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//VVV.google.com/images/errors/logo_sm_2.png) no-repeat}@media only screen and (min-resolution:192dpi){#logo{background:url(//VVV.google.com/images/errors/logo_sm_2_hr.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//VVV.google.com/images/errors/logo_sm_2_hr.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//VVV.google.com/images/errors/logo_sm_2_hr.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:55px;width:150px}. </style>. <a href=//VVV.google.com/><span id=logo aria-label=Google></span></a>. <p><b>404.</b> <ins>That...s an error.</ins>. <p>The requested URL <code>/chrome/profile_avatars/NothingToDownload</code> was not foun

<<< skipped >>>

GET /cpp/state HTTP/1.1

User-Agent: Google Omaha

Host: filmpika.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 22 Feb 2015 23:50:04 GMT

Content-Type: application/octet-stream

Content-Length: 3

Connection: keep-alive

Set-Cookie: __cfduid=dd8a28f6d4a0ea5757b94be45f3c467b01424649004; expires=Mon, 22-Feb-16 23:50:04 GMT; path=/; domain=.filmpika.com; HttpOnly

Last-Modified: Wed, 04 Feb 2015 01:58:39 GMT

ETag: "54d17ccf-3"

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1bcf157464410c0b-AMS

httHTTP/1.1 200 OK..Date: Sun, 22 Feb 2015 23:50:04 GMT..Content-Type: application/octet-stream..Content-Length: 3..Connection: keep-alive..Set-Cookie: __cfduid=dd8a28f6d4a0ea5757b94be45f3c467b01424649004; expires=Mon, 22-Feb-16 23:50:04 GMT; path=/; domain=.filmpika.com; HttpOnly..Last-Modified: Wed, 04 Feb 2015 01:58:39 GMT..ETag: "54d17ccf-3"..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 1bcf157464410c0b-AMS..htt..

GET /cpp/app.crx HTTP/1.1

User-Agent: Google Omaha

Host: filmpika.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sun, 22 Feb 2015 23:50:54 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d64a3ab5b0141fecfc6f6572462a25ed61424649053; expires=Mon, 22-Feb-16 23:50:53 GMT; path=/; domain=.filmpika.com; HttpOnly

X-Request-ID: dgojakmmpihghnggcjlicbdaihhandhb

Server: cloudflare-nginx

CF-RAY: 1bcf16ab5beb14a9-AMS

5cd..Cr24............0..0...*.H............0.........C.^.M..|.%~.A.. .q).|?4..>8._.....f..;'1.........a9...A.9_...0.<!.........w..M..;...Cl.Z......k|..i-D..}....6.Q.nZ.F2......s........x..B.G...R?c....3N...UT.2..... .D.......5k^......%m~g.Z.........................\..!.uS..f..].C.@.e..........f.}gV..J3J.h.f...PK.........rEF\..`....V.......bg.txtUX...`.T.`.T.....VmO.8.. .?...w..SK@w...N.u..tRU.Rg..R;......7..Rh......=..3![(..V'.)`...U...ebN.X.....7...[xZ...{...f?.w.....z....%.....Y.w..@.n,&.r..).Y.*.U...h...A... .\.R ...F^....b....(.ac.......Y....U),`[.7..&X.O......(.....A3.E .........,.\&.po..V......)@I.B.x...4P..j81.z.@.b.xE..c.. .o...b`....(2..<......A... 0_...w..8..%E..h.... 0...P..Q'Pw..j.....W...M.W0i.SS<h{...%."I....~bb.'.........:`*..`..S...8R...8f.(3....e........mk,...q...8.....W...1.H....;..1..T...... j....Y..;...q......1WS..7>l..YL.b2.......TC....Kx.7...z.{.=.U<X.X.K9...bF..@.....eb.:R..f.....~.ke.2.&.e..m....}^A.E.RX...1..._E..jy...P..0...G.IQ...Woh"....}G.j.....(.........M...dDhRX..0{..L....I.:.H1.h\.4$......H.`.tON..y(.......>....q..m..%.y?uS.~jm.i.v2.C....Ol....e........m,.iP..E}}...bl.MNi.{...c.V.b~/..J.<.U........UNov.....=..I.|........b2....2./....E.^I........i;>?.......N..... ..F.z!)...w....bT"'.^.oB.,.0!JD.~.2.M......U.......Yi..97...{....... ....Pt.y...#..o>D......W....svmbv.=..0........k.`M_....%u.r...bx..EQ........(..PK........6gEFD`}.............manifest.jsonUX...L.T.L.T....}.1O.0.......(jZ..l.04.CU!...S.s./.T..s.%P.6..>.g.Z.%....%.h..C.<.......13d..&lt

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

chrome.exe_2496:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

HtdHtHHHt.HH

HtdHtHHHt.HH

j.Yf;

j.Yf;

_tcPVj@

_tcPVj@

.PjRW

.PjRW

c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc

c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc

No valid Chrome version found

No valid Chrome version found

c:\b\build\slave\win\build\src\chrome\app\client_util.cc

c:\b\build\slave\win\build\src\chrome\app\client_util.cc

Failed to load Chrome DLL from

Failed to load Chrome DLL from

ChromeMain

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded

Could not find exported function

Could not find exported function

allow-insecure-websocket-from-https-origin

allow-insecure-websocket-from-https-origin

disable-webgl

disable-webgl

disable-web-security

disable-web-security

enable-experimental-web-platform-features

enable-experimental-web-platform-features

enable-tcp-fastopen

enable-tcp-fastopen

enable-viewport

enable-viewport

enable-viewport-meta

enable-viewport-meta

enable-vtune-support

enable-vtune-support

enable-webgl-draft-extensions

enable-webgl-draft-extensions

enable-webgl-image-chromium

enable-webgl-image-chromium

enable-web-midi

enable-web-midi

ignore-certificate-errors

ignore-certificate-errors

remote-debugging-port

remote-debugging-port

renderer-cmd-prefix

renderer-cmd-prefix

testing-fixed-http-port

testing-fixed-http-port

testing-fixed-https-port

testing-fixed-https-port

trace-upload-url

trace-upload-url

utility-cmd-prefix

utility-cmd-prefix

zygote-cmd-prefix

zygote-cmd-prefix

disable-webrtc-hw-decoding

disable-webrtc-hw-decoding

disable-webrtc-encryption

disable-webrtc-encryption

disable-webrtc-hw-encoding

disable-webrtc-hw-encoding

enable-webrtc-hw-vp8-encoding

enable-webrtc-hw-vp8-encoding

enable-webrtc-hw-h264-encoding

enable-webrtc-hw-h264-encoding

disable-webaudio

disable-webaudio

1.3.21.115

1.3.21.115

%s-x-x

%s-x-x

Chrome

Chrome

0.0.0.0-devel

0.0.0.0-devel

%s-%x

%s-%x

url-chunk

url-chunk

font_key_name

font_key_name

subresource_url

subresource_url

CHROME_MAIN_TIME

CHROME_MAIN_TIME

c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc

c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc

Failed to write to application's ClientState key

Failed to write to application's ClientState key

Removed incremental installer failure key; switching to channel:

Removed incremental installer failure key; switching to channel:

Removed multi-install failure key; switching to channel:

Removed multi-install failure key; switching to channel:

auto-launch-chrome

auto-launch-chrome

chrome

chrome

chrome-frame

chrome-frame

chrome-sxs

chrome-sxs

do-not-launch-chrome

do-not-launch-chrome

make-chrome-default

make-chrome-default

new-setup-exe

new-setup-exe

register-chrome-browser

register-chrome-browser

register-chrome-browser-suffix

register-chrome-browser-suffix

register-dev-chrome

register-dev-chrome

register-url-protocol

register-url-protocol

rename-chrome-exe

rename-chrome-exe

remove-chrome-registration

remove-chrome-registration

update-setup-exe

update-setup-exe

toast-results-key

toast-results-key

c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc

c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc

Cannot initialize AppCommands from an invalid key.

Cannot initialize AppCommands from an invalid key.

c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc

c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Failed to open key "

Skipping over key "

Skipping over key "

iexplore.exe

iexplore.exe

googlechrome

googlechrome

googlechromeapphost

googlechromeapphost

googlechromeframe

googlechromeframe

Cannot initialize an AppCommand from an invalid key.

Cannot initialize an AppCommand from an invalid key.

