Trojan.GenericKD.2153628_499f319ba2

by malwarelabrobot on February 24th, 2015 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.GenericKD.2153628 (B) (Emsisoft), Trojan.GenericKD.2153628 (AdAware), GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 499f319ba2ebf0241a81f913cb940a24
SHA1: fe7d207f8c1767e5b287a1344e746fd75889c23e
SHA256: 7304685e0fc5bb0f0a0ff6bca7f35a1fd2869b62ae74324750331bea8f81de9c
SSDeep: 3072:SRd9BPe9m39tB8BliqKh86F6HSxd3irUm8M772D386PtSACvWDnCEC3lxZd50XFI:QBG9K3eBlZS81HSxNSUXRtTFuEe
Size: 286208 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: TheaterMaxV08.02
Created at: 2015-02-07 19:03:20
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

GoogleUpdate.exe:1992
GoogleUpdate.exe:940
GoogleUpdate.exe:1040
GoogleUpdate.exe:1368
GoogleUpdate.exe:1596
GoogleUpdate.exe:1036
GoogleUpdate.exe:728
chrome_installer.exe:1776
chrome.exe:740
chrome.exe:2712
chrome.exe:1140
chrome.exe:1208
chrome.exe:572
chrome.exe:2736
chrome.exe:3440
chrome.exe:1484
chrome.exe:1716
chrome.exe:3028
chrome.exe:3124
chrome.exe:1376
chrome.exe:500
chrome.exe:2012
chrome.exe:2816
chrome.exe:1156
chrome.exe:2764
chrome.exe:380
chrome.exe:1932
chrome.exe:1620
chrome.exe:2216
chrome.exe:3372
chrome.exe:2000
chrome.exe:2352
chrome.exe:924
chrome.exe:1512
%original file name%.exe:1392
Chromium.exe:396
Chromium.exe:1936
setup.exe:844

The Trojan injects its code into the following process(es):

chrome.exe:2704
chrome.exe:2496

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process GoogleUpdate.exe:1368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Update\1.3.24.15\goopdateres_hu.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pt-BR.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_de.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ml.dll (40 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_vi.dll (37 bytes)
%Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_cs.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fi.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (51 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_zh-CN.dll (31 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_is.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_lv.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1281 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_am.dll (36 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (312970 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_en.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_da.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fr.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1425 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_et.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ko.dll (33 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ar.dll (35 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_hr.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_iw.dll (35 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pt-PT.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_it.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_bg.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_th.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_nl.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_bn.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ro.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdate.dll (10815 bytes)
%Program Files%\Google\Update\1.3.24.15\psuser_64.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe (601 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sk.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ru.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_gu.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sw.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sl.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sv.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_el.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ta.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\psmachine.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_kn.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_es-419.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\psmachine_64.dll (673 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_mr.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\psuser.dll (673 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (51 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_en-GB.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_sr.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_zh-TW.dll (31 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ca.dll (38 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_id.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ur.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ms.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_lt.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_ja.dll (34 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_tr.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_hi.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_pl.dll (38 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (5 bytes)
%Program Files%\Google\Update\1.3.24.15\GoogleUpdateSetup.exe (322985 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_no.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_te.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_uk.dll (37 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fa.dll (36 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_fil.dll (38 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
%Program Files%\Google\Update\1.3.24.15\goopdateres_es.dll (39 bytes)
%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll (4185 bytes)

The process GoogleUpdate.exe:728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Temp\gui3.tmp (107 bytes)
%Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe (312970 bytes)
%Program Files%\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe (312970 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (0 bytes)
%Program Files%\Google\Update\Install (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7} (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (0 bytes)
%Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96} (0 bytes)

The process chrome_installer.exe:1776 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (1656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (17312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (307964 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (0 bytes)

