Trojan.Generic.5535755_b69fc8828b

by malwarelabrobot on July 25th, 2017 in Malware Descriptions.

Trojan.Generic.5535755 (BitDefender), Trojan:Win32/EyeStye!rfn (Microsoft), Trojan.Win32.VBKrypt.bxdp (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Trojan.Inject.26424 (DrWeb), Trojan.Generic.5535755 (B) (Emsisoft), PWS-Spyeye.q (McAfee), Backdoor.Solidrat (Symantec), Trojan-Dropper.SuspectCRC (Ikarus), Trojan.Generic.5535755 (FSecure), Win32:Malware-gen (AVG), Win32:Malware-gen (Avast), TROJ_VBKRYPT.LX (TrendMicro), Trojan.Generic.5535755 (AdAware), GenericInjector.YR, GenericIRCBot.YR, GenericDownloader.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan, Backdoor, IRCBot, Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: b69fc8828bca1d4a6cbeb135616c1260
SHA1: 10abcc521509897606a924d2b622645e788f7445
SHA256: c46033ee374ad3a798536723b9f6aa8f2d87a96676b24444e843ca65cc579962
SSDeep: 12288:4wUxk43xX6AZMI1mWECZGcrhbuhSYRRnOZPHLD7NOptoSI:mxR3x kmIZdVKjjA7D
Size: 457181 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-02-26 01:36:58
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
IRCBot A bot can communicate with command and control servers via IRC channel.


Process activity

The Trojan creates the following process(es):

%original file name%.exe:1796
chrome.exe:160

The Trojan injects its code into the following process(es):

chrome.exe:1388
taskmgr.exe:3572

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1796 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.exe (2779 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.bat (172 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.txt (170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.txt (2684 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.bat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.txt (0 bytes)

The process chrome.exe:1388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\bin.txt (0 bytes)

Registry activity

The process %original file name%.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process chrome.exe:1388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "2"
"failed_count" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\WindowsName]
"Tag" = "C7mj"
"ID" = "fahey"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\WindowsName]
"Tag"

Dropped PE files

MD5 File path
d81e4cfa7526732530004028b48d7f37 c:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ZZFQKJBYO
Product Name: MXOVJLHSA
Product Version: 19.16.0010
Legal Copyright:
Legal Trademarks:
Original Filename: pzcrytd.exe
Internal Name: pzcrytd
File Version: 19.16.0010
File Description: VDLMDBERV
Comments: QPHUNGEJE
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 2256896 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 2260992 454656 452608 5.5444 99bf985a6d8f4482861560d1f215ec3b
.rsrc 2715648 4096 3072 2.18216 571bd71983eb9e2a393206bb21311381

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 52
c546c8c4139a0a94c25a9ca06a12746a
a8da741eaf3a37a811b4cfe1a446d480
aa4335b53bd6a5b2b9726b4610f927c0
a9ca7214a9437dafd66e295539fd22e0
b8b1db5dd92d7975c6fda162a9ab9c60
b8afdfd4297e0cade4526b487f96cba0
b9f1b78de71c1bcf2aab21670fe94f00
ab44f6f7fa1e880c0d3618ea3580f800
eb7b1ac21d0d7bf3ce6e11f51f8d02d0
b531c0f74e13d4c72aa3b1e21f285a90
aecfb5b42a5b642f0695c31627463e80
c237d3e79d2aeac5515a2fa575165200
bb7ed0dfa96c81ca1ddf0ea4dbc6c070
d37e9ae40649267f87fcceaa0c234f20
d3518e131aa0d0ee3e8732e211de48c0
da136cf293e630beb1573d09a9226700
dc003cccb67e09feffa835d0c12ee7b0
bd5d0b95d405ea682a91b16b7a740a60
be423485643cb87000ac9f1cf8e632a0
cf588d1add54d718aa592df22887e010
d0aecfb40ee30165c0c356d7d871d370
cfc9faf7593823856a53f64658d3b670
ed8805d53b7d7fa541fdb7c3d745af80
e34cef32b51b501b58df9424b4184ca0
eb1070334665efb7350bb547de4243f0

URLs

URL IP
solitude69.no-ip.org


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

The Trojan connects to the servers at the folowing location(s):

taskmgr.exe_3572:

`.rsrc
.MT.w
advapi32.dll/
)>VBA6.DLL
Studp
advapi32.dll
ntdll.dll
VBA6.DLL
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
shell32.dll
ShellExecuteEx
.text
`.data
.rsrc
$%(88%c
`.datas
KERNEL32.DLL
MSVBVM60.DLL
\NTDETECT.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
WScript.Shell
explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Scripting.FileSystemObject
Explorer.exe,
1.0.0.0
CRITICTest.exe

taskmgr.exe_3572_rwx_00400000_00009000:

`.rsrc
.MT.w
advapi32.dll/
)>VBA6.DLL
Studp
advapi32.dll
ntdll.dll
VBA6.DLL
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
shell32.dll
ShellExecuteEx
.text
`.data
.rsrc
$%(88%c
`.datas
KERNEL32.DLL
MSVBVM60.DLL
\NTDETECT.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
WScript.Shell
explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Scripting.FileSystemObject
Explorer.exe,
1.0.0.0
CRITICTest.exe

chrome.exe_1388:

.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
D$,j.Xf
j.Yf;
_tcPVj@
.PjRW
ole32.dll
POWRPROF.dll
address family not supported
broken pipe
function not supported
inappropriate io control operation
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
InitOnceExecuteOnce
operator
operator ""
?#%X.y
%S#[k
?OLEAUT32.dll
user32.dll
c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win-pgo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
0.8.0
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
PlatformFile.UnknownErrors.Windows
c:\b\build\slave\win-pgo\build\src\base\threading\thread_local_win.cc
0123456789
(flags = 0x%x)
Histogram: %s recorded %d samples
.syzygy
.thunks
Windows NT
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
c:\b\build\slave\win-pgo\build\src\base\metrics\persistent_memory_allocator.cc
(%d = %3.1f%%)
UMA.CreatePersistentHistogram.Result
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
widevinecdmadapter.dll
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
googlechromeframe
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\language_selector.cc
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_commands.cc
Cannot initialize AppCommands from an invalid key.
Skipping over key "
Failed to open key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_command.cc
CHROME_MAIN_TICKS
user_experience_metrics.reporting_enabled
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
duplicate key
--annotation requires KEY=VALUE
--handshake-handle and --pipe-name are incompatible
--handshake-handle or --pipe-name is required
SetProcessShutdownParameters
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
FinishedWritingCrashReport failed
PrepareNewCrashReport failed
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s.%s,%s,%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\module_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\capture_memory.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
kernel32.dll
c:\b\build\slave\win-pgo\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
GetCertificateSize
GetCertificate
GetCertificateSizeByHandle
GetCertificateByHandle
SetOPMSigningKeyAndSequenceNumbers
CreateNamedPipeW
NtOpenKeyEx
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
0x%llx   0x%llx (%s)
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
<failed to retrieve error message (0x%x)>
(0xx)
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
SetNamedPipeHandleState
WaitNamedPipe
TransactNamedPipe: expected
TransactNamedPipe
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
InvokeMainViaCRT
ExitMainViaCRT
Microsoft.CRTProvider
C:\b\build\slave\win-pgo\build\src\out\Release\initialexe\chrome.exe.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLB
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.didat$5
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
chrome.exe
SignalChromeElf
chrome_elf.dll
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
ADVAPI32.dll
CreateIoCompletionPort
GetWindowsDirectoryW
GetProcessHandleCount
KERNEL32.dll
ShellExecuteExW
SHELL32.dll
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
SetProcessWindowStation
USER32.dll
VERSION.dll
WINMM.dll
WTSAPI32.dll
RPCRT4.dll
GetCPInfo
GetProcessHeap
PeekNamedPipe
DisconnectNamedPipe
WaitNamedPipeW
WINHTTP.dll
.?AU_Crt_new_delete@std@@
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="54.0.2840.59" version="54.0.2840.59" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
3 3*363@3
6 6%6-646
-0F3K4U4g4m4r4}4
1$3 303{3
081?1_1?3
4!4%4)4{4
9—9d9
; <0<6<;<
<&=.=6=>=~=
? ?$?(?,?
5 5$5(5,5
5 5$5(5,5054585
9,9094989
< <$<(<,<0<4<
4 4<4@4\4`4|4
5 5<5@5\5`5|5
KERNEL32.DLL
mscoree.dll
ext-ms-win-ntuser-windowstation-l1-1-0
portuguese-brazilian
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
nchrome_watcher.dll
PreReadChromeChildInBrowser
${windows}
Ndebug.log
\StringFileInfo\xx\%ls
ntdll.dll
shell32.dll
resources.pak
script.log
chrome
pepflashplayer.dll
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Chrome
chrome_child.dll
chrome.dll
Google Chrome Canary
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
Chrome Canary HTML Document
ChromeSSHTM
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
Google Chrome
%d.%d.%d
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
ChromeHTML
Chrome HTML Document
{8A69D345-D564-463c-AFF1-A69D9E530F96}
{5C65F4B0-3651-4514-B207-D10CB699B14B}
Google Chrome Frame
Chrome in a Frame.
Google\Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
WebAccessible
-chromeframe
-chrome
lSOFTWARE\Policies\Google\Chrome
reports
settings.dat
ALPC Port
\Sessions\%d\AppContainerNamedObjects\%ls
sHKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
egdi32.dll
tntdll.dll
xntdll.dll
Chrome_MessageWindow
Failed to create directory %ls, last error is %d
Chrome SxS\Application
winhttp.dll
54.0.2840.59
chrome_exe

chrome.exe_1388_rwx_00060000_00001000:

kernel32.dll

chrome.exe_160:

.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
D$,j.Xf
j.Yf;
_tcPVj@
.PjRW
ole32.dll
POWRPROF.dll
address family not supported
broken pipe
function not supported
inappropriate io control operation
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
InitOnceExecuteOnce
operator
operator ""
?#%X.y
%S#[k
?OLEAUT32.dll
user32.dll
c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win-pgo\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
0.8.0
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
PlatformFile.UnknownErrors.Windows
c:\b\build\slave\win-pgo\build\src\base\threading\thread_local_win.cc
0123456789
(flags = 0x%x)
Histogram: %s recorded %d samples
.syzygy
.thunks
Windows NT
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
c:\b\build\slave\win-pgo\build\src\base\metrics\persistent_memory_allocator.cc
(%d = %3.1f%%)
UMA.CreatePersistentHistogram.Result
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
widevinecdmadapter.dll
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
googlechromeframe
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\language_selector.cc
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_commands.cc
Cannot initialize AppCommands from an invalid key.
Skipping over key "
Failed to open key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_command.cc
CHROME_MAIN_TICKS
user_experience_metrics.reporting_enabled
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
duplicate key
--annotation requires KEY=VALUE
--handshake-handle and --pipe-name are incompatible
--handshake-handle or --pipe-name is required
SetProcessShutdownParameters
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
FinishedWritingCrashReport failed
PrepareNewCrashReport failed
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s.%s,%s,%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\module_snapshot_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\capture_memory.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
kernel32.dll
c:\b\build\slave\win-pgo\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
GetCertificateSize
GetCertificate
GetCertificateSizeByHandle
GetCertificateByHandle
SetOPMSigningKeyAndSequenceNumbers
CreateNamedPipeW
NtOpenKeyEx
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
0x%llx   0x%llx (%s)
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
<failed to retrieve error message (0x%x)>
(0xx)
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
SetNamedPipeHandleState
WaitNamedPipe
TransactNamedPipe: expected
TransactNamedPipe
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
InvokeMainViaCRT
ExitMainViaCRT
Microsoft.CRTProvider
C:\b\build\slave\win-pgo\build\src\out\Release\initialexe\chrome.exe.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLB
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.didat$5
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
chrome.exe
SignalChromeElf
chrome_elf.dll
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
ADVAPI32.dll
CreateIoCompletionPort
GetWindowsDirectoryW
GetProcessHandleCount
KERNEL32.dll
ShellExecuteExW
SHELL32.dll
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
SetProcessWindowStation
USER32.dll
VERSION.dll
WINMM.dll
WTSAPI32.dll
RPCRT4.dll
GetCPInfo
GetProcessHeap
PeekNamedPipe
DisconnectNamedPipe
WaitNamedPipeW
WINHTTP.dll
.?AU_Crt_new_delete@std@@
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="54.0.2840.59" version="54.0.2840.59" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
3 3*363@3
6 6%6-646
-0F3K4U4g4m4r4}4
1$3 303{3
081?1_1?3
4!4%4)4{4
9—9d9
; <0<6<;<
<&=.=6=>=~=
? ?$?(?,?
5 5$5(5,5
5 5$5(5,5054585
9,9094989
< <$<(<,<0<4<
4 4<4@4\4`4|4
5 5<5@5\5`5|5
KERNEL32.DLL
mscoree.dll
ext-ms-win-ntuser-windowstation-l1-1-0
portuguese-brazilian
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
nchrome_watcher.dll
PreReadChromeChildInBrowser
${windows}
Ndebug.log
\StringFileInfo\xx\%ls
ntdll.dll
shell32.dll
resources.pak
script.log
chrome
pepflashplayer.dll
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Chrome
chrome_child.dll
chrome.dll
Google Chrome Canary
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
Chrome Canary HTML Document
ChromeSSHTM
{1BEAC3E3-B852-44F4-B468-8906C062422E}
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
Google Chrome
%d.%d.%d
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
ChromeHTML
Chrome HTML Document
{8A69D345-D564-463c-AFF1-A69D9E530F96}
{5C65F4B0-3651-4514-B207-D10CB699B14B}
Google Chrome Frame
Chrome in a Frame.
Google\Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
WebAccessible
-chromeframe
-chrome
lSOFTWARE\Policies\Google\Chrome
reports
settings.dat
ALPC Port
\Sessions\%d\AppContainerNamedObjects\%ls
sHKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
egdi32.dll
tntdll.dll
xntdll.dll
Chrome_MessageWindow
Failed to create directory %ls, last error is %d
Chrome SxS\Application
winhttp.dll
%Program Files%\Google\Chrome\Application\chrome.exe
54.0.2840.59
chrome_exe