c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc

c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc

c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc

c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc

CHROME_BREAKPAD_PIPE_NAME

CHROME_BREAKPAD_PIPE_NAME

c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc

c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc

NTDLL.DLL

NTDLL.DLL

kernel32.dll

kernel32.dll

c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc

c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

CreateNamedPipeW

NtCreateKey

NtCreateKey

NtOpenKey

NtOpenKey

NtOpenKeyEx

NtOpenKeyEx

AudioCaptureAllowedUrls

AudioCaptureAllowedUrls

AutoSelectCertificateForUrls

AutoSelectCertificateForUrls

ChromeFrameContentTypes

ChromeFrameContentTypes

ChromeFrameRendererSettings

ChromeFrameRendererSettings

ChromeOsLockOnIdleSuspend

ChromeOsLockOnIdleSuspend

ChromeOsMultiProfileUserBehavior

ChromeOsMultiProfileUserBehavior

ChromeOsReleaseChannel

ChromeOsReleaseChannel

ChromeOsReleaseChannelDelegated

ChromeOsReleaseChannelDelegated

CloudPrintProxyEnabled

CloudPrintProxyEnabled

CloudPrintSubmitEnabled

CloudPrintSubmitEnabled

ContentPackManualBehaviorURLs

ContentPackManualBehaviorURLs

CookiesAllowedForUrls

CookiesAllowedForUrls

CookiesBlockedForUrls

CookiesBlockedForUrls

CookiesSessionOnlyForUrls

CookiesSessionOnlyForUrls

DefaultSearchProviderAlternateURLs

DefaultSearchProviderAlternateURLs

DefaultSearchProviderIconURL

DefaultSearchProviderIconURL

DefaultSearchProviderImageURL

DefaultSearchProviderImageURL

DefaultSearchProviderImageURLPostParams

DefaultSearchProviderImageURLPostParams

DefaultSearchProviderInstantURL

DefaultSearchProviderInstantURL

DefaultSearchProviderInstantURLPostParams

DefaultSearchProviderInstantURLPostParams

DefaultSearchProviderKeyword

DefaultSearchProviderKeyword

DefaultSearchProviderNewTabURL

DefaultSearchProviderNewTabURL

DefaultSearchProviderSearchTermsReplacementKey

DefaultSearchProviderSearchTermsReplacementKey

DefaultSearchProviderSearchURL

DefaultSearchProviderSearchURL

DefaultSearchProviderSearchURLPostParams

DefaultSearchProviderSearchURLPostParams

DefaultSearchProviderSuggestURL

DefaultSearchProviderSuggestURL

DefaultSearchProviderSuggestURLPostParams

DefaultSearchProviderSuggestURLPostParams

DeviceAllowRedeemChromeOsRegistrationOffers

DeviceAllowRedeemChromeOsRegistrationOffers

DeviceLocalAccountAutoLoginBailoutEnabled

DeviceLocalAccountAutoLoginBailoutEnabled

DeviceLocalAccountAutoLoginDelay

DeviceLocalAccountAutoLoginDelay

DeviceLocalAccountAutoLoginId

DeviceLocalAccountAutoLoginId

DeviceLoginScreenDefaultHighContrastEnabled

DeviceLoginScreenDefaultHighContrastEnabled

DeviceLoginScreenDefaultLargeCursorEnabled

DeviceLoginScreenDefaultLargeCursorEnabled

DeviceLoginScreenDefaultScreenMagnifierType

DeviceLoginScreenDefaultScreenMagnifierType

DeviceLoginScreenDefaultSpokenFeedbackEnabled

DeviceLoginScreenDefaultSpokenFeedbackEnabled

DeviceLoginScreenDefaultVirtualKeyboardEnabled

DeviceLoginScreenDefaultVirtualKeyboardEnabled

DeviceLoginScreenPowerManagement

DeviceLoginScreenPowerManagement

DeviceLoginScreenSaverId

DeviceLoginScreenSaverId

DeviceLoginScreenSaverTimeout

DeviceLoginScreenSaverTimeout

DeviceMetricsReportingEnabled

DeviceMetricsReportingEnabled

DeviceStartUpUrls

DeviceStartUpUrls

DeviceUpdateHttpDownloadsEnabled

DeviceUpdateHttpDownloadsEnabled

EnableAuthNegotiatePort

EnableAuthNegotiatePort

EnableDeprecatedWebPlatformFeatures

EnableDeprecatedWebPlatformFeatures

EnableOriginBoundCerts

EnableOriginBoundCerts

EnableWebBasedSignin

EnableWebBasedSignin

EnterpriseWebStoreName

EnterpriseWebStoreName

EnterpriseWebStoreURL

EnterpriseWebStoreURL

HideWebStoreIcon

HideWebStoreIcon

HideWebStorePromo

HideWebStorePromo

ImagesAllowedForUrls

ImagesAllowedForUrls

ImagesBlockedForUrls

ImagesBlockedForUrls

ImportAutofillFormData

ImportAutofillFormData

ImportBookmarks

ImportBookmarks

ImportHistory

ImportHistory

ImportHomepage

ImportHomepage

ImportSavedPasswords

ImportSavedPasswords

ImportSearchEngine

ImportSearchEngine

JavaScriptAllowedForUrls

JavaScriptAllowedForUrls

JavaScriptBlockedForUrls

JavaScriptBlockedForUrls

KeyboardDefaultToFunctionKeys

KeyboardDefaultToFunctionKeys

MetricsReportingEnabled

MetricsReportingEnabled

NotificationsAllowedForUrls

NotificationsAllowedForUrls

NotificationsBlockedForUrls

NotificationsBlockedForUrls

PasswordManagerAllowShowPasswords

PasswordManagerAllowShowPasswords

PasswordManagerEnabled

PasswordManagerEnabled

PluginsAllowedForUrls

PluginsAllowedForUrls

PluginsBlockedForUrls

PluginsBlockedForUrls

PopupsAllowedForUrls

PopupsAllowedForUrls

PopupsBlockedForUrls

PopupsBlockedForUrls

ProxyBypassList

ProxyBypassList

ProxyPacUrl

ProxyPacUrl

RemoteAccessHostAllowClientPairing

RemoteAccessHostAllowClientPairing

RemoteAccessHostAllowGnubbyAuth

RemoteAccessHostAllowGnubbyAuth

RemoteAccessHostAllowRelayedConnection

RemoteAccessHostAllowRelayedConnection

RemoteAccessHostDomain

RemoteAccessHostDomain

RemoteAccessHostFirewallTraversal

RemoteAccessHostFirewallTraversal

RemoteAccessHostRequireCurtain

RemoteAccessHostRequireCurtain

RemoteAccessHostRequireTwoFactor

RemoteAccessHostRequireTwoFactor

RemoteAccessHostTalkGadgetPrefix

RemoteAccessHostTalkGadgetPrefix

RemoteAccessHostUdpPortRange

RemoteAccessHostUdpPortRange

RenderInChromeFrameList

RenderInChromeFrameList

ReportDeviceActivityTimes

ReportDeviceActivityTimes

ReportDeviceBootMode

ReportDeviceBootMode

ReportDeviceLocation

ReportDeviceLocation

ReportDeviceNetworkInterfaces

ReportDeviceNetworkInterfaces

ReportDeviceUsers

ReportDeviceUsers

ReportDeviceVersionInfo

ReportDeviceVersionInfo

RestoreOnStartupURLs

RestoreOnStartupURLs

ShowAppsShortcutInBookmarkBar

ShowAppsShortcutInBookmarkBar

SuppressChromeFrameTurndownPrompt

SuppressChromeFrameTurndownPrompt

TermsOfServiceURL

TermsOfServiceURL

TouchVirtualKeyboardEnabled

TouchVirtualKeyboardEnabled

URLBlacklist

URLBlacklist

URLWhitelist

URLWhitelist

VideoCaptureAllowedUrls

VideoCaptureAllowedUrls

VirtualKeyboardEnabled

VirtualKeyboardEnabled

update_url

update_url

^update_url:

^update_url:

CHROME_VERSION

CHROME_VERSION

CHROME_SAFE_MODE

CHROME_SAFE_MODE

2676A9A2-D919-4FEE-9187-152100393AB2

2676A9A2-D919-4FEE-9187-152100393AB2

pack-extension-key

pack-extension-key

permission-request-api-url

permission-request-api-url

promo-server-url

promo-server-url

proxy-bypass-list

proxy-bypass-list

proxy-pac-url

proxy-pac-url

remember-cert-error-decisions

remember-cert-error-decisions

spelling-service-feedback-url

spelling-service-feedback-url

sync-url

sync-url

try-chrome-again

try-chrome-again

variations-server-url

variations-server-url

winhttp-proxy-resolver

winhttp-proxy-resolver

plugins-metadata-server-url

plugins-metadata-server-url

windows8-search

windows8-search

allow-http-screen-capture

allow-http-screen-capture

app-list-start-page-url

app-list-start-page-url

apps-checkout-url

apps-checkout-url

apps-gallery-download-url

apps-gallery-download-url

apps-gallery-url

apps-gallery-url

apps-gallery-update-url

apps-gallery-update-url

certificate-transparency-log

certificate-transparency-log

disable-extensions-http-throttling

disable-extensions-http-throttling

disable-password-manager-reauthentication

disable-password-manager-reauthentication

disable-quic-port-selection

disable-quic-port-selection

disable-save-password-bubble

disable-save-password-bubble

disable-web-resources

disable-web-resources

enable-auth-negotiate-port

enable-auth-negotiate-port

enable-npn-http

enable-npn-http

enable-quic-port-selection

enable-quic-port-selection

enable-save-password-bubble

enable-save-password-bubble

enable-sdch-over-https

enable-sdch-over-https

enable-user-controlled-alternate-protocol-ports

enable-user-controlled-alternate-protocol-ports

enable-websocket-over-spdy

enable-websocket-over-spdy

enable-website-settings-manager

enable-website-settings-manager

explicitly-allowed-ports

explicitly-allowed-ports

extensions-not-webstore

extensions-not-webstore

ignore-urlfetcher-cert-requests

ignore-urlfetcher-cert-requests

install-chrome-app

install-chrome-app

install-ephemeral-app-from-webstore

install-ephemeral-app-from-webstore

40.0.2214.115

40.0.2214.115

CHROME_HEADLESS

CHROME_HEADLESS

CHROME_LOG_FILE

CHROME_LOG_FILE

CHROME_METRO_CONNECTED

CHROME_METRO_CONNECTED

CHROMEOS_SESSION_LOG_DIR

CHROMEOS_SESSION_LOG_DIR

CHROME_CRASHED

CHROME_CRASHED

CHROME_RESTART

CHROME_RESTART

chrome.googleechotest.com

chrome.googleechotest.com

profile.ephemeral_mode

profile.ephemeral_mode

profile.icon_version

profile.icon_version

session.restore_on_startup

session.restore_on_startup

session.restore_on_startup_migrated

session.restore_on_startup_migrated

session.startup_urls_migration_time

session.startup_urls_migration_time

profile.exited_cleanly

profile.exited_cleanly

profile.exit_type

profile.exit_type

profile.managed.custodian_email

profile.managed.custodian_email

profile.managed.custodian_name

profile.managed.custodian_name

profile.managed.custodian_profile_image_url

profile.managed.custodian_profile_image_url

profile.managed.custodian_profile_url

profile.managed.custodian_profile_url

profile.managed.manual_hosts

profile.managed.manual_hosts

profile.managed.manual_urls

profile.managed.manual_urls

profile.managed.second_custodian_email

profile.managed.second_custodian_email

profile.managed.second_custodian_name

profile.managed.second_custodian_name

profile.managed.second_custodian_profile_image_url

profile.managed.second_custodian_profile_image_url

profile.managed.second_custodian_profile_url

profile.managed.second_custodian_profile_url

profile.managed.shared_settings

profile.managed.shared_settings

session.startup_urls

session.startup_urls

session.urls_to_restore_on_startup

session.urls_to_restore_on_startup

intl.app_locale

intl.app_locale

intl.charset_default

intl.charset_default

intl.accept_languages

intl.accept_languages

intl.static_encodings

intl.static_encodings

webkit.webprefs.fonts.standard.Zyyy

webkit.webprefs.fonts.standard.Zyyy

webkit.webprefs.fonts.fixed.Zyyy

webkit.webprefs.fonts.fixed.Zyyy

webkit.webprefs.fonts.serif.Zyyy

webkit.webprefs.fonts.serif.Zyyy

webkit.webprefs.fonts.sansserif.Zyyy

webkit.webprefs.fonts.sansserif.Zyyy

webkit.webprefs.fonts.cursive.Zyyy

webkit.webprefs.fonts.cursive.Zyyy

webkit.webprefs.fonts.fantasy.Zyyy

webkit.webprefs.fonts.fantasy.Zyyy

webkit.webprefs.fonts.pictograph.Zyyy

webkit.webprefs.fonts.pictograph.Zyyy

webkit.webprefs.fonts.standard

webkit.webprefs.fonts.standard

webkit.webprefs.fonts.fixed

webkit.webprefs.fonts.fixed

webkit.webprefs.fonts.serif

webkit.webprefs.fonts.serif

webkit.webprefs.fonts.sansserif

webkit.webprefs.fonts.sansserif

webkit.webprefs.fonts.cursive

webkit.webprefs.fonts.cursive

webkit.webprefs.fonts.fantasy

webkit.webprefs.fonts.fantasy

webkit.webprefs.fonts.pictograph

webkit.webprefs.fonts.pictograph

webkit.webprefs.fonts.standard.Arab

webkit.webprefs.fonts.standard.Arab

webkit.webprefs.fonts.fixed.Arab

webkit.webprefs.fonts.fixed.Arab

webkit.webprefs.fonts.serif.Arab

webkit.webprefs.fonts.serif.Arab

webkit.webprefs.fonts.sansserif.Arab

webkit.webprefs.fonts.sansserif.Arab

webkit.webprefs.fonts.standard.Cyrl

webkit.webprefs.fonts.standard.Cyrl

webkit.webprefs.fonts.fixed.Cyrl

webkit.webprefs.fonts.fixed.Cyrl

webkit.webprefs.fonts.serif.Cyrl

webkit.webprefs.fonts.serif.Cyrl

webkit.webprefs.fonts.sansserif.Cyrl

webkit.webprefs.fonts.sansserif.Cyrl

webkit.webprefs.fonts.standard.Grek

webkit.webprefs.fonts.standard.Grek

webkit.webprefs.fonts.fixed.Grek

webkit.webprefs.fonts.fixed.Grek

webkit.webprefs.fonts.serif.Grek

webkit.webprefs.fonts.serif.Grek

webkit.webprefs.fonts.sansserif.Grek

webkit.webprefs.fonts.sansserif.Grek

webkit.webprefs.fonts.standard.Jpan

webkit.webprefs.fonts.standard.Jpan

webkit.webprefs.fonts.fixed.Jpan

webkit.webprefs.fonts.fixed.Jpan

webkit.webprefs.fonts.serif.Jpan

webkit.webprefs.fonts.serif.Jpan

webkit.webprefs.fonts.sansserif.Jpan

webkit.webprefs.fonts.sansserif.Jpan

webkit.webprefs.fonts.standard.Hang

webkit.webprefs.fonts.standard.Hang

webkit.webprefs.fonts.fixed.Hang

webkit.webprefs.fonts.fixed.Hang

webkit.webprefs.fonts.serif.Hang

webkit.webprefs.fonts.serif.Hang

webkit.webprefs.fonts.sansserif.Hang

webkit.webprefs.fonts.sansserif.Hang

webkit.webprefs.fonts.cursive.Hang

webkit.webprefs.fonts.cursive.Hang

webkit.webprefs.fonts.standard.Hans

webkit.webprefs.fonts.standard.Hans

webkit.webprefs.fonts.fixed.Hans

webkit.webprefs.fonts.fixed.Hans

webkit.webprefs.fonts.serif.Hans

webkit.webprefs.fonts.serif.Hans

webkit.webprefs.fonts.sansserif.Hans

webkit.webprefs.fonts.sansserif.Hans

webkit.webprefs.fonts.standard.Hant

webkit.webprefs.fonts.standard.Hant

webkit.webprefs.fonts.fixed.Hant

webkit.webprefs.fonts.fixed.Hant

webkit.webprefs.fonts.serif.Hant

webkit.webprefs.fonts.serif.Hant

webkit.webprefs.fonts.sansserif.Hant

webkit.webprefs.fonts.sansserif.Hant

webkit.webprefs.default_font_size

webkit.webprefs.default_font_size

webkit.webprefs.default_fixed_font_size

webkit.webprefs.default_fixed_font_size

webkit.webprefs.minimum_font_size

webkit.webprefs.minimum_font_size

webkit.webprefs.minimum_logical_font_size

webkit.webprefs.minimum_logical_font_size

webkit.webprefs.javascript_enabled

webkit.webprefs.javascript_enabled

webkit.webprefs.web_security_enabled

webkit.webprefs.web_security_enabled

webkit.webprefs.javascript_can_open_windows_automatically

webkit.webprefs.javascript_can_open_windows_automatically

webkit.webprefs.loads_images_automatically

webkit.webprefs.loads_images_automatically

webkit.webprefs.plugins_enabled

webkit.webprefs.plugins_enabled

webkit.webprefs.dom_paste_enabled

webkit.webprefs.dom_paste_enabled

webkit.webprefs.shrinks_standalone_images_to_fit

webkit.webprefs.shrinks_standalone_images_to_fit

webkit.webprefs.uses_universal_detector

webkit.webprefs.uses_universal_detector

webkit.webprefs.text_areas_are_resizable

webkit.webprefs.text_areas_are_resizable

webkit.webprefs.java_enabled

webkit.webprefs.java_enabled

webkit.webprefs.tabs_to_links

webkit.webprefs.tabs_to_links

webkit.webprefs.allow_displaying_insecure_content

webkit.webprefs.allow_displaying_insecure_content

webkit.webprefs.allow_running_insecure_content

webkit.webprefs.allow_running_insecure_content

safebrowsing.enabled

safebrowsing.enabled

safebrowsing.extended_reporting_enabled

safebrowsing.extended_reporting_enabled

safebrowsing.proceed_anyway_disabled

safebrowsing.proceed_anyway_disabled

safebrowsing.incident_report_sent

safebrowsing.incident_report_sent

safebrowsing.incidents_sent

safebrowsing.incidents_sent

incognito.mode_availability

incognito.mode_availability

search.suggest_enabled

search.suggest_enabled

browser.confirm_to_quit

browser.confirm_to_quit

security.cookie_behavior

security.cookie_behavior

download.prompt_for_download

download.prompt_for_download

alternate_error_pages.enabled

alternate_error_pages.enabled

dns_prefetching.startup_list

dns_prefetching.startup_list

dns_prefetching.host_referral_list

dns_prefetching.host_referral_list

spdy.disabled

spdy.disabled

net.http_server_properties

net.http_server_properties

spdy.servers

spdy.servers

spdy.alternate_protocol

spdy.alternate_protocol

protocol.disabled_schemes

protocol.disabled_schemes

instant_ui.zero_suggest_url_prefix

instant_ui.zero_suggest_url_prefix

local_state.multiple_profile_prefs_version

local_state.multiple_profile_prefs_version

dns_prefetching.enabled

dns_prefetching.enabled

net.network_prediction_options

net.network_prediction_options

hide_web_store_icon

hide_web_store_icon

browser.show_home_button

browser.show_home_button

profile.recently_selected_encodings

profile.recently_selected_encodings

browser.clear_data.browsing_history

browser.clear_data.browsing_history

browser.clear_data.download_history

browser.clear_data.download_history

browser.clear_data.cache

browser.clear_data.cache

browser.clear_data.cookies

browser.clear_data.cookies

browser.clear_data.passwords

browser.clear_data.passwords

browser.clear_data.form_data

browser.clear_data.form_data

browser.clear_data.hosted_apps_data

browser.clear_data.hosted_apps_data

browser.clear_data.content_licenses

browser.clear_data.content_licenses

browser.enable_spellchecking

browser.enable_spellchecking

browser.speechinput_censor_results

browser.speechinput_censor_results

browser.speechinput_tray_notification_shown_contexts

browser.speechinput_tray_notification_shown_contexts

browser.enabled_labs_experiments

browser.enabled_labs_experiments

browser.enable_autospellcorrect

browser.enable_autospellcorrect

history.saving_disabled

history.saving_disabled

history.deleting_enabled

history.deleting_enabled

settings.force_safesearch

settings.force_safesearch

settings.history_recorded

settings.history_recorded

browser.clear_data.time_period

browser.clear_data.time_period

browser.last_clear_browsing_data_time

browser.last_clear_browsing_data_time

extensions.theme.pack

extensions.theme.pack

extensions.theme.id

extensions.theme.id

extensions.theme.images

extensions.theme.images

extensions.theme.colors

extensions.theme.colors

extensions.theme.tints

extensions.theme.tints

extensions.theme.properties

extensions.theme.properties

extensions.ui.developer_mode

extensions.ui.developer_mode

extensions.ui.dismissed_adt_promo

extensions.ui.dismissed_adt_promo

extensions.commands

extensions.commands

plugins.last_internal_directory

plugins.last_internal_directory

plugins.plugins_list

plugins.plugins_list

plugins.plugins_disabled

plugins.plugins_disabled

plugins.plugins_disabled_exceptions

plugins.plugins_disabled_exceptions

plugins.plugins_enabled

plugins.plugins_enabled

plugins.migrated_to_pepper_flash

plugins.migrated_to_pepper_flash

plugins.removed_old_component_pepper_flash_settings

plugins.removed_old_component_pepper_flash_settings

plugins.show_details

plugins.show_details

plugins.allow_outdated

plugins.allow_outdated

plugins.always_authorize

plugins.always_authorize

plugins.metadata

plugins.metadata

plugins.resource_cache_update

plugins.resource_cache_update

browser.check_default_browser

browser.check_default_browser

browser.default_browser_setting_enabled

browser.default_browser_setting_enabled

browser.custom_chrome_frame

browser.custom_chrome_frame

profile.content_settings.plugin_whitelist

profile.content_settings.plugin_whitelist

profile.block_third_party_cookies

profile.block_third_party_cookies

profile.clear_site_data_on_exit

profile.clear_site_data_on_exit

partition.default_zoom_level

partition.default_zoom_level

profile.default_zoom_level

profile.default_zoom_level

partition.per_host_zoom_levels

partition.per_host_zoom_levels

profile.per_host_zoom_levels

profile.per_host_zoom_levels

autofill.data_model_default

autofill.data_model_default

autofill.pay_without_wallet

autofill.pay_without_wallet

autofill.wallet_location_disclosure

autofill.wallet_location_disclosure

autofill.save_data

autofill.save_data

autofill.wallet_shipping_same_as_billing

autofill.wallet_shipping_same_as_billing

autofill.generated_card_bubble_times_shown

autofill.generated_card_bubble_times_shown

autofill.rac_dialog_defaults

autofill.rac_dialog_defaults

enable_deprecated_web_platform_features

enable_deprecated_web_platform_features

import_autofill_form_data

import_autofill_form_data

import_bookmarks

import_bookmarks

import_history

import_history

import_home_page

import_home_page

import_saved_passwords

import_saved_passwords

import_search_engine

import_search_engine

profile.avatar_index

profile.avatar_index

profile.using_default_name

profile.using_default_name

profile.name

profile.name

profile.using_default_avatar

profile.using_default_avatar

profile.using_gaia_avatar

profile.using_gaia_avatar

profile.managed_user_id

profile.managed_user_id

profile.gaia_info_update_time

profile.gaia_info_update_time

profile.gaia_info_picture_url

profile.gaia_info_picture_url

profile.avatar_bubble_tutorial_shown

profile.avatar_bubble_tutorial_shown

printing.enabled

printing.enabled

printing.print_preview_disabled

printing.print_preview_disabled

profile.managed.default_filtering_behavior

profile.managed.default_filtering_behavior

profile.managed_user_creation_allowed

profile.managed_user_creation_allowed

profile.managed_users

profile.managed_users

profile.reset_prompt_memento

profile.reset_prompt_memento

message_center.disabled_extension_ids

message_center.disabled_extension_ids

message_center.disabled_system_component_ids

message_center.disabled_system_component_ids

message_center.welcome_notification_dismissed

message_center.welcome_notification_dismissed

message_center.welcome_notification_dismissed_local

message_center.welcome_notification_dismissed_local

message_center.welcome_notification_previously_popped_up

message_center.welcome_notification_previously_popped_up

message_center.welcome_notification_expiration_timestamp

message_center.welcome_notification_expiration_timestamp

fullscreen.allowed

fullscreen.allowed

local_discovery.notifications_enabled

local_discovery.notifications_enabled

prefs.preference_reset_time

prefs.preference_reset_time

gcm.channel_enabled

gcm.channel_enabled

gcm.push_messaging_registration_count

gcm.push_messaging_registration_count

easy_unlock.allowed

easy_unlock.allowed

easy_unlock.enabled

easy_unlock.enabled

easy_unlock.pairing

easy_unlock.pairing

easy_unlock.proximity_required

easy_unlock.proximity_required

easy_unlock.show_tutorial

easy_unlock.show_tutorial

zerosuggest.cachedresults

zerosuggest.cachedresults

ssl.rev_checking.enabled

ssl.rev_checking.enabled

ssl.rev_checking.required_for_local_anchors

ssl.rev_checking.required_for_local_anchors

ssl.version_min

ssl.version_min

ssl.version_max

ssl.version_max

ssl.version_fallback_min

ssl.version_fallback_min

ssl.cipher_suites.blacklist

ssl.cipher_suites.blacklist

ssl.ssl_record_splitting.disabled

ssl.ssl_record_splitting.disabled

ssl.ssl_blocking_bypassed

ssl.ssl_blocking_bypassed

user_experience_metrics.reporting_enabled

user_experience_metrics.reporting_enabled

profile.last_used

profile.last_used

profile.last_active_profiles

profile.last_active_profiles

profile.profiles_created

profile.profiles_created

profile.info_cache

profile.info_cache

profile.created_by_version

profile.created_by_version

profile.reset_prompt_mementos

profile.reset_prompt_mementos

user_experience_metrics.stability.page_load_count

user_experience_metrics.stability.page_load_count

user_experience_metrics.stability.renderer_crash_count

user_experience_metrics.stability.renderer_crash_count

user_experience_metrics.stability.child_process_crash_count

user_experience_metrics.stability.child_process_crash_count

user_experience_metrics.stability.extension_renderer_crash_count

user_experience_metrics.stability.extension_renderer_crash_count

user_experience_metrics.stability.renderer_hang_count

user_experience_metrics.stability.renderer_hang_count

user_experience_metrics.stability.other_user_crash_count

user_experience_metrics.stability.other_user_crash_count

user_experience_metrics.stability.kernel_crash_count

user_experience_metrics.stability.kernel_crash_count

user_experience_metrics.stability.system_unclean_shutdowns

user_experience_metrics.stability.system_unclean_shutdowns

user_experience_metrics.stability.plugin_stats2