The process chrome.exe:1140 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\manifest.json (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\de\messages.json (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ar\messages.json (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\et\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fr\messages.json (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sk\messages.json (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_GB\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\cs\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_US\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ro\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sr\messages.json (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\32.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hu\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ja\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ru\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_PT\messages.json (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\el\messages.json (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pl\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\he\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hr\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\it\messages.json (298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ca\messages.json (300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_BR\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es_419\messages.json (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\no\messages.json (300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\16.png (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\da\messages.json (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fi\messages.json (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lv\messages.json (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fil\messages.json (315 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ko\messages.json (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\bg\messages.json (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sl\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\nl\messages.json (301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lt\messages.json (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hi\messages.json (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\48.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\id\messages.json (297 bytes)

The process chrome.exe:572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_57Pb6fGDZOtlQMM (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sqE0lbmGPa8MXZ6 (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (20339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xXoAQXVBWAkjVUV (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (4342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (21181 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_COISweXrjgllKSj (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_572_11982\docs.crx (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (564 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFd76b7.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (0 bytes)

The process chrome.exe:1716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ja\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_BR\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sk\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\de\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_CN\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\manifest.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_PT\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\it\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pl\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sr\messages.json (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ko\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\th\messages.json (313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ar\messages.json (301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\en\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ca\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fr\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\id\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lv\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\128.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lt\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\da\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\se\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ro\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\tr\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\uk\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\el\messages.json (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\cs\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hi\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_TW\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fi\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fil\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hr\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\bg\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\es\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hu\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\no\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ru\messages.json (275 bytes)

The process chrome.exe:3028 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\error.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio_input.html (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options-compiled.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-normal.gif (524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_en-gb.nmf (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_de.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword-x86-32.nexe (21968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-hotword.gif (482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword.data (18240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio\1_short_Open_16_16.wav (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_.nmf (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-manager-compiled.js (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\hotword.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_metadata\verified_contents.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-input-compiled.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\speech.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_fr.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\content-bundle-compiled.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_ru.nmf (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\background.html (276 bytes)

The process chrome.exe:3124 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.js (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\no\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (243 bytes)

The process chrome.exe:2012 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\it\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\128.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\de\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\el\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\da\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\no\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\th\messages.json (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\et\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\he\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\id\messages.json (241 bytes)

The process chrome.exe:1156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.js (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (66 bytes)

The process chrome.exe:1620 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (1454 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\17.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\search.crx (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\youtube.crx (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (3596 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (7647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (1678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (3340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\gmail.crx (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000004.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (9448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bNd36tTOLoR3h7H (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\18.tmp (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GtiYnPzbOv7mbuG (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2692 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\7.tmp (854 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (12870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bwgWHZEk4opAHGG (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\drive.crx (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (2527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\E.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (2791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PTU8u5A3XtVHHVY (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (19573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (745 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFda420.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT~RFd97ac.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_1620_13770 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFd7d9d.TMP (0 bytes)

The process chrome.exe:2216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\id\messages.json (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\de\messages.json (571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\da\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\et\messages.json (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\it\messages.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lt\messages.json (563 bytes)

The process chrome.exe:3372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_background.js (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (655 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_window.js (10864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (1 bytes)

The process chrome.exe:2496 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\22.tmp (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9936 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2B.tmp (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000002 (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5097 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (655 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\20.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_tyxbQ2jGgiGmaPw (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_FBAnhFdYjaHhnn8 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000006 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (844 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (732 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS (1932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (7005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\23.tmp (840 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PqEbG3oWHswgdzP (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000002 (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CY1CTTavDQSS5c9 (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager (5791 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (6215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (618 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000004.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ew7Rjwo7eR2qtqJ (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (4056 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS-JOURNAL (1208 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (507756 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index-journal (21474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (46613 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000001 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000006.log (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs (2093 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (115472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (2898 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (16786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (26368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (160432 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2024 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\25.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (7612 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\27.tmp (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (969152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IpNmEptaMtzPlTw (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000006.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_1 (12440 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_0 (6404 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_3 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_2 (3368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000008.log (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (3712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (19820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (672 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (929 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\26.tmp (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (16088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (2960 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (10304 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (36336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (7005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (764 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\29.tmp (703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index (16655 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004 (69 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_8177 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFed240.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFde84d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFe313d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_14298 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT~RFdd581.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFf23ab.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\__MACOSX (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\index (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFde81e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2496_6863 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT~RFdd1f6.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFde7b1.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFf10b0.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFe1931.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe11af.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\CURRENT~RFdd60d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe5a7f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFdc247.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\data_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old~RFdc12d.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (0 bytes)