chrome.exe_1388_rwx_001A0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00370000_00001000:

kernel32.dll

chrome.exe_1388_rwx_003B0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_003F0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00430000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00470000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00590000_00001000:

kernel32.dll

chrome.exe_1388_rwx_005D0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00610000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00B30000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00B70000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00BB0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00BF0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00C30000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00C70000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00CB0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00CF0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00D30000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00D70000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00DB0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00DF0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00E30000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00E70000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00EB0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00EF0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00F30000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00F70000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00FB0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_00FF0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_01030000_00001000:

kernel32.dll

chrome.exe_1388_rwx_01070000_00001000:

kernel32.dll

chrome.exe_1388_rwx_010B0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_010F0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_01130000_00001000:

kernel32.dll

chrome.exe_1388_rwx_01170000_00001000:

kernel32.dll

chrome.exe_1388_rwx_011B0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_011E0000_00001000:

user32.dll

chrome.exe_1388_rwx_01210000_00001000:

GetKeyboardType

chrome.exe_1388_rwx_01220000_00001000:

user32.dll

chrome.exe_1388_rwx_01260000_00001000:

user32.dll

chrome.exe_1388_rwx_012A0000_00001000:

user32.dll

chrome.exe_1388_rwx_020C0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02100000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02130000_00001000:

RegOpenKeyExA

chrome.exe_1388_rwx_02140000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02170000_00001000:

RegCloseKey

chrome.exe_1388_rwx_02180000_00001000:

advapi32.dll

chrome.exe_1388_rwx_021B0000_00001000:

oleaut32.dll

chrome.exe_1388_rwx_021F0000_00001000:

oleaut32.dll

chrome.exe_1388_rwx_02230000_00001000:

oleaut32.dll

chrome.exe_1388_rwx_02270000_00001000:

oleaut32.dll

chrome.exe_1388_rwx_023A0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_023E0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02420000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02460000_00001000:

kernel32.dll

chrome.exe_1388_rwx_026A0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_026E0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02720000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02750000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02790000_00001000:

advapi32.dll

chrome.exe_1388_rwx_027D0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02800000_00001000:

RegQueryInfoKeyA

chrome.exe_1388_rwx_02810000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02840000_00001000:

RegOpenKeyExA

chrome.exe_1388_rwx_02950000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02980000_00001000:

RegFlushKey

chrome.exe_1388_rwx_02990000_00001000:

advapi32.dll

chrome.exe_1388_rwx_029D0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02A00000_00001000:

RegEnumKeyExA

chrome.exe_1388_rwx_02A10000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02A50000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02A80000_00001000:

RegDeleteKeyA

chrome.exe_1388_rwx_02A90000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02AC0000_00001000:

RegCreateKeyExA

chrome.exe_1388_rwx_02AD0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02B00000_00001000:

RegCreateKeyA

chrome.exe_1388_rwx_02B10000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02B40000_00001000:

RegCloseKey

chrome.exe_1388_rwx_02B50000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02B90000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02BD0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02C10000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02C50000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02C90000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02CD0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02D10000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02D50000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02D90000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02DD0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02E10000_00001000:

advapi32.dll

chrome.exe_1388_rwx_02E40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02E80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02EC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02F00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02F30000_00001000:

WinExec

chrome.exe_1388_rwx_02F40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02F80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_02FC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03100000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03140000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03180000_00001000:

kernel32.dll

chrome.exe_1388_rwx_031C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03200000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03240000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03280000_00001000:

kernel32.dll

chrome.exe_1388_rwx_032C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03300000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03340000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03380000_00001000:

kernel32.dll

chrome.exe_1388_rwx_033C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03400000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03440000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03480000_00001000:

kernel32.dll

chrome.exe_1388_rwx_034C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03500000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03540000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03580000_00001000:

kernel32.dll

chrome.exe_1388_rwx_035C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03600000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03640000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03670000_00001000:

PeekNamedPipe

chrome.exe_1388_rwx_03680000_00001000:

kernel32.dll

chrome.exe_1388_rwx_036C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03700000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03740000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03780000_00001000:

kernel32.dll

chrome.exe_1388_rwx_037C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03800000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03840000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03880000_00001000:

kernel32.dll

chrome.exe_1388_rwx_038C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03900000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03940000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03980000_00001000:

kernel32.dll

chrome.exe_1388_rwx_039C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03A00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03A40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03A80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03AC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03B00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03B40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03B80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03BC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03C00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03C40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03C80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03CC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03D00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03D40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03D80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03DC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03E00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03E40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03E80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03EC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03F00000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03F40000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03F80000_00001000:

kernel32.dll

chrome.exe_1388_rwx_03FC0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04000000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04040000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04080000_00001000:

kernel32.dll

chrome.exe_1388_rwx_040C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04100000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04140000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04180000_00001000:

kernel32.dll

chrome.exe_1388_rwx_041C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04200000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04240000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04280000_00001000:

kernel32.dll

chrome.exe_1388_rwx_042C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04300000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04340000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04380000_00001000:

kernel32.dll

chrome.exe_1388_rwx_043C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04400000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04440000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04480000_00001000:

kernel32.dll

chrome.exe_1388_rwx_044C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04500000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04540000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04580000_00001000:

kernel32.dll

chrome.exe_1388_rwx_045C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_045F0000_00001000:

CreatePipe

chrome.exe_1388_rwx_04600000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04640000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04680000_00001000:

kernel32.dll

chrome.exe_1388_rwx_046C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04700000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04740000_00001000:

kernel32.dll

chrome.exe_1388_rwx_04780000_00001000:

kernel32.dll

chrome.exe_1388_rwx_047C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_047F0000_00001000:

mpr.dll

chrome.exe_1388_rwx_04830000_00001000:

mpr.dll

chrome.exe_1388_rwx_04970000_00001000:

mpr.dll

chrome.exe_1388_rwx_049B0000_00001000:

mpr.dll

chrome.exe_1388_rwx_049F0000_00001000:

mpr.dll

chrome.exe_1388_rwx_04A20000_00001000:

version.dll

chrome.exe_1388_rwx_04A60000_00001000:

version.dll

chrome.exe_1388_rwx_04AA0000_00001000:

version.dll

chrome.exe_1388_rwx_04AE0000_00001000:

version.dll

chrome.exe_1388_rwx_04B10000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04C50000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04C90000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04DD0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04E10000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04E50000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04E90000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04ED0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04F10000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04F50000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04F90000_00001000:

gdi32.dll

chrome.exe_1388_rwx_04FD0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05010000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05050000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05090000_00001000:

gdi32.dll

chrome.exe_1388_rwx_050D0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05110000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05150000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05190000_00001000:

gdi32.dll

chrome.exe_1388_rwx_051D0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05210000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05250000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05290000_00001000:

gdi32.dll

chrome.exe_1388_rwx_052D0000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05310000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05350000_00001000:

gdi32.dll

chrome.exe_1388_rwx_05390000_00001000:

gdi32.dll

chrome.exe_1388_rwx_053C0000_00001000:

user32.dll

chrome.exe_1388_rwx_05400000_00001000:

user32.dll

chrome.exe_1388_rwx_05440000_00001000:

user32.dll

chrome.exe_1388_rwx_05480000_00001000:

user32.dll

chrome.exe_1388_rwx_054B0000_00001000:

keybd_event

chrome.exe_1388_rwx_054C0000_00001000:

user32.dll

chrome.exe_1388_rwx_054F0000_00001000:

VkKeyScanA

chrome.exe_1388_rwx_05500000_00001000:

user32.dll

chrome.exe_1388_rwx_05640000_00001000:

user32.dll

chrome.exe_1388_rwx_05680000_00001000:

user32.dll

chrome.exe_1388_rwx_056C0000_00001000:

user32.dll

chrome.exe_1388_rwx_05700000_00001000:

user32.dll

chrome.exe_1388_rwx_05740000_00001000:

user32.dll

chrome.exe_1388_rwx_05780000_00001000:

user32.dll

chrome.exe_1388_rwx_057C0000_00001000:

user32.dll

chrome.exe_1388_rwx_05800000_00001000:

user32.dll

chrome.exe_1388_rwx_05840000_00001000:

user32.dll

chrome.exe_1388_rwx_05880000_00001000:

user32.dll

chrome.exe_1388_rwx_058B0000_00001000:

SetKeyboardState

chrome.exe_1388_rwx_058C0000_00001000:

user32.dll

chrome.exe_1388_rwx_05900000_00001000:

user32.dll

chrome.exe_1388_rwx_05940000_00001000:

user32.dll

chrome.exe_1388_rwx_05980000_00001000:

user32.dll

chrome.exe_1388_rwx_059C0000_00001000:

user32.dll

chrome.exe_1388_rwx_05A00000_00001000:

user32.dll

chrome.exe_1388_rwx_05A40000_00001000:

user32.dll

chrome.exe_1388_rwx_05A80000_00001000:

user32.dll

chrome.exe_1388_rwx_05AC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05B00000_00001000:

user32.dll

chrome.exe_1388_rwx_05B40000_00001000:

user32.dll

chrome.exe_1388_rwx_05B80000_00001000:

user32.dll

chrome.exe_1388_rwx_05BC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05C00000_00001000:

user32.dll

chrome.exe_1388_rwx_05C30000_00001000:

MsgWaitForMultipleObjects

chrome.exe_1388_rwx_05C40000_00001000:

user32.dll

chrome.exe_1388_rwx_05C80000_00001000:

user32.dll

chrome.exe_1388_rwx_05CB0000_00001000:

MapVirtualKeyExA

chrome.exe_1388_rwx_05CC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05CF0000_00001000:

MapVirtualKeyA

chrome.exe_1388_rwx_05D00000_00001000:

user32.dll

chrome.exe_1388_rwx_05D40000_00001000:

user32.dll

chrome.exe_1388_rwx_05D80000_00001000:

user32.dll

chrome.exe_1388_rwx_05DC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05E00000_00001000:

user32.dll

chrome.exe_1388_rwx_05E40000_00001000:

user32.dll

chrome.exe_1388_rwx_05E80000_00001000:

user32.dll

chrome.exe_1388_rwx_05EC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05F00000_00001000:

user32.dll

chrome.exe_1388_rwx_05F40000_00001000:

user32.dll

chrome.exe_1388_rwx_05F80000_00001000:

user32.dll

chrome.exe_1388_rwx_05FC0000_00001000:

user32.dll

chrome.exe_1388_rwx_05FF0000_00001000:

GetKeyboardState

chrome.exe_1388_rwx_06000000_00001000:

user32.dll

chrome.exe_1388_rwx_06030000_00001000:

GetKeyboardLayout

chrome.exe_1388_rwx_06040000_00001000:

user32.dll

chrome.exe_1388_rwx_06070000_00001000:

GetKeyState

chrome.exe_1388_rwx_06080000_00001000:

user32.dll

chrome.exe_1388_rwx_060C0000_00001000:

user32.dll

chrome.exe_1388_rwx_06100000_00001000:

user32.dll

chrome.exe_1388_rwx_06140000_00001000:

user32.dll

chrome.exe_1388_rwx_06180000_00001000:

user32.dll

chrome.exe_1388_rwx_061C0000_00001000:

user32.dll

chrome.exe_1388_rwx_06200000_00001000:

user32.dll

chrome.exe_1388_rwx_06240000_00001000:

user32.dll

chrome.exe_1388_rwx_06270000_00001000:

GetAsyncKeyState

chrome.exe_1388_rwx_06280000_00001000:

user32.dll

chrome.exe_1388_rwx_062C0000_00001000:

user32.dll

chrome.exe_1388_rwx_062F0000_00001000:

ExitWindowsEx

chrome.exe_1388_rwx_06300000_00001000:

user32.dll

chrome.exe_1388_rwx_06330000_00001000:

EnumWindows

chrome.exe_1388_rwx_06340000_00001000:

user32.dll

chrome.exe_1388_rwx_06380000_00001000:

user32.dll

chrome.exe_1388_rwx_063C0000_00001000:

user32.dll

chrome.exe_1388_rwx_06400000_00001000:

user32.dll

chrome.exe_1388_rwx_06440000_00001000:

user32.dll

chrome.exe_1388_rwx_06480000_00001000:

user32.dll

chrome.exe_1388_rwx_064C0000_00001000:

user32.dll

chrome.exe_1388_rwx_06500000_00001000:

user32.dll

chrome.exe_1388_rwx_06540000_00001000:

user32.dll

chrome.exe_1388_rwx_06580000_00001000:

user32.dll

chrome.exe_1388_rwx_065C0000_00001000:

user32.dll

chrome.exe_1388_rwx_06600000_00001000:

user32.dll

chrome.exe_1388_rwx_06630000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06770000_00001000:

wsock32.dll

chrome.exe_1388_rwx_067B0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_067F0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06830000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06870000_00001000:

wsock32.dll

chrome.exe_1388_rwx_068B0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_068F0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06920000_00001000:

getservbyport

chrome.exe_1388_rwx_06930000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06970000_00001000:

wsock32.dll

chrome.exe_1388_rwx_069B0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_069F0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06A30000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06A70000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06AB0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06AF0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06B30000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06B70000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06BB0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06BF0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06C30000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06C70000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06CB0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06CF0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06D30000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06D70000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06DB0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06DF0000_00001000:

wsock32.dll

chrome.exe_1388_rwx_06E20000_00001000:

shell32.dll

chrome.exe_1388_rwx_06E50000_00001000:

ShellExecuteA

chrome.exe_1388_rwx_06E60000_00001000:

shell32.dll

chrome.exe_1388_rwx_06EA0000_00001000:

shell32.dll

chrome.exe_1388_rwx_06ED0000_00001000:

SHFileOperationA

chrome.exe_1388_rwx_06EE0000_00001000:

shell32.dll

chrome.exe_1388_rwx_06F20000_00001000:

shell32.dll

chrome.exe_1388_rwx_07050000_00001000:

wininet.dll

chrome.exe_1388_rwx_07090000_00001000:

wininet.dll

chrome.exe_1388_rwx_070D0000_00001000:

wininet.dll

chrome.exe_1388_rwx_07100000_00001000:

InternetOpenUrlA

chrome.exe_1388_rwx_07110000_00001000:

wininet.dll

chrome.exe_1388_rwx_07150000_00001000:

wininet.dll

chrome.exe_1388_rwx_07190000_00001000:

wininet.dll

chrome.exe_1388_rwx_071D0000_00001000:

wininet.dll

chrome.exe_1388_rwx_07300000_00001000:

HttpSendRequestA

chrome.exe_1388_rwx_07310000_00001000:

wininet.dll

chrome.exe_1388_rwx_07340000_00001000:

HttpQueryInfoA

chrome.exe_1388_rwx_07350000_00001000:

wininet.dll

chrome.exe_1388_rwx_07380000_00001000:

HttpOpenRequestA

chrome.exe_1388_rwx_07390000_00001000:

wininet.dll

chrome.exe_1388_rwx_073C0000_00001000:

HttpAddRequestHeadersA

chrome.exe_1388_rwx_073D0000_00001000:

wininet.dll

chrome.exe_1388_rwx_07400000_00001000:

FtpSetCurrentDirectoryA

chrome.exe_1388_rwx_07410000_00001000:

wininet.dll

chrome.exe_1388_rwx_07440000_00001000:

FtpPutFileA

chrome.exe_1388_rwx_07450000_00001000:

wininet.dll

chrome.exe_1388_rwx_07480000_00001000:

FtpOpenFileA

chrome.exe_1388_rwx_07490000_00001000:

wininet.dll

chrome.exe_1388_rwx_074C0000_00001000:

FtpFindFirstFileA

chrome.exe_1388_rwx_074D0000_00001000:

wininet.dll

chrome.exe_1388_rwx_07500000_00001000:

FindCloseUrlCache

chrome.exe_1388_rwx_07510000_00001000:

wininet.dll

chrome.exe_1388_rwx_07540000_00001000:

kernel32.dll

chrome.exe_1388_rwx_07580000_00001000:

kernel32.dll

chrome.exe_1388_rwx_075B0000_00001000:

shell32.dll

chrome.exe_1388_rwx_075F0000_00001000:

shell32.dll

chrome.exe_1388_rwx_07630000_00001000:

shell32.dll

chrome.exe_1388_rwx_07760000_00001000:

wininet.dll

chrome.exe_1388_rwx_07790000_00001000:

FindNextUrlCacheEntryA

chrome.exe_1388_rwx_077A0000_00001000:

wininet.dll

chrome.exe_1388_rwx_077D0000_00001000:

FindFirstUrlCacheEntryA

chrome.exe_1388_rwx_079E0000_00001000:

wininet.dll

chrome.exe_1388_rwx_07A10000_00001000:

Crypt32.dll

chrome.exe_1388_rwx_07A50000_00001000:

Crypt32.dll

chrome.exe_1388_rwx_07A80000_00001000:

crypt32.dll

chrome.exe_1388_rwx_07BC0000_00001000:

crypt32.dll

chrome.exe_1388_rwx_07BF0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07C30000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07C70000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07CB0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07DF0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07E30000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07E70000_00001000:

advapi32.dll

chrome.exe_1388_rwx_07EA0000_00001000:

URLMON.DLL

chrome.exe_1388_rwx_07ED0000_00001000:

URLDownloadToFileA

chrome.exe_1388_rwx_07EE0000_00001000:

URLMON.DLL

chrome.exe_1388_rwx_08110000_00001000:

ntdll.dll

chrome.exe_1388_rwx_08150000_00001000:

ntdll.dll

chrome.exe_1388_rwx_08180000_00001000:

kernel32.dll

chrome.exe_1388_rwx_082C0000_00001000:

kernel32.dll

chrome.exe_1388_rwx_08300000_00001000:

kernel32.dll

chrome.exe_1388_rwx_08430000_00001000:

ntdll.dll

chrome.exe_1388_rwx_08470000_00001000:

ntdll.dll

chrome.exe_1388_rwx_084B0000_00001000:

ntdll.dll

chrome.exe_1388_rwx_084E0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08520000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08550000_00001000:

netapi32.dll

chrome.exe_1388_rwx_08590000_00001000:

netapi32.dll

chrome.exe_1388_rwx_086D0000_00001000:

netapi32.dll

chrome.exe_1388_rwx_08700000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08740000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08780000_00001000:

advapi32.dll

chrome.exe_1388_rwx_087C0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08800000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08A40000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08A80000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08AC0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08C00000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08C40000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08C80000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08CC0000_00001000:

advapi32.dll

chrome.exe_1388_rwx_08CF0000_00001000:

iphlpapi.dll

chrome.exe_1388_rwx_08D30000_00001000:

iphlpapi.dll

chrome.exe_1388_rwx_08D60000_00001000:

winmm.dll

chrome.exe_1388_rwx_08DA0000_00001000:

winmm.dll

chrome.exe_1388_rwx_08EE0000_00001000:

winmm.dll

chrome.exe_1388_rwx_08F20000_00001000:

winmm.dll

chrome.exe_1388_rwx_08F60000_00001000:

winmm.dll

chrome.exe_1388_rwx_090A0000_00001000:

winmm.dll

chrome.exe_1388_rwx_090E0000_00001000:

winmm.dll

chrome.exe_1388_rwx_09120000_00001000:

winmm.dll

chrome.exe_1388_rwx_09150000_00001000:

msacm32.dll

chrome.exe_1388_rwx_09190000_00001000:

msacm32.dll

chrome.exe_1388_rwx_091D0000_00001000:

msacm32.dll

chrome.exe_1388_rwx_09210000_00001000:

msacm32.dll

chrome.exe_1388_rwx_09250000_00001000:

msacm32.dll

chrome.exe_1388_rwx_09390000_00001000:

msacm32.dll

chrome.exe_1388_rwx_093D0000_00001000:

msacm32.dll

chrome.exe_1388_rwx_09410000_00001000:

msacm32.dll

chrome.exe_1388_rwx_10410000_0005C000:

.idata
.reloc
P.rsrc
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
kernel32.dll
Port
|Key|-|
STATUSMSG|6
STATUSMSG|7
$000000.tmp
avesvc.exe
ashdisp.exe
avgrsx.exe
bdss.exe
spider.exe
avp.exe
nod32krn.exe
cclaw.exe
dvpapi.exe
ewidoctrl.exe
mcshield.exe
pavfires.exe
almon.exe
ccapp.exe
pccntmon.exe
fssm32.exe
Dr.Web
issvc.exe
vsmon.exe
cpf.exe
ca.exe
tnbutil.exe
mpfservice.exe
npfmsg.exe
outpost.exe
tpsrv.exe
kpf4ss.exe
persfw.exe
vsserv.exe
smc.exe
op_mon.exe
Windows NT 4.0
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Seven
Windows 95
Windows 98
Windows Me
rpcrt4.dll
Software\Classes\http\shell\open\command\
http\shell\open\command\
https\shell\open\command\
PSAPI.dll
\\StringFileInfo\\%.4x%.4x\\%s
ntdll.dll
BCASTSEARCHWINDOWS
Delete TCP
iphlpapi.dll
GetTcpTable
SetTcpEntry
GetExtendedTcpTable
GetExtendedUdpTable
*:*|UDP|-|
ACTIVEPORTS|
MSG|Error Listing Active Ports
HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
ShellExecuteA
Software\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Explorer.exe
userinit.exe,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\WindowsName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\WindowsName\
hXXp://
%sysdir%\
%serverpath%\
%sysdir%
%serverexe%
%serverpath%
CDKEYS|
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
127.0.0.1 localhost #Redirects^To^Local^IP
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
STATUSMSG|19
UnitPasswords
advapi32.dll
WindowsLive:name=*
** Password Unknown **
Password
sqlite3.dll
sqlite3_open
sqlite3_close
sqlite3_prepare
sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_text
SELECT * FROM moz_logins
hXXps://login.facebook.com
hXXp://VVV.facebook.com
hXXp://sv.facebook.com
*pass
mozcrt19.dll
nspr4.dll
plc4.dll
plds4.dll
nssutil3.dll
softokn3.dll
nss3.dll
PK11_GetInternalKeySlot
Mozilla\Firefox\profiles.ini
Mozilla\Firefox\
signons.sqlite
MSG|Failed To Get Firefox Passwords
MSG|Mozilla Firefox not Found !
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command\
firefox.exe
BCAST|FIREFOX|
FIREFOXPASSWORDS|
-|-|-|-|
password
aim.ini
yahoo.ini
msn.ini
Trillian.SkinZip\DefaultIcon
LoginName
\*.dat
\.purple\accounts.xml
\.gaim\accounts.xml
<password>
** Password Unknown **|
[t]Password-Protected Web Site
BCAST|INTERNETEXPLORERPASSWORDS|
INTERNETEXPLORERPASSWORDS|
\FileZilla\recentservers.xml
<Port>
<Pass>
PTF://
DynDNS\Updater\config.dyndns
Software\DownloadManager\Passwords
Software\DownloadManager\Passwords\
EncPassword
Software\IMVU\password
Google\Chrome\User Data\Default\Web Data
MSG|Google Chrome not Found !
SQLite3.dll
SQLITENOTFOUND|
SELECT * FROM logins
BCAST|CHROMEPASSWORDS|
CHROMEPASSWORDS|
@default.talk.google.com
TWebDownloader
TFTPUploader
TFTPDownloader
GetUrlSize
UnitWebTransfers
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
t*hT%C
(hT%C
u\hT%C
2hT%C
DOWNSTARTED|HTTP Download|
|Download Complete, Executed|
|Download Complete, Error Executing !|
DOWNSTARTED|FTP Download|
|Download Complete, Error Executing|
UPSTARTED|FTP Upload|
|Error !, Unable To Connect To FTP Server|
SetupApi.dll
cfgmgr32.dll
ole32.dll
SetupDiOpenClassRegKey
MSG|Device Enabled
MSG|Error Enabling Device
MSG|Device Disabled
MSG|Error Disabling Device
TMemoryExecute
|File Executed In Memory, PID :
|Error Executing File In Memory|
UnitMemoryExecute
|Error, Can't Execute File|
PowrProf.dll
user32.dll
MSG|Error Listing Services !
00-00-00-00-00-00
IP : %s, SubNetMask : %s
%copiedfile%
STATUSMSG|13
Autorun.inf
MSG|Can't Find File To Copy To USB !
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Policies\Microsoft\Windows\System
DisableCMD
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
<specialkey>[Backspace]</specialkey>
<specialkey>[Tab]</specialkey>
<specialkey>[Enter]</specialkey>
<specialkey>[Ctrl]</specialkey>
<specialkey>[Alt]</specialkey>
<specialkey>[Esc]</specialkey>
<specialkey>[Page Up]</specialkey>
<specialkey>[Page Down]</specialkey>
<specialkey>[End]</specialkey>
<specialkey>[Home]</specialkey>
<specialkey>[Left]</specialkey>
<specialkey>[Up]</specialkey>
<specialkey>[Right]</specialkey>
<specialkey>[Down]</specialkey>
<specialkey>[Print Screen]</specialkey>
<specialkey>[Insert]</specialkey>
<specialkey>[Del]</specialkey>
<specialkey>[Num Lock]</specialkey>
<specialkey>[Scroll Lock]</specialkey>
SingleKey|
MSG|Error Updating Server !
MSG|Updating Server...
MSG|Server Downloaded, Executing...
MSG|Server Uploaded, Executing...
MSG|Server Updated Successfully
MSG|Server Update Failed, Error Executing
MSG|Server Update Failed !
SENDSQLITEDLL
UnitWindowsProductKeys
\SOFTWARE\Microsoft\Windows NT\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
avicap32.dll
UhE%D
msnmsgr.exe
_com.codexterity.fastsharemem.dataclass
Plugins\*.server.dll
10.0.0.3
mypassword
login
JOIN
NICK
PRIVMSG
The website have been opened.
File Downloaded & Executed!
Uh.jD
%Username%
%Country%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WindowsName\Tag
127.0.0.1:3340,
%AppData%\ntsokrn.dat
/Invailed Path Supplied Caused Keylogger to Stop
explorer.exe
MSG|Remote Desktop Started
MSG|Error Connecting Remote Desktop !
KeyDown
KeyUp
WEBCAM
LISTWEBCAMS|
STATUSMSG|4
STATUSMSG|2
STATUSMSG|3
STATUSMSG|5
WEBCAMCAP
STATUSMSG|1
MSG|Audio Stream Started
MSG|Error Starting Audio Stream !
MSG|Audio Stream Stopped
MSG|Error Stopping Audio Stream !
cmd.exe /k
OPERAPASSWORDS
Opera\Opera\wand.dat
BCAST|OPERAPASSWORDS|
IMVUPASSWORDS
BCAST|IMVUPASSWORDS|
PALTALKPASSWORDS
BCAST|PALTALKPASSWORDS|
FILEZILLAPASSWORDS
BCAST|FILEZILLAPASSWORDS|