user_experience_metrics.stability.plugin_stats2

uninstall_metrics.page_load_count

uninstall_metrics.page_load_count

uninstall_metrics.last_launch_time_sec

uninstall_metrics.last_launch_time_sec

uninstall_metrics.last_observed_running_time_sec

uninstall_metrics.last_observed_running_time_sec

browser.suppress_default_browser_prompt_for_version

browser.suppress_default_browser_prompt_for_version

browser.window_placement

browser.window_placement

browser.window_placement_popup

browser.window_placement_popup

task_manager.window_placement

task_manager.window_placement

browser.app_window_placement

browser.app_window_placement

renderer.memory_cache.size

renderer.memory_cache.size

download.default_directory

download.default_directory

download.extensions_to_open

download.extensions_to_open

download.directory_upgrade

download.directory_upgrade

download.open_pdf_in_system_reader

download.open_pdf_in_system_reader

savefile.default_directory

savefile.default_directory

savefile.type

savefile.type

select_file_dialogs.allowed

select_file_dialogs.allowed

filebrowser.tasks.default_by_mime_type

filebrowser.tasks.default_by_mime_type

filebrowser.tasks.default_by_suffix

filebrowser.tasks.default_by_suffix

selectfile.last_directory

selectfile.last_directory

browser.hung_plugin_detect_freq

browser.hung_plugin_detect_freq

browser.plugin_message_response_timeout

browser.plugin_message_response_timeout

spellcheck.dictionary

spellcheck.dictionary

spellcheck.use_spelling_service

spellcheck.use_spelling_service

protocol_handler.excluded_schemes

protocol_handler.excluded_schemes

safe_browsing.client_key

safe_browsing.client_key

safe_browsing.wrapped_key

safe_browsing.wrapped_key

options_window.last_tab_index

options_window.last_tab_index

certificate_manager_window.last_tab_index

certificate_manager_window.last_tab_index

browser.last_redirect_origin

browser.last_redirect_origin

shutdown.type

shutdown.type

shutdown.num_processes

shutdown.num_processes

shutdown.num_processes_slow

shutdown.num_processes_slow

restart.last.session.on.shutdown

restart.last.session.on.shutdown

was.restarted

was.restarted

relaunch.mode

relaunch.mode

extensions.disabled

extensions.disabled

plugins.disable_plugin_finder

plugins.disable_plugin_finder

ntp.app_page_names

ntp.app_page_names

ntp.collapsed_open_tabs

ntp.collapsed_open_tabs

ntp.collapsed_foreign_sessions

ntp.collapsed_foreign_sessions

ntp.collapsed_recently_closed_tabs

ntp.collapsed_recently_closed_tabs

ntp.collapsed_snapshot_document

ntp.collapsed_snapshot_document

ntp.collapsed_sync_promo

ntp.collapsed_sync_promo

ntp.date_resource_server

ntp.date_resource_server

ntp.most_visited_blacklist

ntp.most_visited_blacklist

ntp.promo_desktop_session_found

ntp.promo_desktop_session_found

ntp.promo_resource_cache_update

ntp.promo_resource_cache_update

ntp.shown_bookmarks_folder

ntp.shown_bookmarks_folder

ntp.shown_page

ntp.shown_page

ntp.tips_resource_server

ntp.tips_resource_server

ntp.webstore_enabled

ntp.webstore_enabled

devtools.adb_key

devtools.adb_key

devtools.disabled

devtools.disabled

devtools.discover_usb_devices

devtools.discover_usb_devices

devtools.edited_files

devtools.edited_files

devtools.file_system_paths

devtools.file_system_paths

devtools.open_docked

devtools.open_docked

devtools.port_forwarding_enabled

devtools.port_forwarding_enabled

devtools.port_forwarding_default_set

devtools.port_forwarding_default_set

devtools.port_forwarding_config

devtools.port_forwarding_config

google.services.password_hash

google.services.password_hash

invalidation_service.use_gcm_channel

invalidation_service.use_gcm_channel

sync_promo.startup_count

sync_promo.startup_count

sync_promo.user_skipped

sync_promo.user_skipped

sync_promo.show_on_first_run_allowed

sync_promo.show_on_first_run_allowed

sync_promo.show_ntp_bubble

sync_promo.show_ntp_bubble

browser.web_app.create_on_desktop

browser.web_app.create_on_desktop

browser.web_app.create_in_apps_menu

browser.web_app.create_in_apps_menu

browser.web_app.create_in_quick_launch_bar

browser.web_app.create_in_quick_launch_bar

geolocation.access_token

geolocation.access_token

googlegeolocationaccess.enabled

googlegeolocationaccess.enabled

media.default_audio_capture_device

media.default_audio_capture_device

media.default_video_capture_Device

media.default_video_capture_Device

media.device_id_salt

media.device_id_salt

remote_access.host_firewall_traversal

remote_access.host_firewall_traversal

remote_access.host_require_two_factor

remote_access.host_require_two_factor

remote_access.host_domain

remote_access.host_domain

remote_access.host_talkgadget_prefix

remote_access.host_talkgadget_prefix

remote_access.host_require_curtain

remote_access.host_require_curtain

remote_access.host_allow_client_pairing

remote_access.host_allow_client_pairing

remote_access.host_allow_gnubby_auth

remote_access.host_allow_gnubby_auth

remote_access.host_allow_relayed_connection

remote_access.host_allow_relayed_connection

remote_access.host_udp_port_range

remote_access.host_udp_port_range

printing.print_preview_sticky_settings

printing.print_preview_sticky_settings

cloud_print.dialog_size.width

cloud_print.dialog_size.width

cloud_print.dialog_size.height

cloud_print.dialog_size.height

cloud_print.signin_dialog_size.width

cloud_print.signin_dialog_size.width

cloud_print.signin_dialog_size.height

cloud_print.signin_dialog_size.height

cloud_print.enabled

cloud_print.enabled

cloud_print.proxy_id

cloud_print.proxy_id

cloud_print.auth_token

cloud_print.auth_token

cloud_print.xmpp_auth_token

cloud_print.xmpp_auth_token

cloud_print.email

cloud_print.email

cloud_print.print_system_settings

cloud_print.print_system_settings

cloud_print.enable_job_poll

cloud_print.enable_job_poll

cloud_print.robot_refresh_token

cloud_print.robot_refresh_token

cloud_print.robot_email

cloud_print.robot_email

cloud_print.user_settings.connectNewPrinters

cloud_print.user_settings.connectNewPrinters

cloud_print.xmpp_ping_enabled

cloud_print.xmpp_ping_enabled

cloud_print.xmpp_ping_timeout_sec

cloud_print.xmpp_ping_timeout_sec

cloud_print.user_settings.printers

cloud_print.user_settings.printers

cloud_print.submit_enabled

cloud_print.submit_enabled

cloud_print.user_settings

cloud_print.user_settings

net.max_connections_per_proxy

net.max_connections_per_proxy

hardware.audio_capture_enabled

hardware.audio_capture_enabled

hardware.audio_capture_allowed_urls

hardware.audio_capture_allowed_urls

hardware.video_capture_enabled

hardware.video_capture_enabled

hardware.video_capture_allowed_urls

hardware.video_capture_allowed_urls

hotword.search_enabled_2

hotword.search_enabled_2

hotword.always_on_search_enabled

hotword.always_on_search_enabled

hotword.audio_logging_enabled

hotword.audio_logging_enabled

hotword.audio_history_enabled

hotword.audio_history_enabled

hotword.previous_language

hotword.previous_language

browser.clear_lso_data_enabled

browser.clear_lso_data_enabled

browser.pepper_flash_settings_enabled

browser.pepper_flash_settings_enabled

browser.disk_cache_dir

browser.disk_cache_dir

browser.disk_cache_size

browser.disk_cache_size

browser.media_cache_size

browser.media_cache_size

cros.system.releaseChannel

cros.system.releaseChannel

feedback.performance_tracing_enabled

feedback.performance_tracing_enabled

background_contents.registered

background_contents.registered

browser.shown_autolaunch_infobar

browser.shown_autolaunch_infobar

auth.schemes

auth.schemes

auth.disable_negotiate_cname_lookup

auth.disable_negotiate_cname_lookup

auth.enable_negotiate_port

auth.enable_negotiate_port

auth.server_whitelist

auth.server_whitelist

auth.negotiate_delegate_whitelist

auth.negotiate_delegate_whitelist

auth.gssapi_library_name

auth.gssapi_library_name

auth.allow_cross_origin_prompt

auth.allow_cross_origin_prompt

async_dns.enabled

async_dns.enabled

custom_handlers.registered_protocol_handlers

custom_handlers.registered_protocol_handlers

custom_handlers.ignored_protocol_handlers

custom_handlers.ignored_protocol_handlers

custom_handlers.policy.registered_protocol_handlers

custom_handlers.policy.registered_protocol_handlers

custom_handlers.policy.ignored_protocol_handlers

custom_handlers.policy.ignored_protocol_handlers

custom_handlers.enabled

custom_handlers.enabled

background_mode.enabled

background_mode.enabled

hardware_acceleration_mode.enabled

hardware_acceleration_mode.enabled

policy.device_refresh_rate

policy.device_refresh_rate

message_center.showed_first_run_balloon

message_center.showed_first_run_balloon

message_center.show_icon

message_center.show_icon

message_center.was_forced_on_taskbar

message_center.was_forced_on_taskbar

browser.attempted_to_enable_autoupdate

browser.attempted_to_enable_autoupdate

media_galleries.gallery_id

media_galleries.gallery_id

media_galleries.remembered_galleries

media_galleries.remembered_galleries

media_galleries.last_scan_time

media_galleries.last_scan_time

shelf_chrome_icon_index

shelf_chrome_icon_index

gesture.max_separation_for_gesture_touches_in_pixels

gesture.max_separation_for_gesture_touches_in_pixels

gesture.semi_long_press_time_in_ms

gesture.semi_long_press_time_in_ms

gesture.tab_scrub_activation_delay_in_ms

gesture.tab_scrub_activation_delay_in_ms

gesture.fling_max_cancel_to_down_time_in_ms

gesture.fling_max_cancel_to_down_time_in_ms

gesture.fling_max_tap_gap_time_in_ms

gesture.fling_max_tap_gap_time_in_ms

overscroll.horizontal_threshold_complete

overscroll.horizontal_threshold_complete

overscroll.vertical_threshold_complete

overscroll.vertical_threshold_complete

overscroll.minimum_threshold_start

overscroll.minimum_threshold_start

overscroll.minimum_threshold_start_touchpad

overscroll.minimum_threshold_start_touchpad

overscroll.vertical_threshold_start

overscroll.vertical_threshold_start

overscroll.horizontal_resist_threshold

overscroll.horizontal_resist_threshold

overscroll.vertical_resist_threshold

overscroll.vertical_resist_threshold

network_profile.warnings_left

network_profile.warnings_left

network_profile.last_warning_time

network_profile.last_warning_time

app_list.profile

app_list.profile

app_list.last_launch_ping

app_list.last_launch_ping

app_list.launch_count

app_list.launch_count

app_list.last_app_launch_ping

app_list.last_app_launch_ping

app_list.app_launch_count

app_list.app_launch_count

apps.app_launcher.has_been_enabled

apps.app_launcher.has_been_enabled

app_list.how_enabled

app_list.how_enabled

app_list.when_enabled

app_list.when_enabled

apps.app_launcher.should_show_apps_page

apps.app_launcher.should_show_apps_page

apps.app_launcher.shortcut_version

apps.app_launcher.shortcut_version

app_launcher.show_promo

app_launcher.show_promo

apps.app_launcher.drive_app_mapping

apps.app_launcher.drive_app_mapping

apps.app_launcher.uninstalled_drive_apps

apps.app_launcher.uninstalled_drive_apps

apps.app_launch_for_metro_restart

apps.app_launch_for_metro_restart

apps.app_launch_for_metro_restart_profile

apps.app_launch_for_metro_restart_profile

apps.shortcuts_version

apps.shortcuts_version

module_conflict.bubble_shown

module_conflict.bubble_shown

settings.privacy.drm_salt

settings.privacy.drm_salt

settings.privacy.drm_enabled

settings.privacy.drm_enabled

profile.extensions.activity_log.num_consumers_active

profile.extensions.activity_log.num_consumers_active

proxy.quick_check_enabled

proxy.quick_check_enabled

profile.browser_guest_enabled

profile.browser_guest_enabled

profile.add_person_enabled

profile.add_person_enabled

easy_unlock.hardlock_state

easy_unlock.hardlock_state

password_bubble.timestamp

password_bubble.timestamp

password_bubble.nopes

password_bubble.nopes

password_bubble.interactions

password_bubble.interactions

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

function not supported

function not supported

operation canceled

operation canceled

address_family_not_supported

address_family_not_supported

operation_in_progress

operation_in_progress

operation_not_supported

operation_not_supported

protocol_not_supported

protocol_not_supported

operation_would_block

operation_would_block

address family not supported

address family not supported

broken pipe

broken pipe

inappropriate io control operation

inappropriate io control operation

not supported

not supported

operation in progress

operation in progress

operation not permitted

operation not permitted

operation not supported

operation not supported

operation would block

operation would block

protocol not supported

protocol not supported

GetProcessWindowStation

GetProcessWindowStation

operator

operator

%s-%Iu

%s-%Iu

\uX

\uX

Dictionary keys must be quoted.

Dictionary keys must be quoted.

Unsupported encoding. JSON must be UTF-8.

Unsupported encoding. JSON must be UTF-8.

full-memory-crash-report

full-memory-crash-report

(0x%X)

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

Error (0x%X) while retrieving error. (0x%X)

(%d = %3.1f%%)

(%d = %3.1f%%)

Histogram: %s recorded %d samples

Histogram: %s recorded %d samples

(flags = 0x%x)

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

PlatformFile.UnknownErrors.Windows

user32.dll

user32.dll

0123456789

0123456789

.thunks

.thunks

.syzygy

.syzygy

Line: %i, column: %i, %s

Line: %i, column: %i, %s

C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb

C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

SignalChromeElf

chrome_elf.dll

chrome_elf.dll

VERSION.dll

VERSION.dll

WINMM.dll

WINMM.dll

SHLWAPI.dll

SHLWAPI.dll

RegCreateKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

GetAsyncKeyState

GetAsyncKeyState

CloseWindowStation

CloseWindowStation

CreateWindowStationW

CreateWindowStationW

SetProcessWindowStation

SetProcessWindowStation

USER32.dll

USER32.dll

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryW

GetWindowsDirectoryW

CreateIoCompletionPort

CreateIoCompletionPort

GetProcessHandleCount

GetProcessHandleCount

KERNEL32.dll

KERNEL32.dll

USERENV.dll

USERENV.dll

WTSAPI32.dll

WTSAPI32.dll

GetCPInfo

GetCPInfo

SetNamedPipeHandleState

SetNamedPipeHandleState

TransactNamedPipe

TransactNamedPipe

WaitNamedPipeW

WaitNamedPipeW

zcÁ

zcÁ

40.0.2214.115-000009c0-000dbc6b

40.0.2214.115-000009c0-000dbc6b

#$( ....6/6////. )

#$( ....6/6////. )

2( ..////6//6

2( ..////6//6

( /.///6////

( /.///6////

(//.//6///.`

(//.//6///.`

55;;/?

55;;/?

55;;>;>/

55;;>;>/

K%u!Xp

K%u!Xp

)^%x>

)^%x>

@DQSSSSSQLLHHGG?332200--'

@DQSSSSSQLLHHGG?332200--'

BDRSSSSQLLPHH??332000-7.

BDRSSSSQLLPHH??332000-7.

6%%%%#%###!!

6%%%%#%###!!

122200.- *('%

122200.- *('%

35955220.- ('$

35955220.- ('$

79::995420.-*(&

79::995420.-*(&

|(==7:89?

|(==7:89?

ÞDDDCA)

ÞDDDCA)

= =$=(=,=0=4=8=]=

= =$=(=,=0=4=8=]=

>&>,>3>9>@>]>

>&>,>3>9>@>]>

01f1

01f1

3%3U3w3

3%3U3w3

9.:4:8:<:>

9.:4:8:<:>

registering_chrome

registering_chrome

uninstalling_chrome_frame

uninstalling_chrome_frame

echrmstp.exe

echrmstp.exe

{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}

{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}

app_host.exe

app_host.exe

chrome.dll

chrome.dll

chrome_child.dll

chrome_child.dll

npchrome_frame.dll

npchrome_frame.dll

chrome_frame_helper.dll

chrome_frame_helper.dll

chrome_frame_helper.exe

chrome_frame_helper.exe

ChromeFrameHelperWindowClass

ChromeFrameHelperWindowClass

chrome_launcher.exe

chrome_launcher.exe

metro_driver.dll

metro_driver.dll

new_chrome.exe

new_chrome.exe

old_chrome.exe

old_chrome.exe

delegate_execute.exe

delegate_execute.exe

nacl64.exe

nacl64.exe

setup.exe

setup.exe

InstallerSuccessLaunchCmdLine

InstallerSuccessLaunchCmdLine

{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}

{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}

ChromeCanary

ChromeCanary

ChromeSSHTM

ChromeSSHTM

Chrome Canary HTML Document

Chrome Canary HTML Document

{1BEAC3E3-B852-44F4-B468-8906C062422E}

{1BEAC3E3-B852-44F4-B468-8906C062422E}

AGoogle Chrome Canary

AGoogle Chrome Canary

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

-chrome

-chrome

-chromeframe

-chromeframe

{8A69D345-D564-463C-AFF1-A69D9E530F96}

{8A69D345-D564-463C-AFF1-A69D9E530F96}

{430FD4D0-B729-4F61-AA34-91526481799D}

{430FD4D0-B729-4F61-AA34-91526481799D}

GoogleUpdateSetup.exe

GoogleUpdateSetup.exe

CFEndTempOptOutCmd

CFEndTempOptOutCmd

CFOptInCmd

CFOptInCmd

CFOptOutCmd

CFOptOutCmd

CFTempOptOutCmd

CFTempOptOutCmd

UninstallCmdLine

UninstallCmdLine

WebAccessible

WebAccessible

{8A69D345-D564-463c-AFF1-A69D9E530F96}

{8A69D345-D564-463c-AFF1-A69D9E530F96}

ChromeHTML

ChromeHTML

Chrome HTML Document

Chrome HTML Document

{5C65F4B0-3651-4514-B207-D10CB699B14B}

{5C65F4B0-3651-4514-B207-D10CB699B14B}

hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall

hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall

%d.%d.%d

%d.%d.%d

Google Chrome

Google Chrome

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

DGoogle Chrome App Launcher

DGoogle Chrome App Launcher

ChromeAppList

ChromeAppList

tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher

tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher

{8BA986DA-5100-405E-AA35-86F34A02ACBF}

{8BA986DA-5100-405E-AA35-86F34A02ACBF}

DGoogle Chrome Frame

DGoogle Chrome Frame

Google\Chrome Frame

Google\Chrome Frame

Chrome in a Frame.

Chrome in a Frame.