The process chrome.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ca\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\el\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\it\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hi\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hu\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fi\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fil\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\he\messages.json (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lv\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ja\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\id\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ko\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\de\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\da\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\cs\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\no\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\nl\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\bg\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\pl\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\es\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hr\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\en\messages.json (216 bytes)

The process %original file name%.exe:1392 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Chromium.exe (36452 bytes)

The process Chromium.exe:396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\default_apps\app.crx (1 bytes)
%Program Files%\Google\Chrome\Application\default_apps\external_extensions.json (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State (425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Chromium.exe (5491424 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (0 bytes)

The process Chromium.exe:1936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\GUM1.tmp\goopdateres_en.dll (36 bytes)
%Program Files%\GUM1.tmp\psuser_64.dll (189 bytes)
%Program Files%\GUM1.tmp\goopdateres_ur.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ml.dll (40 bytes)
%Program Files%\GUM1.tmp\goopdateres_sl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ca.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ta.dll (39 bytes)
%Program Files%\GUT2.tmp (356471 bytes)
%Program Files%\GUM1.tmp\goopdateres_es-419.dll (38 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (51 bytes)
%Program Files%\GUM1.tmp\goopdateres_sr.dll (37 bytes)
%Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (153282 bytes)
%Program Files%\GUM1.tmp\goopdateres_hi.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files%\GUM1.tmp (32 bytes)
%Program Files%\GUM1.tmp\goopdateres_en-GB.dll (36 bytes)
%Program Files%\GUM1.tmp\goopdateres_it.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_ko.dll (33 bytes)
%Program Files%\GUM1.tmp\goopdateres_de.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_fa.dll (36 bytes)
%Program Files%\GUM1.tmp\npGoogleUpdate3.dll (1126 bytes)
%Program Files%\GUM1.tmp\psmachine.dll (166 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_id.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_th.dll (36 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (51 bytes)
%Program Files%\GUM1.tmp\goopdateres_cs.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_uk.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_tr.dll (37 bytes)
%Program Files%\GUM1.tmp\psmachine_64.dll (189 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (31 bytes)
%Program Files%\GUM1.tmp\goopdateres_hu.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_es.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_bn.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_el.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_ms.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ja.dll (34 bytes)
%Program Files%\GUM1.tmp\GoogleUpdate.exe (116 bytes)
%Program Files%\GUM1.tmp\goopdateres_sk.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_nl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdate.dll (3850 bytes)
%Program Files%\GUM1.tmp\goopdateres_no.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_fil.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ro.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_mr.dll (38 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler.exe (230 bytes)
%Program Files%\GUM1.tmp\goopdateres_lv.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_da.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\GUM1.tmp\goopdateres_te.dll (39 bytes)
%Program Files%\GUM1.tmp\psuser.dll (166 bytes)
%Program Files%\GUM1.tmp\goopdateres_am.dll (36 bytes)
%Program Files%\GUM1.tmp\goopdateres_is.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_fr.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_sw.dll (39 bytes)
%Program Files%\GUM1.tmp\goopdateres_pl.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_et.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_vi.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_lt.dll (37 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (114 bytes)
%Program Files%\GUM1.tmp\goopdateres_sv.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_ar.dll (35 bytes)
%Program Files%\GUM1.tmp\goopdateres_iw.dll (35 bytes)
%Program Files%\GUM1.tmp\goopdateres_bg.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_ru.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_kn.dll (39 bytes)
%Program Files%\GUM1.tmp\OfflineManifest.gup (5 bytes)
%Program Files%\GUM1.tmp\goopdateres_gu.dll (39 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (322985 bytes)
%Program Files%\GUM1.tmp\goopdateres_fi.dll (37 bytes)
%Program Files%\GUM1.tmp\goopdateres_hr.dll (38 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (31 bytes)

The Trojan deletes the following file(s):