IDMLOGINS
BCAST|IDMLOGINS|
FIREFOX
MSPRODKEYS
BCAST|MSPRODKEYS|
INTERNETEXPLORERPASSWORDS
CHROMEPASSWORDS
MIRANDAPASSWORDS
BCAST|MIRANDAPASSWORDS|
TRILLIANPASSWORDS
BCAST|TRILLIANPASSWORDS|
PIDGINPASSWORDS
BCAST|PIDGINPASSWORDS|
GAIMPASSWORDS
BCAST|GAIMPASSWORDS|
MSG|WLM Sniffer Started
MSG|Error Starting WLM Sniffer !
MSG|WLM Sniffer Stopped
MSG|Error Stopping WLM Sniffer !
MSG|Chat Window Closed
MSG|Error Closing Chat Window !
MSG|Handle "
MSG|Error Closing Handle "
STATUSMSG|11
STATUSMSG|12
SEARCHWINDOWS
MSG|Process
MSG|Error Setting Process Priority
MSG|DLL Unloaded
MSG|Error Unloading DLL
MSG|Process(es) Terminated - PId :
MSG|Error Terminating Process(es) !
MSG|Process(es) Restarted - PId :
MSG|Error Restarting Process(es) !
MSG|Process(es) Suspended - PId :
MSG|Error Suspending Process(es) !
MSG|Process(es) Resumed - PId :
MSG|Error Resuming Process(es) !
MSG|Process Doesn't Have a Window - PID :
MSG|Window Brought To Front - PID :
MSG|Window Closed - PID :
MSG|Window Maximized - PID :
MSG|Window Minimized - PID :
MSG|Error Capturing Window !
PASSWORDS
ALLIMPASSWORDS
ALLIMPASSWORDS|
DYNDNSPASSWORDS
DYNDNSPASSWORDS|
MSNPASSWORDS
MSNPASSWORDS|
IMVUPASSWORDS|
MSPRODKEYS|
PALTALKPASSWORDS|
FILEZILLAPASSWORDS|
IDMLOGINS|
NOIPPASSWORDS
NOIPPASSWORDS|
FIREFOXPASSWORDS
OPERAPASSWORDS|
MSG|Opera not Found !
MIRANDAPASSWORDS|
TRILLIANPASSWORDS|
PIDGINPASSWORDS|
GAIMPASSWORDS|
SOCKSSTATUS|Socks Server Already Active on Port :
MSG|Uninstaller Executed
MSG|Could't Execute Uninstaller
SCDKEYS
CCDKEYS
CDKEYS
ACTIVEPORTS
CLOSEPORT
MSG|Port Closed
MSG|Error Closing Port
MSG|Host Removed
MSG|Error Removing Host
MSG|Hosts List Cleared
MSG|Host Added
MSG|Error Adding Host
MSG|Window Closed - Handel :
MSG|Window Diabled - Handel :
MSG|Window Enabled - Handel :
MSG|Window Maximized - Handel :
MSG|Window Minimized - Handel :
MSG|Window Hided - Handel :
MSG|Window Showed - Handel :
MSG|Close Button On Window With Handel :
MSG|Close Button on Window With Handel :
MSG|Window Title Changed To :
MSG|Error Changing Window Title !
SENDKEYS
MSG|Text Sent To Window With Handel :
MSG|Error Sending Text To Window - Handel :
MSG|Script Created and Executed
MSG|Error Creating/Executing Script
MSG|Clipboard Enabled
MSG|Clipboard Disabled
MSG|New Attributes are Now Set
MSG|Error Setting New Attributes !
MSG|Desktop Wallpaper Set To "
MSG|Error Changing Desktop Wallpaper
winlogon.exe
MSG|Application Executed as System
MSG|Error Executiong Application as System
MSG|File Executed Visible
MSG|Error While Trying to Run File
MSG|File Executed Hidden
MSG|Error Executing File
MSG|File Secure-Deleted
MSG|Error Secure-Deleting File
MSG|File Doesn't Exist
MSG|File Deleted
MSG|Error Deleting File
MSG|Folder Deleted Successfully
MSG|Error Deleting Folder
MSG|Folder Doesn't Exist
MSG|File Moved to Recycle Bin
MSG|Error Moveing File to Recycle Bin
MSG|File/Folder Doesn't Exist
MSG|File/Folder Renamed
MSG|Error Renaming File/Folder
MSG|Folder Created
MSG|Error Creating Folder !
MSG|Folder Already Exist, Choose Another Name
LISTKEYS
LISTKEYS|
MSG|Key Renamed
MSG|Error Renaming Key
DELETEKEY
MSG|Key/Value Deleted
MSG|Error Deleting Key/Value
NEWKEY
MSG|Key Created
MSG|Error Creating Key
MSG|Value Added
MSG|Error Adding Value
STATUSMSG|16
STATUSMSG|17
STATUSMSG|18
STATUSMSG|20
STATUSMSG|21
|Error, Target File or File To Execute Doesn't Exists|
DOWNLOADFROMFTP
UPLOADTOFTP
GETKEYLOG
MSG|Offline Key Logger Is Disabled !
MSG|Error, Log Doesn't Exists !
DELETEKEYLOG
MSG|Key Log Cleared !
MSG|Error Clearing Key Log File !
MSG|Error, File Not Found
MSG|Service Stopped
MSG|Service Started
MSG|Service "
MSG|Error Uninstalling Service
MSG|Service Created
MSG|Error Creating Service
MSG|Logoff Command Executed
MSG|Restart Command Executed
MSG|Shutdown Command Executed
MSG|Standby Command Executed
MSG|Hibernate Command Executed
MSG|Power Off Command Executed
0.3.2
abe2869f-9b47-4cd9-a358-c22904dba7f7
Unable to resolve HTTP prox
Portions Copyright (c) 1999,2003 Avenger by NhT
text/x-msmsgscontrol
ws2_32.dll
GetProcessHeap
oleaut32.dll
wsock32.dll
KWindows
solitude69.no-ip.org:3085,
=C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.exe
$C:\Users\"%CurrentUserName%"\AppData\Roaming\bin.txt
)ju'dhu2.iu
GetKeyboardType
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
WinExec
PeekNamedPipe
CreatePipe
mpr.dll
version.dll
gdi32.dll
keybd_event
VkKeyScanA
SetKeyboardState
MsgWaitForMultipleObjects
MapVirtualKeyExA
MapVirtualKeyA
GetKeyboardState
GetKeyboardLayout
GetKeyState
GetAsyncKeyState
ExitWindowsEx
EnumWindows
getservbyport
shell32.dll
SHFileOperationA
wininet.dll
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
FtpSetCurrentDirectoryA
FtpPutFileA
FtpOpenFileA
FtpFindFirstFileA
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
Crypt32.dll
crypt32.dll
URLMON.DLL
URLDownloadToFileA
netapi32.dll
winmm.dll
msacm32.dll
0 0$0(0,0004080>1
5 5$5(5,5
6-6}6
%AppData%\bin.txt
C:\Windows\resources\themes\Aero\Aero.msstyles


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1796
    chrome.exe:160

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.exe (2779 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.bat (172 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tZIDR.txt (170 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Windows Task Manager\taskmgr.txt (2684 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat (80 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\bin.txt (0 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now