Uninstall Chrome Frame

Uninstall Chrome Frame

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame

{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}

{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}

Google Chrome binaries

Google Chrome binaries

\\.\pipe\GoogleCrashServices\

\\.\pipe\GoogleCrashServices\

\\.\pipe\ChromeCrashServices

\\.\pipe\ChromeCrashServices

error %u

error %u

ntdll.dll

ntdll.dll

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_DYN_DATA

pipe\

pipe\

Bkernel32.dll

Bkernel32.dll

kernelbase.dll

kernelbase.dll

eKey

eKey

Ckernel32.dll

Ckernel32.dll

gdi32.dll

gdi32.dll

xntdll.dll

xntdll.dll

wow_helper.exe"

wow_helper.exe"

Cntdll.dll

Cntdll.dll

SOFTWARE\Policies\Google\Chrome

SOFTWARE\Policies\Google\Chrome

Chrome_StatusTrayWindow

Chrome_StatusTrayWindow

Reported Crashes.txt

Reported Crashes.txt

testing_interface.dll

testing_interface.dll

Origin Bound Certs

Origin Bound Certs

Certificate Revocation Lists

Certificate Revocation Lists

Custom Dictionary.txt

Custom Dictionary.txt

Login Data

Login Data

Cached Theme.pak

Cached Theme.pak

Web Applications

Web Applications

pepflashplayer.dll

pepflashplayer.dll

Software\Google\Chrome\Metro

Software\Google\Chrome\Metro

CHROME_METRO_NAV_SEARCH_REQUEST

CHROME_METRO_NAV_SEARCH_REQUEST

CHROME_METRO_GET_CURRENT_TAB_INFO

CHROME_METRO_GET_CURRENT_TAB_INFO

Software\Google\Chrome\BrowserCrashDumpAttempts

Software\Google\Chrome\BrowserCrashDumpAttempts

${windows}

${windows}

hunspecified-crash-key

hunspecified-crash-key

Dmscoree.dll

Dmscoree.dll

IADVAPI32.DLL

IADVAPI32.DLL

- floating point support not loaded

- floating point support not loaded

- CRT not initialized

- CRT not initialized

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

USER32.DLL

USER32.DLL

portuguese-brazilian

portuguese-brazilian

dbghelp.dll

dbghelp.dll

rpcrt4.dll

rpcrt4.dll

%s\%s.dmp

%s\%s.dmp

x-x-x-xx-xxxxxx

x-x-x-xx-xxxxxx

Chrome_MessageWindow

Chrome_MessageWindow

sSoftware\Microsoft\Windows\CurrentVersion\Run

sSoftware\Microsoft\Windows\CurrentVersion\Run

.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32

.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32

Chrome_MessagePumpWindow_%p

Chrome_MessagePumpWindow_%p

Ndebug.log

Ndebug.log

.\debug.log

.\debug.log

\StringFileInfo\xx\%ls

\StringFileInfo\xx\%ls

%Program Files%\Google\Chrome\Application\chrome.exe

%Program Files%\Google\Chrome\Application\chrome.exe

chrome_exe

chrome_exe

chrome.exe_2704:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

HtdHtHHHt.HH

HtdHtHHHt.HH

j.Yf;

j.Yf;

_tcPVj@

_tcPVj@

.PjRW

.PjRW

c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc

c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc

No valid Chrome version found

No valid Chrome version found

c:\b\build\slave\win\build\src\chrome\app\client_util.cc

c:\b\build\slave\win\build\src\chrome\app\client_util.cc

Failed to load Chrome DLL from

Failed to load Chrome DLL from

ChromeMain

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded

Could not find exported function

Could not find exported function

allow-insecure-websocket-from-https-origin

allow-insecure-websocket-from-https-origin

disable-webgl

disable-webgl

disable-web-security

disable-web-security

enable-experimental-web-platform-features

enable-experimental-web-platform-features

enable-tcp-fastopen

enable-tcp-fastopen

enable-viewport

enable-viewport

enable-viewport-meta

enable-viewport-meta

enable-vtune-support

enable-vtune-support

enable-webgl-draft-extensions

enable-webgl-draft-extensions

enable-webgl-image-chromium

enable-webgl-image-chromium

enable-web-midi

enable-web-midi

ignore-certificate-errors

ignore-certificate-errors

remote-debugging-port

remote-debugging-port

renderer-cmd-prefix

renderer-cmd-prefix

testing-fixed-http-port

testing-fixed-http-port

testing-fixed-https-port

testing-fixed-https-port

trace-upload-url

trace-upload-url

utility-cmd-prefix

utility-cmd-prefix

zygote-cmd-prefix

zygote-cmd-prefix

disable-webrtc-hw-decoding

disable-webrtc-hw-decoding

disable-webrtc-encryption

disable-webrtc-encryption

disable-webrtc-hw-encoding

disable-webrtc-hw-encoding

enable-webrtc-hw-vp8-encoding

enable-webrtc-hw-vp8-encoding

enable-webrtc-hw-h264-encoding

enable-webrtc-hw-h264-encoding

disable-webaudio

disable-webaudio

1.3.21.115

1.3.21.115

%s-x-x

%s-x-x

Chrome

Chrome

0.0.0.0-devel

0.0.0.0-devel

%s-%x

%s-%x

url-chunk

url-chunk

font_key_name

font_key_name

subresource_url

subresource_url

CHROME_MAIN_TIME

CHROME_MAIN_TIME

c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc

c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc

Failed to write to application's ClientState key

Failed to write to application's ClientState key

Removed incremental installer failure key; switching to channel:

Removed incremental installer failure key; switching to channel:

Removed multi-install failure key; switching to channel:

Removed multi-install failure key; switching to channel:

auto-launch-chrome

auto-launch-chrome

chrome

chrome

chrome-frame

chrome-frame

chrome-sxs

chrome-sxs

do-not-launch-chrome

do-not-launch-chrome

make-chrome-default

make-chrome-default

new-setup-exe

new-setup-exe

register-chrome-browser

register-chrome-browser

register-chrome-browser-suffix

register-chrome-browser-suffix

register-dev-chrome

register-dev-chrome

register-url-protocol

register-url-protocol

rename-chrome-exe

rename-chrome-exe

remove-chrome-registration

remove-chrome-registration

update-setup-exe

update-setup-exe

toast-results-key

toast-results-key

c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc

c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc

Cannot initialize AppCommands from an invalid key.

Cannot initialize AppCommands from an invalid key.

c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc

c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Failed to open key "

Skipping over key "

Skipping over key "

iexplore.exe

iexplore.exe

googlechrome

googlechrome

googlechromeapphost

googlechromeapphost

googlechromeframe

googlechromeframe

Cannot initialize an AppCommand from an invalid key.

Cannot initialize an AppCommand from an invalid key.

c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc

c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc

c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc

c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc

CHROME_BREAKPAD_PIPE_NAME

CHROME_BREAKPAD_PIPE_NAME

c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc

c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc

NTDLL.DLL

NTDLL.DLL

kernel32.dll

kernel32.dll

c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc

c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

CreateNamedPipeW

NtCreateKey

NtCreateKey

NtOpenKey

NtOpenKey

NtOpenKeyEx

NtOpenKeyEx

AudioCaptureAllowedUrls

AudioCaptureAllowedUrls

AutoSelectCertificateForUrls

AutoSelectCertificateForUrls

ChromeFrameContentTypes

ChromeFrameContentTypes

ChromeFrameRendererSettings

ChromeFrameRendererSettings

ChromeOsLockOnIdleSuspend

ChromeOsLockOnIdleSuspend

ChromeOsMultiProfileUserBehavior

ChromeOsMultiProfileUserBehavior

ChromeOsReleaseChannel

ChromeOsReleaseChannel

ChromeOsReleaseChannelDelegated

ChromeOsReleaseChannelDelegated

CloudPrintProxyEnabled

CloudPrintProxyEnabled

CloudPrintSubmitEnabled

CloudPrintSubmitEnabled

ContentPackManualBehaviorURLs

ContentPackManualBehaviorURLs

CookiesAllowedForUrls

CookiesAllowedForUrls

CookiesBlockedForUrls

CookiesBlockedForUrls

CookiesSessionOnlyForUrls

CookiesSessionOnlyForUrls

DefaultSearchProviderAlternateURLs

DefaultSearchProviderAlternateURLs

DefaultSearchProviderIconURL

DefaultSearchProviderIconURL

DefaultSearchProviderImageURL

DefaultSearchProviderImageURL

DefaultSearchProviderImageURLPostParams

DefaultSearchProviderImageURLPostParams

DefaultSearchProviderInstantURL

DefaultSearchProviderInstantURL

DefaultSearchProviderInstantURLPostParams

DefaultSearchProviderInstantURLPostParams

DefaultSearchProviderKeyword

DefaultSearchProviderKeyword

DefaultSearchProviderNewTabURL

DefaultSearchProviderNewTabURL

DefaultSearchProviderSearchTermsReplacementKey

DefaultSearchProviderSearchTermsReplacementKey

DefaultSearchProviderSearchURL

DefaultSearchProviderSearchURL

DefaultSearchProviderSearchURLPostParams

DefaultSearchProviderSearchURLPostParams

DefaultSearchProviderSuggestURL

DefaultSearchProviderSuggestURL

DefaultSearchProviderSuggestURLPostParams

DefaultSearchProviderSuggestURLPostParams

DeviceAllowRedeemChromeOsRegistrationOffers

DeviceAllowRedeemChromeOsRegistrationOffers

DeviceLocalAccountAutoLoginBailoutEnabled

DeviceLocalAccountAutoLoginBailoutEnabled

DeviceLocalAccountAutoLoginDelay

DeviceLocalAccountAutoLoginDelay

DeviceLocalAccountAutoLoginId

DeviceLocalAccountAutoLoginId

DeviceLoginScreenDefaultHighContrastEnabled

DeviceLoginScreenDefaultHighContrastEnabled

DeviceLoginScreenDefaultLargeCursorEnabled

DeviceLoginScreenDefaultLargeCursorEnabled

DeviceLoginScreenDefaultScreenMagnifierType

DeviceLoginScreenDefaultScreenMagnifierType

DeviceLoginScreenDefaultSpokenFeedbackEnabled

DeviceLoginScreenDefaultSpokenFeedbackEnabled

DeviceLoginScreenDefaultVirtualKeyboardEnabled

DeviceLoginScreenDefaultVirtualKeyboardEnabled

DeviceLoginScreenPowerManagement

DeviceLoginScreenPowerManagement

DeviceLoginScreenSaverId

DeviceLoginScreenSaverId

DeviceLoginScreenSaverTimeout

DeviceLoginScreenSaverTimeout

DeviceMetricsReportingEnabled

DeviceMetricsReportingEnabled

DeviceStartUpUrls

DeviceStartUpUrls

DeviceUpdateHttpDownloadsEnabled

DeviceUpdateHttpDownloadsEnabled

EnableAuthNegotiatePort

EnableAuthNegotiatePort

EnableDeprecatedWebPlatformFeatures

EnableDeprecatedWebPlatformFeatures

EnableOriginBoundCerts

EnableOriginBoundCerts

EnableWebBasedSignin

EnableWebBasedSignin

EnterpriseWebStoreName

EnterpriseWebStoreName

EnterpriseWebStoreURL

EnterpriseWebStoreURL

HideWebStoreIcon

HideWebStoreIcon

HideWebStorePromo

HideWebStorePromo

ImagesAllowedForUrls

ImagesAllowedForUrls

ImagesBlockedForUrls

ImagesBlockedForUrls

ImportAutofillFormData

ImportAutofillFormData

ImportBookmarks

ImportBookmarks

ImportHistory

ImportHistory

ImportHomepage

ImportHomepage

ImportSavedPasswords

ImportSavedPasswords

ImportSearchEngine

ImportSearchEngine

JavaScriptAllowedForUrls

JavaScriptAllowedForUrls

JavaScriptBlockedForUrls

JavaScriptBlockedForUrls

KeyboardDefaultToFunctionKeys

KeyboardDefaultToFunctionKeys

MetricsReportingEnabled

MetricsReportingEnabled

NotificationsAllowedForUrls

NotificationsAllowedForUrls

NotificationsBlockedForUrls

NotificationsBlockedForUrls

PasswordManagerAllowShowPasswords

PasswordManagerAllowShowPasswords

PasswordManagerEnabled

PasswordManagerEnabled

PluginsAllowedForUrls

PluginsAllowedForUrls

PluginsBlockedForUrls

PluginsBlockedForUrls

PopupsAllowedForUrls

PopupsAllowedForUrls

PopupsBlockedForUrls

PopupsBlockedForUrls

ProxyBypassList

ProxyBypassList

ProxyPacUrl

ProxyPacUrl

RemoteAccessHostAllowClientPairing

RemoteAccessHostAllowClientPairing

RemoteAccessHostAllowGnubbyAuth

RemoteAccessHostAllowGnubbyAuth

RemoteAccessHostAllowRelayedConnection

RemoteAccessHostAllowRelayedConnection

RemoteAccessHostDomain

RemoteAccessHostDomain

RemoteAccessHostFirewallTraversal

RemoteAccessHostFirewallTraversal

RemoteAccessHostRequireCurtain

RemoteAccessHostRequireCurtain

RemoteAccessHostRequireTwoFactor

RemoteAccessHostRequireTwoFactor

RemoteAccessHostTalkGadgetPrefix

RemoteAccessHostTalkGadgetPrefix

RemoteAccessHostUdpPortRange

RemoteAccessHostUdpPortRange

RenderInChromeFrameList

RenderInChromeFrameList

ReportDeviceActivityTimes

ReportDeviceActivityTimes

ReportDeviceBootMode

ReportDeviceBootMode

ReportDeviceLocation

ReportDeviceLocation

ReportDeviceNetworkInterfaces

ReportDeviceNetworkInterfaces

ReportDeviceUsers

ReportDeviceUsers

ReportDeviceVersionInfo

ReportDeviceVersionInfo

RestoreOnStartupURLs

RestoreOnStartupURLs

ShowAppsShortcutInBookmarkBar

ShowAppsShortcutInBookmarkBar

SuppressChromeFrameTurndownPrompt

SuppressChromeFrameTurndownPrompt

TermsOfServiceURL

TermsOfServiceURL

TouchVirtualKeyboardEnabled

TouchVirtualKeyboardEnabled

URLBlacklist

URLBlacklist

URLWhitelist

URLWhitelist

VideoCaptureAllowedUrls

VideoCaptureAllowedUrls

VirtualKeyboardEnabled

VirtualKeyboardEnabled

update_url

update_url

^update_url:

^update_url:

CHROME_VERSION

CHROME_VERSION

CHROME_SAFE_MODE

CHROME_SAFE_MODE

2676A9A2-D919-4FEE-9187-152100393AB2

2676A9A2-D919-4FEE-9187-152100393AB2

pack-extension-key

pack-extension-key

permission-request-api-url

permission-request-api-url

promo-server-url

promo-server-url

proxy-bypass-list

proxy-bypass-list

proxy-pac-url

proxy-pac-url

remember-cert-error-decisions

remember-cert-error-decisions

spelling-service-feedback-url

spelling-service-feedback-url

sync-url

sync-url

try-chrome-again

try-chrome-again

variations-server-url

variations-server-url

winhttp-proxy-resolver

winhttp-proxy-resolver

plugins-metadata-server-url

plugins-metadata-server-url

windows8-search

windows8-search

allow-http-screen-capture

allow-http-screen-capture

app-list-start-page-url

app-list-start-page-url

apps-checkout-url

apps-checkout-url

apps-gallery-download-url

apps-gallery-download-url

apps-gallery-url

apps-gallery-url

apps-gallery-update-url

apps-gallery-update-url

certificate-transparency-log

certificate-transparency-log

disable-extensions-http-throttling

disable-extensions-http-throttling

disable-password-manager-reauthentication

disable-password-manager-reauthentication

disable-quic-port-selection

disable-quic-port-selection

disable-save-password-bubble

disable-save-password-bubble

disable-web-resources

disable-web-resources

enable-auth-negotiate-port

enable-auth-negotiate-port

enable-npn-http

enable-npn-http

enable-quic-port-selection

enable-quic-port-selection

enable-save-password-bubble

enable-save-password-bubble

enable-sdch-over-https

enable-sdch-over-https

enable-user-controlled-alternate-protocol-ports

enable-user-controlled-alternate-protocol-ports

enable-websocket-over-spdy

enable-websocket-over-spdy

enable-website-settings-manager

enable-website-settings-manager

explicitly-allowed-ports

explicitly-allowed-ports

extensions-not-webstore

extensions-not-webstore

ignore-urlfetcher-cert-requests

ignore-urlfetcher-cert-requests

install-chrome-app

install-chrome-app

install-ephemeral-app-from-webstore

install-ephemeral-app-from-webstore

40.0.2214.115

40.0.2214.115

CHROME_HEADLESS

CHROME_HEADLESS

CHROME_LOG_FILE

CHROME_LOG_FILE

CHROME_METRO_CONNECTED

CHROME_METRO_CONNECTED

CHROMEOS_SESSION_LOG_DIR

CHROMEOS_SESSION_LOG_DIR

CHROME_CRASHED

CHROME_CRASHED

CHROME_RESTART

CHROME_RESTART

chrome.googleechotest.com

chrome.googleechotest.com

profile.ephemeral_mode

profile.ephemeral_mode

profile.icon_version

profile.icon_version

session.restore_on_startup

session.restore_on_startup

session.restore_on_startup_migrated

session.restore_on_startup_migrated

session.startup_urls_migration_time

session.startup_urls_migration_time

profile.exited_cleanly

profile.exited_cleanly

profile.exit_type

profile.exit_type

profile.managed.custodian_email

profile.managed.custodian_email

profile.managed.custodian_name

profile.managed.custodian_name

profile.managed.custodian_profile_image_url

profile.managed.custodian_profile_image_url

profile.managed.custodian_profile_url

profile.managed.custodian_profile_url

profile.managed.manual_hosts

profile.managed.manual_hosts

profile.managed.manual_urls

profile.managed.manual_urls

profile.managed.second_custodian_email

profile.managed.second_custodian_email

profile.managed.second_custodian_name

profile.managed.second_custodian_name

profile.managed.second_custodian_profile_image_url

profile.managed.second_custodian_profile_image_url

profile.managed.second_custodian_profile_url

profile.managed.second_custodian_profile_url

profile.managed.shared_settings

profile.managed.shared_settings

session.startup_urls

session.startup_urls

session.urls_to_restore_on_startup

session.urls_to_restore_on_startup

intl.app_locale

intl.app_locale

intl.charset_default

intl.charset_default

intl.accept_languages

intl.accept_languages

intl.static_encodings

intl.static_encodings

webkit.webprefs.fonts.standard.Zyyy

webkit.webprefs.fonts.standard.Zyyy

webkit.webprefs.fonts.fixed.Zyyy

webkit.webprefs.fonts.fixed.Zyyy

webkit.webprefs.fonts.serif.Zyyy

webkit.webprefs.fonts.serif.Zyyy

webkit.webprefs.fonts.sansserif.Zyyy

webkit.webprefs.fonts.sansserif.Zyyy

webkit.webprefs.fonts.cursive.Zyyy

webkit.webprefs.fonts.cursive.Zyyy

webkit.webprefs.fonts.fantasy.Zyyy

webkit.webprefs.fonts.fantasy.Zyyy

webkit.webprefs.fonts.pictograph.Zyyy

webkit.webprefs.fonts.pictograph.Zyyy

webkit.webprefs.fonts.standard

webkit.webprefs.fonts.standard

webkit.webprefs.fonts.fixed

webkit.webprefs.fonts.fixed

webkit.webprefs.fonts.serif

webkit.webprefs.fonts.serif

webkit.webprefs.fonts.sansserif

webkit.webprefs.fonts.sansserif

webkit.webprefs.fonts.cursive

webkit.webprefs.fonts.cursive

webkit.webprefs.fonts.fantasy

webkit.webprefs.fonts.fantasy

webkit.webprefs.fonts.pictograph

webkit.webprefs.fonts.pictograph

webkit.webprefs.fonts.standard.Arab

webkit.webprefs.fonts.standard.Arab

webkit.webprefs.fonts.fixed.Arab

webkit.webprefs.fonts.fixed.Arab

webkit.webprefs.fonts.serif.Arab

webkit.webprefs.fonts.serif.Arab

webkit.webprefs.fonts.sansserif.Arab

webkit.webprefs.fonts.sansserif.Arab

webkit.webprefs.fonts.standard.Cyrl

webkit.webprefs.fonts.standard.Cyrl

webkit.webprefs.fonts.fixed.Cyrl

webkit.webprefs.fonts.fixed.Cyrl

webkit.webprefs.fonts.serif.Cyrl

webkit.webprefs.fonts.serif.Cyrl

webkit.webprefs.fonts.sansserif.Cyrl

webkit.webprefs.fonts.sansserif.Cyrl

webkit.webprefs.fonts.standard.Grek

webkit.webprefs.fonts.standard.Grek

webkit.webprefs.fonts.fixed.Grek

webkit.webprefs.fonts.fixed.Grek

webkit.webprefs.fonts.serif.Grek

webkit.webprefs.fonts.serif.Grek

webkit.webprefs.fonts.sansserif.Grek

webkit.webprefs.fonts.sansserif.Grek

webkit.webprefs.fonts.standard.Jpan

webkit.webprefs.fonts.standard.Jpan

webkit.webprefs.fonts.fixed.Jpan

webkit.webprefs.fonts.fixed.Jpan

webkit.webprefs.fonts.serif.Jpan

webkit.webprefs.fonts.serif.Jpan

webkit.webprefs.fonts.sansserif.Jpan

webkit.webprefs.fonts.sansserif.Jpan

webkit.webprefs.fonts.standard.Hang

webkit.webprefs.fonts.standard.Hang

webkit.webprefs.fonts.fixed.Hang

webkit.webprefs.fonts.fixed.Hang

webkit.webprefs.fonts.serif.Hang

webkit.webprefs.fonts.serif.Hang

webkit.webprefs.fonts.sansserif.Hang

webkit.webprefs.fonts.sansserif.Hang

webkit.webprefs.fonts.cursive.Hang

webkit.webprefs.fonts.cursive.Hang

webkit.webprefs.fonts.standard.Hans

webkit.webprefs.fonts.standard.Hans

webkit.webprefs.fonts.fixed.Hans

webkit.webprefs.fonts.fixed.Hans

webkit.webprefs.fonts.serif.Hans

webkit.webprefs.fonts.serif.Hans

webkit.webprefs.fonts.sansserif.Hans

webkit.webprefs.fonts.sansserif.Hans

webkit.webprefs.fonts.standard.Hant

webkit.webprefs.fonts.standard.Hant

webkit.webprefs.fonts.fixed.Hant

webkit.webprefs.fonts.fixed.Hant

webkit.webprefs.fonts.serif.Hant

webkit.webprefs.fonts.serif.Hant

webkit.webprefs.fonts.sansserif.Hant

webkit.webprefs.fonts.sansserif.Hant

webkit.webprefs.default_font_size

webkit.webprefs.default_font_size

webkit.webprefs.default_fixed_font_size

webkit.webprefs.default_fixed_font_size

webkit.webprefs.minimum_font_size

webkit.webprefs.minimum_font_size

webkit.webprefs.minimum_logical_font_size

webkit.webprefs.minimum_logical_font_size

webkit.webprefs.javascript_enabled

webkit.webprefs.javascript_enabled

webkit.webprefs.web_security_enabled

webkit.webprefs.web_security_enabled

webkit.webprefs.javascript_can_open_windows_automatically

webkit.webprefs.javascript_can_open_windows_automatically

webkit.webprefs.loads_images_automatically

webkit.webprefs.loads_images_automatically

webkit.webprefs.plugins_enabled

webkit.webprefs.plugins_enabled

webkit.webprefs.dom_paste_enabled

webkit.webprefs.dom_paste_enabled

webkit.webprefs.shrinks_standalone_images_to_fit

webkit.webprefs.shrinks_standalone_images_to_fit

webkit.webprefs.uses_universal_detector

webkit.webprefs.uses_universal_detector

webkit.webprefs.text_areas_are_resizable

webkit.webprefs.text_areas_are_resizable

webkit.webprefs.java_enabled

webkit.webprefs.java_enabled

webkit.webprefs.tabs_to_links

webkit.webprefs.tabs_to_links

webkit.webprefs.allow_displaying_insecure_content

webkit.webprefs.allow_displaying_insecure_content

webkit.webprefs.allow_running_insecure_content

webkit.webprefs.allow_running_insecure_content

safebrowsing.enabled

safebrowsing.enabled

safebrowsing.extended_reporting_enabled

safebrowsing.extended_reporting_enabled

safebrowsing.proceed_anyway_disabled

safebrowsing.proceed_anyway_disabled

safebrowsing.incident_report_sent

safebrowsing.incident_report_sent

safebrowsing.incidents_sent

safebrowsing.incidents_sent

incognito.mode_availability

incognito.mode_availability

search.suggest_enabled

search.suggest_enabled

browser.confirm_to_quit

browser.confirm_to_quit

security.cookie_behavior

security.cookie_behavior

download.prompt_for_download

download.prompt_for_download

alternate_error_pages.enabled

alternate_error_pages.enabled

dns_prefetching.startup_list

dns_prefetching.startup_list

dns_prefetching.host_referral_list

dns_prefetching.host_referral_list

spdy.disabled

spdy.disabled

net.http_server_properties

net.http_server_properties

spdy.servers

spdy.servers

spdy.alternate_protocol

spdy.alternate_protocol

protocol.disabled_schemes

protocol.disabled_schemes

instant_ui.zero_suggest_url_prefix

instant_ui.zero_suggest_url_prefix

local_state.multiple_profile_prefs_version

local_state.multiple_profile_prefs_version

dns_prefetching.enabled

dns_prefetching.enabled

net.network_prediction_options

net.network_prediction_options

hide_web_store_icon

hide_web_store_icon

browser.show_home_button

browser.show_home_button

profile.recently_selected_encodings

profile.recently_selected_encodings

browser.clear_data.browsing_history

browser.clear_data.browsing_history

browser.clear_data.download_history

browser.clear_data.download_history

browser.clear_data.cache

browser.clear_data.cache

browser.clear_data.cookies

browser.clear_data.cookies

browser.clear_data.passwords

browser.clear_data.passwords

browser.clear_data.form_data

browser.clear_data.form_data

browser.clear_data.hosted_apps_data

browser.clear_data.hosted_apps_data

browser.clear_data.content_licenses

browser.clear_data.content_licenses

browser.enable_spellchecking

browser.enable_spellchecking

browser.speechinput_censor_results

browser.speechinput_censor_results

browser.speechinput_tray_notification_shown_contexts

browser.speechinput_tray_notification_shown_contexts

browser.enabled_labs_experiments

browser.enabled_labs_experiments

browser.enable_autospellcorrect

browser.enable_autospellcorrect

history.saving_disabled

history.saving_disabled

history.deleting_enabled

history.deleting_enabled

settings.force_safesearch

settings.force_safesearch

settings.history_recorded

settings.history_recorded

browser.clear_data.time_period

browser.clear_data.time_period

browser.last_clear_browsing_data_time

browser.last_clear_browsing_data_time

extensions.theme.pack

extensions.theme.pack

extensions.theme.id

extensions.theme.id

extensions.theme.images

extensions.theme.images

extensions.theme.colors

extensions.theme.colors

extensions.theme.tints

extensions.theme.tints

extensions.theme.properties

extensions.theme.properties

extensions.ui.developer_mode

extensions.ui.developer_mode

extensions.ui.dismissed_adt_promo

extensions.ui.dismissed_adt_promo

extensions.commands

extensions.commands

plugins.last_internal_directory

plugins.last_internal_directory

plugins.plugins_list

plugins.plugins_list

plugins.plugins_disabled

plugins.plugins_disabled

plugins.plugins_disabled_exceptions

plugins.plugins_disabled_exceptions

plugins.plugins_enabled

plugins.plugins_enabled

plugins.migrated_to_pepper_flash

plugins.migrated_to_pepper_flash

plugins.removed_old_component_pepper_flash_settings

plugins.removed_old_component_pepper_flash_settings

plugins.show_details

plugins.show_details

plugins.allow_outdated

plugins.allow_outdated

plugins.always_authorize

plugins.always_authorize

plugins.metadata

plugins.metadata

plugins.resource_cache_update

plugins.resource_cache_update

browser.check_default_browser

browser.check_default_browser

browser.default_browser_setting_enabled

browser.default_browser_setting_enabled

browser.custom_chrome_frame

browser.custom_chrome_frame

profile.content_settings.plugin_whitelist

profile.content_settings.plugin_whitelist

profile.block_third_party_cookies

profile.block_third_party_cookies

profile.clear_site_data_on_exit

profile.clear_site_data_on_exit

partition.default_zoom_level

partition.default_zoom_level

profile.default_zoom_level