%Program Files%\GUM1.tmp\goopdateres_en.dll (0 bytes)
%Program Files%\GUM1.tmp\psuser_64.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ur.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ml.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ca.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ta.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_et.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_es-419.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sr.dll (0 bytes)
%Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hi.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (0 bytes)
%Program Files%\GUM1.tmp (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_en-GB.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_it.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ko.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_de.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fa.dll (0 bytes)
%Program Files%\GUM1.tmp\npGoogleUpdate3.dll (0 bytes)
%Program Files%\GUM1.tmp\psmachine.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_id.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_th.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_cs.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_uk.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_tr.dll (0 bytes)
%Program Files%\GUM1.tmp\psmachine_64.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hu.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_es.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_bn.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_el.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ms.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ja.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdate.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sk.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_nl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdate.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_no.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_gu.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ro.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_mr.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleCrashHandler.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_lv.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_da.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_te.dll (0 bytes)
%Program Files%\GUM1.tmp\psuser.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_am.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_is.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fr.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sw.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_pl.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fil.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_vi.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_lt.dll (0 bytes)
%Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_sv.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ar.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_iw.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_bg.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_ru.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_kn.dll (0 bytes)
%Program Files%\GUM1.tmp\OfflineManifest.gup (0 bytes)
%Program Files%\GUT2.tmp (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_fi.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_hr.dll (0 bytes)
%Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (0 bytes)

The process setup.exe:844 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lv.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\splash-620x300.png (10 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Extensions\external_extensions.json (99 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (3916 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nb.pak (259 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\resources.pak (113371 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-PT.pak (282 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (73 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\VisualElementsManifest.xml (399 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\uk.pak (1728 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_elf.dll (133 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\id.pak (258 bytes)
%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\youtube.crx (23 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\icudtl.dat (76792 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libegl.dll (211 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nl.pak (277 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hu.pak (301 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\manifest.json (2 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\ffmpegsumo.dll (9606 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fil.pak (291 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sl.pak (264 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\mr.pak (1859 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-US.pak (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1551 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ja.pak (1626 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\tr.pak (284 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\pdf.dll (67091 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\am.pak (1676 bytes)
%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hr.pak (268 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_100_percent.pak (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\chrome.7z (1212312 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\et.pak (251 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\cs.pak (286 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\widevinecdmadapter.dll (142 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_32.nexe (15801 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pl.pak (283 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bg.pak (1755 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\gu.pak (1849 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\40.0.2214.115.manifest (224 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\delegate_execute.exe (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\vi.pak (326 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ca.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\xinput1_3.dll (81 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sv.pak (263 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\gmail.crx (24 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\pepflashplayer.dll (110258 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\d3dcompiler_46.dll (22433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\secondarytile.png (637 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\it.pak (279 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome.dll (247928 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\docs.crx (4 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hi.pak (1867 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\search.crx (26 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\metro_driver.dll (1787 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\smalllogo.png (9 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ta.pak (3760 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_200_percent.pak (9606 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_64.nexe (20507 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\el.pak (1801 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\da.pak (259 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ru.pak (1727 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-CN.pak (232 bytes)
%Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-TW.pak (234 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\drive.crx (25 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl64.exe (12288 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ar.pak (1662 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\he.pak (1610 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sk.pak (297 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\de.pak (247 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-BR.pak (277 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ms.pak (215 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sw.pak (240 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libexif.dll (310 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin (4 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\logo.png (3 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es-419.pak (286 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_child.dll (258733 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ml.pak (3823 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fr.pak (304 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-GB.pak (238 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lt.pak (282 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ko.pak (290 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ro.pak (291 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libglesv2.dll (7386 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sr.pak (1715 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es.pak (292 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libpeerconnection.dll (22433 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bn.pak (3678 bytes)
%Program Files%\Google\Chrome\Application\master_preferences (107 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\external_extensions.json (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fa.pak (1689 bytes)
%Program Files%\Google\Chrome\Application\chrome.exe (5873 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\te.pak (3711 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\kn.pak (3727 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fi.pak (270 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\th.pak (1857 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Chrome\Temp (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881 (0 bytes)
%WinDir%\Temp\gui3.tmp (0 bytes)
%Program Files%\Google\Chrome (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (0 bytes)
%Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (0 bytes)