profile.default_zoom_level

partition.per_host_zoom_levels

partition.per_host_zoom_levels

profile.per_host_zoom_levels

profile.per_host_zoom_levels

autofill.data_model_default

autofill.data_model_default

autofill.pay_without_wallet

autofill.pay_without_wallet

autofill.wallet_location_disclosure

autofill.wallet_location_disclosure

autofill.save_data

autofill.save_data

autofill.wallet_shipping_same_as_billing

autofill.wallet_shipping_same_as_billing

autofill.generated_card_bubble_times_shown

autofill.generated_card_bubble_times_shown

autofill.rac_dialog_defaults

autofill.rac_dialog_defaults

enable_deprecated_web_platform_features

enable_deprecated_web_platform_features

import_autofill_form_data

import_autofill_form_data

import_bookmarks

import_bookmarks

import_history

import_history

import_home_page

import_home_page

import_saved_passwords

import_saved_passwords

import_search_engine

import_search_engine

profile.avatar_index

profile.avatar_index

profile.using_default_name

profile.using_default_name

profile.name

profile.name

profile.using_default_avatar

profile.using_default_avatar

profile.using_gaia_avatar

profile.using_gaia_avatar

profile.managed_user_id

profile.managed_user_id

profile.gaia_info_update_time

profile.gaia_info_update_time

profile.gaia_info_picture_url

profile.gaia_info_picture_url

profile.avatar_bubble_tutorial_shown

profile.avatar_bubble_tutorial_shown

printing.enabled

printing.enabled

printing.print_preview_disabled

printing.print_preview_disabled

profile.managed.default_filtering_behavior

profile.managed.default_filtering_behavior

profile.managed_user_creation_allowed

profile.managed_user_creation_allowed

profile.managed_users

profile.managed_users

profile.reset_prompt_memento

profile.reset_prompt_memento

message_center.disabled_extension_ids

message_center.disabled_extension_ids

message_center.disabled_system_component_ids

message_center.disabled_system_component_ids

message_center.welcome_notification_dismissed

message_center.welcome_notification_dismissed

message_center.welcome_notification_dismissed_local

message_center.welcome_notification_dismissed_local

message_center.welcome_notification_previously_popped_up

message_center.welcome_notification_previously_popped_up

message_center.welcome_notification_expiration_timestamp

message_center.welcome_notification_expiration_timestamp

fullscreen.allowed

fullscreen.allowed

local_discovery.notifications_enabled

local_discovery.notifications_enabled

prefs.preference_reset_time

prefs.preference_reset_time

gcm.channel_enabled

gcm.channel_enabled

gcm.push_messaging_registration_count

gcm.push_messaging_registration_count

easy_unlock.allowed

easy_unlock.allowed

easy_unlock.enabled

easy_unlock.enabled

easy_unlock.pairing

easy_unlock.pairing

easy_unlock.proximity_required

easy_unlock.proximity_required

easy_unlock.show_tutorial

easy_unlock.show_tutorial

zerosuggest.cachedresults

zerosuggest.cachedresults

ssl.rev_checking.enabled

ssl.rev_checking.enabled

ssl.rev_checking.required_for_local_anchors

ssl.rev_checking.required_for_local_anchors

ssl.version_min

ssl.version_min

ssl.version_max

ssl.version_max

ssl.version_fallback_min

ssl.version_fallback_min

ssl.cipher_suites.blacklist

ssl.cipher_suites.blacklist

ssl.ssl_record_splitting.disabled

ssl.ssl_record_splitting.disabled

ssl.ssl_blocking_bypassed

ssl.ssl_blocking_bypassed

user_experience_metrics.reporting_enabled

user_experience_metrics.reporting_enabled

profile.last_used

profile.last_used

profile.last_active_profiles

profile.last_active_profiles

profile.profiles_created

profile.profiles_created

profile.info_cache

profile.info_cache

profile.created_by_version

profile.created_by_version

profile.reset_prompt_mementos

profile.reset_prompt_mementos

user_experience_metrics.stability.page_load_count

user_experience_metrics.stability.page_load_count

user_experience_metrics.stability.renderer_crash_count

user_experience_metrics.stability.renderer_crash_count

user_experience_metrics.stability.child_process_crash_count

user_experience_metrics.stability.child_process_crash_count

user_experience_metrics.stability.extension_renderer_crash_count

user_experience_metrics.stability.extension_renderer_crash_count

user_experience_metrics.stability.renderer_hang_count

user_experience_metrics.stability.renderer_hang_count

user_experience_metrics.stability.other_user_crash_count

user_experience_metrics.stability.other_user_crash_count

user_experience_metrics.stability.kernel_crash_count

user_experience_metrics.stability.kernel_crash_count

user_experience_metrics.stability.system_unclean_shutdowns

user_experience_metrics.stability.system_unclean_shutdowns

user_experience_metrics.stability.plugin_stats2

user_experience_metrics.stability.plugin_stats2

uninstall_metrics.page_load_count

uninstall_metrics.page_load_count

uninstall_metrics.last_launch_time_sec

uninstall_metrics.last_launch_time_sec

uninstall_metrics.last_observed_running_time_sec

uninstall_metrics.last_observed_running_time_sec

browser.suppress_default_browser_prompt_for_version

browser.suppress_default_browser_prompt_for_version

browser.window_placement

browser.window_placement

browser.window_placement_popup

browser.window_placement_popup

task_manager.window_placement

task_manager.window_placement

browser.app_window_placement

browser.app_window_placement

renderer.memory_cache.size

renderer.memory_cache.size

download.default_directory

download.default_directory

download.extensions_to_open

download.extensions_to_open

download.directory_upgrade

download.directory_upgrade

download.open_pdf_in_system_reader

download.open_pdf_in_system_reader

savefile.default_directory

savefile.default_directory

savefile.type

savefile.type

select_file_dialogs.allowed

select_file_dialogs.allowed

filebrowser.tasks.default_by_mime_type

filebrowser.tasks.default_by_mime_type

filebrowser.tasks.default_by_suffix

filebrowser.tasks.default_by_suffix

selectfile.last_directory

selectfile.last_directory

browser.hung_plugin_detect_freq

browser.hung_plugin_detect_freq

browser.plugin_message_response_timeout

browser.plugin_message_response_timeout

spellcheck.dictionary

spellcheck.dictionary

spellcheck.use_spelling_service

spellcheck.use_spelling_service

protocol_handler.excluded_schemes

protocol_handler.excluded_schemes

safe_browsing.client_key

safe_browsing.client_key

safe_browsing.wrapped_key

safe_browsing.wrapped_key

options_window.last_tab_index

options_window.last_tab_index

certificate_manager_window.last_tab_index

certificate_manager_window.last_tab_index

browser.last_redirect_origin

browser.last_redirect_origin

shutdown.type

shutdown.type

shutdown.num_processes

shutdown.num_processes

shutdown.num_processes_slow

shutdown.num_processes_slow

restart.last.session.on.shutdown

restart.last.session.on.shutdown

was.restarted

was.restarted

relaunch.mode

relaunch.mode

extensions.disabled

extensions.disabled

plugins.disable_plugin_finder

plugins.disable_plugin_finder

ntp.app_page_names

ntp.app_page_names

ntp.collapsed_open_tabs

ntp.collapsed_open_tabs

ntp.collapsed_foreign_sessions

ntp.collapsed_foreign_sessions

ntp.collapsed_recently_closed_tabs

ntp.collapsed_recently_closed_tabs

ntp.collapsed_snapshot_document

ntp.collapsed_snapshot_document

ntp.collapsed_sync_promo

ntp.collapsed_sync_promo

ntp.date_resource_server

ntp.date_resource_server

ntp.most_visited_blacklist

ntp.most_visited_blacklist

ntp.promo_desktop_session_found

ntp.promo_desktop_session_found

ntp.promo_resource_cache_update

ntp.promo_resource_cache_update

ntp.shown_bookmarks_folder

ntp.shown_bookmarks_folder

ntp.shown_page

ntp.shown_page

ntp.tips_resource_server

ntp.tips_resource_server

ntp.webstore_enabled

ntp.webstore_enabled

devtools.adb_key

devtools.adb_key

devtools.disabled

devtools.disabled

devtools.discover_usb_devices

devtools.discover_usb_devices

devtools.edited_files

devtools.edited_files

devtools.file_system_paths

devtools.file_system_paths

devtools.open_docked

devtools.open_docked

devtools.port_forwarding_enabled

devtools.port_forwarding_enabled

devtools.port_forwarding_default_set

devtools.port_forwarding_default_set

devtools.port_forwarding_config

devtools.port_forwarding_config

google.services.password_hash

google.services.password_hash

invalidation_service.use_gcm_channel

invalidation_service.use_gcm_channel

sync_promo.startup_count

sync_promo.startup_count

sync_promo.user_skipped

sync_promo.user_skipped

sync_promo.show_on_first_run_allowed

sync_promo.show_on_first_run_allowed

sync_promo.show_ntp_bubble

sync_promo.show_ntp_bubble

browser.web_app.create_on_desktop

browser.web_app.create_on_desktop

browser.web_app.create_in_apps_menu

browser.web_app.create_in_apps_menu

browser.web_app.create_in_quick_launch_bar

browser.web_app.create_in_quick_launch_bar

geolocation.access_token

geolocation.access_token

googlegeolocationaccess.enabled

googlegeolocationaccess.enabled

media.default_audio_capture_device

media.default_audio_capture_device

media.default_video_capture_Device

media.default_video_capture_Device

media.device_id_salt

media.device_id_salt

remote_access.host_firewall_traversal

remote_access.host_firewall_traversal

remote_access.host_require_two_factor

remote_access.host_require_two_factor

remote_access.host_domain

remote_access.host_domain

remote_access.host_talkgadget_prefix

remote_access.host_talkgadget_prefix

remote_access.host_require_curtain

remote_access.host_require_curtain

remote_access.host_allow_client_pairing

remote_access.host_allow_client_pairing

remote_access.host_allow_gnubby_auth

remote_access.host_allow_gnubby_auth

remote_access.host_allow_relayed_connection

remote_access.host_allow_relayed_connection

remote_access.host_udp_port_range

remote_access.host_udp_port_range

printing.print_preview_sticky_settings

printing.print_preview_sticky_settings

cloud_print.dialog_size.width

cloud_print.dialog_size.width

cloud_print.dialog_size.height

cloud_print.dialog_size.height

cloud_print.signin_dialog_size.width

cloud_print.signin_dialog_size.width

cloud_print.signin_dialog_size.height

cloud_print.signin_dialog_size.height

cloud_print.enabled

cloud_print.enabled

cloud_print.proxy_id

cloud_print.proxy_id

cloud_print.auth_token

cloud_print.auth_token

cloud_print.xmpp_auth_token

cloud_print.xmpp_auth_token

cloud_print.email

cloud_print.email

cloud_print.print_system_settings

cloud_print.print_system_settings

cloud_print.enable_job_poll

cloud_print.enable_job_poll

cloud_print.robot_refresh_token

cloud_print.robot_refresh_token

cloud_print.robot_email

cloud_print.robot_email

cloud_print.user_settings.connectNewPrinters

cloud_print.user_settings.connectNewPrinters

cloud_print.xmpp_ping_enabled

cloud_print.xmpp_ping_enabled

cloud_print.xmpp_ping_timeout_sec

cloud_print.xmpp_ping_timeout_sec

cloud_print.user_settings.printers

cloud_print.user_settings.printers

cloud_print.submit_enabled

cloud_print.submit_enabled

cloud_print.user_settings

cloud_print.user_settings

net.max_connections_per_proxy

net.max_connections_per_proxy

hardware.audio_capture_enabled

hardware.audio_capture_enabled

hardware.audio_capture_allowed_urls

hardware.audio_capture_allowed_urls

hardware.video_capture_enabled

hardware.video_capture_enabled

hardware.video_capture_allowed_urls

hardware.video_capture_allowed_urls

hotword.search_enabled_2

hotword.search_enabled_2

hotword.always_on_search_enabled

hotword.always_on_search_enabled

hotword.audio_logging_enabled

hotword.audio_logging_enabled

hotword.audio_history_enabled

hotword.audio_history_enabled

hotword.previous_language

hotword.previous_language

browser.clear_lso_data_enabled

browser.clear_lso_data_enabled

browser.pepper_flash_settings_enabled

browser.pepper_flash_settings_enabled

browser.disk_cache_dir

browser.disk_cache_dir

browser.disk_cache_size

browser.disk_cache_size

browser.media_cache_size

browser.media_cache_size

cros.system.releaseChannel

cros.system.releaseChannel

feedback.performance_tracing_enabled

feedback.performance_tracing_enabled

background_contents.registered

background_contents.registered

browser.shown_autolaunch_infobar

browser.shown_autolaunch_infobar

auth.schemes

auth.schemes

auth.disable_negotiate_cname_lookup

auth.disable_negotiate_cname_lookup

auth.enable_negotiate_port

auth.enable_negotiate_port

auth.server_whitelist

auth.server_whitelist

auth.negotiate_delegate_whitelist

auth.negotiate_delegate_whitelist

auth.gssapi_library_name

auth.gssapi_library_name