Registry activity

The process GoogleUpdate.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods]
"(Default)" = "13"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Google.OneClickProcessLauncherMachine]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods]
"(Default)" = "41"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}]
"(Default)" = "IAppCommand2"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\GoogleUpdate.Update3WebMachine\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}]
"(Default)" = "IProgressWndEvents"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
"(Default)" = "IGoogleUpdate3"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
"(Default)" = "IGoogleUpdate"

[HKCR\GoogleUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\GoogleUpdate.CoreMachineClass\CurVer]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}]
"(Default)" = "IAppCommand"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\GoogleUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}]
"(Default)" = "IJobObserver"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CoreMachineClass\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods]
"(Default)" = "5"

[HKCR\Google.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods]
"(Default)" = "24"

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}]
"(Default)" = "CoCreateAsync"

[HKCR\GoogleUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}]
"(Default)" = "PSFactoryBuffer"

[HKCR\GoogleUpdate.CoCreateAsync\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}]
"(Default)" = "IAppBundle"

[HKCR\GoogleUpdate.ProcessLauncher\CurVer]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\GoogleUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}]
"(Default)" = "IAppWeb"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Google.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods]
"(Default)" = "41"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 24 B8 03 02 06 48 06 B8 B0 1E 4D E5 CC CD E5"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}\InProcServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}]
"(Default)" = "ICurrentState"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods]
"(Default)" = "17"

[HKCR\GoogleUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass"

[HKCR\GoogleUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}]
"(Default)" = "IPackage"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\GoogleUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{E2D06167-6DCF-4BF6-A212-5C2F0161583A}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}]
"(Default)" = "IProcessLauncher2"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.CoCreateAsync\CurVer]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}]
"(Default)" = "IAppVersion"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods]
"(Default)" = "10"

[HKCR\GoogleUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"(Default)" = "Google Update Core Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync"

[HKCR\GoogleUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}]
"(Default)" = "IAppCommandWeb"

[HKCR\GoogleUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}]
"(Default)" = "IApp"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods]
"(Default)" = "12"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}]
"(Default)" = "IApp2"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods]
"(Default)" = "11"

[HKCR\GoogleUpdate.Update3WebMachine\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}]
"(Default)" = "IAppVersionWeb"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-1004"

[HKCR\GoogleUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}]
"(Default)" = "IAppBundleWeb"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"CLSID" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods]
"(Default)" = "43"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.24.15\goopdate.dll,-3000"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}]
"(Default)" = "IProcessLauncher"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32]
"(Default)" = "{E2D06167-6DCF-4BF6-A212-5C2F0161583A}"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}]
"(Default)" = "ICoCreateAsync"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"Policy" = "3"

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\psmachine.dll"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\GoogleUpdate.ProcessLauncher\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}]
"(Default)" = "ICredentialDialog"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}]
"(Default)" = "IBrowserHttpRequest2"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}\InprocHandler32]
[HKCR\CLSID\{FC80AE76-8FD2-4F24-871C-ED48DAA126D9}]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C AE 24 5E 8F B4 9E 93 31 36 42 2C 86 4E AF 07"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.Update3WebSvc\CurVer]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\GoogleUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3COMClassService\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\GoogleUpdate.Update3WebSvc\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\GoogleUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc"

[HKCR\GoogleUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "ServiceModule"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"LocalService" = "gupdatem"

[HKCR\GoogleUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "ServiceModule"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreClass"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.CoreClass\CurVer]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 0C 95 7D 68 E1 AA B6 99 CB AE 42 39 E0 C4 65"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.CoreClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"LocalService" = "gupdate"

[HKCR\GoogleUpdate.CoreClass.1\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKCR\GoogleUpdate.Update3COMClassService\CurVer]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\GoogleUpdate.CoreClass\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

The Trojan deletes the following registry key(s):