auth.allow_cross_origin_prompt

auth.allow_cross_origin_prompt

async_dns.enabled

async_dns.enabled

custom_handlers.registered_protocol_handlers

custom_handlers.registered_protocol_handlers

custom_handlers.ignored_protocol_handlers

custom_handlers.ignored_protocol_handlers

custom_handlers.policy.registered_protocol_handlers

custom_handlers.policy.registered_protocol_handlers

custom_handlers.policy.ignored_protocol_handlers

custom_handlers.policy.ignored_protocol_handlers

custom_handlers.enabled

custom_handlers.enabled

background_mode.enabled

background_mode.enabled

hardware_acceleration_mode.enabled

hardware_acceleration_mode.enabled

policy.device_refresh_rate

policy.device_refresh_rate

message_center.showed_first_run_balloon

message_center.showed_first_run_balloon

message_center.show_icon

message_center.show_icon

message_center.was_forced_on_taskbar

message_center.was_forced_on_taskbar

browser.attempted_to_enable_autoupdate

browser.attempted_to_enable_autoupdate

media_galleries.gallery_id

media_galleries.gallery_id

media_galleries.remembered_galleries

media_galleries.remembered_galleries

media_galleries.last_scan_time

media_galleries.last_scan_time

shelf_chrome_icon_index

shelf_chrome_icon_index

gesture.max_separation_for_gesture_touches_in_pixels

gesture.max_separation_for_gesture_touches_in_pixels

gesture.semi_long_press_time_in_ms

gesture.semi_long_press_time_in_ms

gesture.tab_scrub_activation_delay_in_ms

gesture.tab_scrub_activation_delay_in_ms

gesture.fling_max_cancel_to_down_time_in_ms

gesture.fling_max_cancel_to_down_time_in_ms

gesture.fling_max_tap_gap_time_in_ms

gesture.fling_max_tap_gap_time_in_ms

overscroll.horizontal_threshold_complete

overscroll.horizontal_threshold_complete

overscroll.vertical_threshold_complete

overscroll.vertical_threshold_complete

overscroll.minimum_threshold_start

overscroll.minimum_threshold_start

overscroll.minimum_threshold_start_touchpad

overscroll.minimum_threshold_start_touchpad

overscroll.vertical_threshold_start

overscroll.vertical_threshold_start

overscroll.horizontal_resist_threshold

overscroll.horizontal_resist_threshold

overscroll.vertical_resist_threshold

overscroll.vertical_resist_threshold

network_profile.warnings_left

network_profile.warnings_left

network_profile.last_warning_time

network_profile.last_warning_time

app_list.profile

app_list.profile

app_list.last_launch_ping

app_list.last_launch_ping

app_list.launch_count

app_list.launch_count

app_list.last_app_launch_ping

app_list.last_app_launch_ping

app_list.app_launch_count

app_list.app_launch_count

apps.app_launcher.has_been_enabled

apps.app_launcher.has_been_enabled

app_list.how_enabled

app_list.how_enabled

app_list.when_enabled

app_list.when_enabled

apps.app_launcher.should_show_apps_page

apps.app_launcher.should_show_apps_page

apps.app_launcher.shortcut_version

apps.app_launcher.shortcut_version

app_launcher.show_promo

app_launcher.show_promo

apps.app_launcher.drive_app_mapping

apps.app_launcher.drive_app_mapping

apps.app_launcher.uninstalled_drive_apps

apps.app_launcher.uninstalled_drive_apps

apps.app_launch_for_metro_restart

apps.app_launch_for_metro_restart

apps.app_launch_for_metro_restart_profile

apps.app_launch_for_metro_restart_profile

apps.shortcuts_version

apps.shortcuts_version

module_conflict.bubble_shown

module_conflict.bubble_shown

settings.privacy.drm_salt

settings.privacy.drm_salt

settings.privacy.drm_enabled

settings.privacy.drm_enabled

profile.extensions.activity_log.num_consumers_active

profile.extensions.activity_log.num_consumers_active

proxy.quick_check_enabled

proxy.quick_check_enabled

profile.browser_guest_enabled

profile.browser_guest_enabled

profile.add_person_enabled

profile.add_person_enabled

easy_unlock.hardlock_state

easy_unlock.hardlock_state

password_bubble.timestamp

password_bubble.timestamp

password_bubble.nopes

password_bubble.nopes

password_bubble.interactions

password_bubble.interactions

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

function not supported

function not supported

operation canceled

operation canceled

address_family_not_supported

address_family_not_supported

operation_in_progress

operation_in_progress

operation_not_supported

operation_not_supported

protocol_not_supported

protocol_not_supported

operation_would_block

operation_would_block

address family not supported

address family not supported

broken pipe

broken pipe

inappropriate io control operation

inappropriate io control operation

not supported

not supported

operation in progress

operation in progress

operation not permitted

operation not permitted

operation not supported

operation not supported

operation would block

operation would block

protocol not supported

protocol not supported

GetProcessWindowStation

GetProcessWindowStation

operator

operator

%s-%Iu

%s-%Iu

\uX

\uX

Dictionary keys must be quoted.

Dictionary keys must be quoted.

Unsupported encoding. JSON must be UTF-8.

Unsupported encoding. JSON must be UTF-8.

full-memory-crash-report

full-memory-crash-report

(0x%X)

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

Error (0x%X) while retrieving error. (0x%X)

(%d = %3.1f%%)

(%d = %3.1f%%)

Histogram: %s recorded %d samples

Histogram: %s recorded %d samples

(flags = 0x%x)

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

PlatformFile.UnknownErrors.Windows

user32.dll

user32.dll

0123456789

0123456789

.thunks

.thunks

.syzygy

.syzygy

Line: %i, column: %i, %s

Line: %i, column: %i, %s

C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb

C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

SignalChromeElf

chrome_elf.dll

chrome_elf.dll

VERSION.dll

VERSION.dll

WINMM.dll

WINMM.dll

SHLWAPI.dll

SHLWAPI.dll

RegCreateKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

GetAsyncKeyState

GetAsyncKeyState

CloseWindowStation

CloseWindowStation

CreateWindowStationW

CreateWindowStationW

SetProcessWindowStation

SetProcessWindowStation

USER32.dll

USER32.dll

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryW

GetWindowsDirectoryW

CreateIoCompletionPort

CreateIoCompletionPort

GetProcessHandleCount

GetProcessHandleCount

KERNEL32.dll

KERNEL32.dll

USERENV.dll

USERENV.dll

WTSAPI32.dll

WTSAPI32.dll

GetCPInfo

GetCPInfo

SetNamedPipeHandleState

SetNamedPipeHandleState

TransactNamedPipe

TransactNamedPipe

WaitNamedPipeW

WaitNamedPipeW

.ep|.ep

.ep|.ep

%epD.ep

%epD.ep

zcÁ

zcÁ

#$( ....6/6////. )

#$( ....6/6////. )

2( ..////6//6

2( ..////6//6

( /.///6////

( /.///6////

(//.//6///.`

(//.//6///.`

55;;/?

55;;/?

55;;>;>/

55;;>;>/

K%u!Xp

K%u!Xp

)^%x>

)^%x>

@DQSSSSSQLLHHGG?332200--'

@DQSSSSSQLLHHGG?332200--'

BDRSSSSQLLPHH??332000-7.

BDRSSSSQLLPHH??332000-7.

6%%%%#%###!!

6%%%%#%###!!

122200.- *('%

122200.- *('%

35955220.- ('$

35955220.- ('$

79::995420.-*(&

79::995420.-*(&

|(==7:89?

|(==7:89?

ÞDDDCA)

ÞDDDCA)

= =$=(=,=0=4=8=]=

= =$=(=,=0=4=8=]=

>&>,>3>9>@>]>

>&>,>3>9>@>]>

01f1

01f1

3%3U3w3

3%3U3w3

9.:4:8:<:>

9.:4:8:<:>

registering_chrome

registering_chrome

uninstalling_chrome_frame

uninstalling_chrome_frame

echrmstp.exe

echrmstp.exe

{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}

{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}

app_host.exe

app_host.exe

chrome.dll

chrome.dll

chrome_child.dll

chrome_child.dll

npchrome_frame.dll

npchrome_frame.dll

chrome_frame_helper.dll

chrome_frame_helper.dll

chrome_frame_helper.exe

chrome_frame_helper.exe

ChromeFrameHelperWindowClass

ChromeFrameHelperWindowClass

chrome_launcher.exe

chrome_launcher.exe

metro_driver.dll

metro_driver.dll

new_chrome.exe

new_chrome.exe

old_chrome.exe

old_chrome.exe

delegate_execute.exe

delegate_execute.exe

nacl64.exe

nacl64.exe

setup.exe

setup.exe

InstallerSuccessLaunchCmdLine

InstallerSuccessLaunchCmdLine

{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}

{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}

ChromeCanary

ChromeCanary

ChromeSSHTM

ChromeSSHTM

Chrome Canary HTML Document

Chrome Canary HTML Document

{1BEAC3E3-B852-44F4-B468-8906C062422E}

{1BEAC3E3-B852-44F4-B468-8906C062422E}

AGoogle Chrome Canary

AGoogle Chrome Canary

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

-chrome

-chrome

-chromeframe

-chromeframe

{8A69D345-D564-463C-AFF1-A69D9E530F96}

{8A69D345-D564-463C-AFF1-A69D9E530F96}

{430FD4D0-B729-4F61-AA34-91526481799D}

{430FD4D0-B729-4F61-AA34-91526481799D}

GoogleUpdateSetup.exe

GoogleUpdateSetup.exe

CFEndTempOptOutCmd

CFEndTempOptOutCmd

CFOptInCmd

CFOptInCmd

CFOptOutCmd

CFOptOutCmd

CFTempOptOutCmd

CFTempOptOutCmd

UninstallCmdLine

UninstallCmdLine

WebAccessible

WebAccessible

{8A69D345-D564-463c-AFF1-A69D9E530F96}

{8A69D345-D564-463c-AFF1-A69D9E530F96}

ChromeHTML

ChromeHTML

Chrome HTML Document

Chrome HTML Document

{5C65F4B0-3651-4514-B207-D10CB699B14B}

{5C65F4B0-3651-4514-B207-D10CB699B14B}

hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall

hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall

%d.%d.%d

%d.%d.%d

Google Chrome

Google Chrome

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

DGoogle Chrome App Launcher

DGoogle Chrome App Launcher

ChromeAppList

ChromeAppList

tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher

tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher

{8BA986DA-5100-405E-AA35-86F34A02ACBF}

{8BA986DA-5100-405E-AA35-86F34A02ACBF}

DGoogle Chrome Frame

DGoogle Chrome Frame

Google\Chrome Frame

Google\Chrome Frame

Chrome in a Frame.

Chrome in a Frame.

Uninstall Chrome Frame

Uninstall Chrome Frame

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame

{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}

{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}

Google Chrome binaries

Google Chrome binaries

\\.\pipe\GoogleCrashServices\

\\.\pipe\GoogleCrashServices\

\\.\pipe\ChromeCrashServices

\\.\pipe\ChromeCrashServices

error %u

error %u

ntdll.dll

ntdll.dll

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_DYN_DATA

pipe\

pipe\

Bkernel32.dll

Bkernel32.dll

kernelbase.dll

kernelbase.dll

eKey

eKey

Ckernel32.dll

Ckernel32.dll

gdi32.dll

gdi32.dll

xntdll.dll

xntdll.dll

wow_helper.exe"

wow_helper.exe"

Cntdll.dll

Cntdll.dll

SOFTWARE\Policies\Google\Chrome

SOFTWARE\Policies\Google\Chrome

Chrome_StatusTrayWindow

Chrome_StatusTrayWindow

Reported Crashes.txt

Reported Crashes.txt

testing_interface.dll

testing_interface.dll

Origin Bound Certs

Origin Bound Certs

Certificate Revocation Lists

Certificate Revocation Lists

Custom Dictionary.txt

Custom Dictionary.txt

Login Data

Login Data

Cached Theme.pak

Cached Theme.pak

Web Applications

Web Applications

pepflashplayer.dll

pepflashplayer.dll

Software\Google\Chrome\Metro

Software\Google\Chrome\Metro

CHROME_METRO_NAV_SEARCH_REQUEST

CHROME_METRO_NAV_SEARCH_REQUEST

CHROME_METRO_GET_CURRENT_TAB_INFO

CHROME_METRO_GET_CURRENT_TAB_INFO

Software\Google\Chrome\BrowserCrashDumpAttempts

Software\Google\Chrome\BrowserCrashDumpAttempts

${windows}

${windows}

hunspecified-crash-key

hunspecified-crash-key

Dmscoree.dll

Dmscoree.dll

IADVAPI32.DLL

IADVAPI32.DLL

- floating point support not loaded

- floating point support not loaded

- CRT not initialized

- CRT not initialized

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

USER32.DLL

USER32.DLL

portuguese-brazilian

portuguese-brazilian

dbghelp.dll

dbghelp.dll

rpcrt4.dll

rpcrt4.dll

%s\%s.dmp

%s\%s.dmp

x-x-x-xx-xxxxxx

x-x-x-xx-xxxxxx

Chrome_MessageWindow

Chrome_MessageWindow

sSoftware\Microsoft\Windows\CurrentVersion\Run

sSoftware\Microsoft\Windows\CurrentVersion\Run

.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32

.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32

Chrome_MessagePumpWindow_%p

Chrome_MessagePumpWindow_%p

Ndebug.log

Ndebug.log

.\debug.log

.\debug.log

\StringFileInfo\xx\%ls

\StringFileInfo\xx\%ls

%Program Files%\Google\Chrome\Application\chrome.exe

%Program Files%\Google\Chrome\Application\chrome.exe

chrome_exe

chrome_exe

chrome.exe_2704_rwx_04C0A000_00078000:

WebK

WebK

chrome.exe_2704_rwx_34C0A000_000F5000:

PSSSh

PSSSh

-%0U$

-%0U$

-%1U$

-%1U$

-%4U$

-%4U$

-%6U$

-%6U$

-%7U$

-%7U$

-I}V$

-I}V$

-u}V$

-u}V$

chrome.exe_2704_rwx_3590A000_000F5000:

-%cq4

-%cq4

-%Ur4

-%Ur4

-5}r4

-5}r4

-E}r4

-E}r4

-U}r4

-U}r4

-a}r4

-a}r4

-y}r4

-y}r4

-)%s4

-)%s4

-5%s4

-5%s4

-E%s4

-E%s4

-Q%s4

-Q%s4

-]%s4

-]%s4

-i%s4

-i%s4

-y%s4

-y%s4

-%0s4

-%0s4

-%4s4

-%4s4

-%7s4

-%7s4

-%Ss4

-%Ss4

-%Us4

-%Us4

h%Dt4h}

h%Dt4h}

-%St4

-%St4

-%Ut4

-%Ut4

-Itt4}

-Itt4}