[HKCR\AppID\GoogleUpdate.exe]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Google.Update3WebControl.3\CLSID]
"(Default)" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\Google.OneClickCtrl.9]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppName" = "GoogleUpdateBroker.exe"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastActivity" = "4294967295"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1424649037"

[HKCR\Google.Update3WebControl.3]
"(Default)" = "Google Update Plugin"

[HKCR\Google.OneClickCtrl.9\CLSID]
"(Default)" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppPath" = "%Program Files%\Google\Update\1.3.24.15"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
"(Default)" = "Google.OneClickCtrl.9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description" = "Google Update"

[HKLM\SOFTWARE\Google\Update]
"LastOSVersion" = "1C 01 00 00 05 00 00 00 01 00 00 00 28 0A 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update]
"Version" = "1.3.24.15"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
"(Default)" = "Google.Update3WebControl.3"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description" = "Google Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3]
"CLSID" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "4294967295"
"DayOfInstall" = "4294967295"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.24.15"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"iid" = "{2E976F3D-8707-0D9C-A62E-FF8283930175}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.24.15"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Google\Update]
"IsMSIHelperRegistered" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF CD 2B 3B D8 83 3E D5 9B 0F 9D 15 9B 31 7D A7"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Version" = "9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppPath" = "%Program Files%\Google\Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"ProductName" = "Google Update"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

[HKLM\SOFTWARE\Google\Update]
"UninstallCmdLine" = "%Program Files%\Google\Update\GoogleUpdate.exe /uninstall"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Version" = "3"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"ProductName" = "Google Update"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppName" = "GoogleUpdate.exe"

[HKLM\SOFTWARE\Google\Update]
"Path" = "%Program Files%\Google\Update\GoogleUpdate.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"Policy" = "3"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9]
"CLSID" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"Policy" = "3"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"Name" = "Google Update"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"LastChecked"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Google\Update]
"LastCodeRedCheck"
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Google\Update]
"ui"
"old-uid"
"mi"

The process GoogleUpdate.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 77 FE EB F5 39 D7 95 8C AA 3D C5 09 1B 03 9D"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 AC C7 7D EC 40 9A 3D 6C 20 3E 8A 05 96 1B A2"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"
"eulaaccepted"

The process GoogleUpdate.exe:728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"InstallProgressPercent" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "40.0.2214.115"
"browser" = "4"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastRollCall" = "4294967295"
"DayOfInstall" = "4294967295"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"iid" = "{2E976F3D-8707-0D9C-A62E-FF8283930175}"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "4"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallTime" = "1424649040"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResult" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "4294967295"
"LastInstallerError" = "0"
"LastCheckSuccess" = "1424649050"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"DownloadProgressPercent" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 F0 6F A7 B6 45 35 41 23 C0 7C 97 08 D4 32 13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"usagestats" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"LastInstallerResult" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"
"eulaaccepted"
"InstallerError"
"UpdateAvailableCount"
"InstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResultUIString"
"InstallerResult"
"tttoken"
"ap"
"LastInstallerResult"
"experiment_labels"

[HKLM\SOFTWARE\Google\Update]
"uid"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerError"
"LastInstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine"
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerExtraCode1"

The process chrome_installer.exe:1776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE A1 90 04 61 C1 44 4C DE 1D F2 AA F6 46 7D 7D"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-full"

The process chrome.exe:740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 D7 B4 9E 46 B0 B8 32 3D CD 55 EF C8 86 27 5B"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 90 C0 21 D2 93 CE 4D 1F 97 2D 02 52 3B 83 57"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 90 ED C1 FD 4D EA 8A D7 24 79 90 B8 41 3C 0D"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 27 FB E3 3B 9C A9 62 BD 6A 59 04 0D 94 D9 DC"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 3B 4E 14 54 3E A4 43 4C 6D 2F 2E 88 6B DE B3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The process chrome.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 73 36 19 90 60 AE 53 F9 66 87 AD B6 D1 77 3C"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 AB B8 2F 74 DD A9 FD 17 9D 21 71 E3 17 87 41"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D E2 BE 6D 24 23 2F 76 93 E7 95 72 ED 31 46 0A"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 3A 38 E4 3D 7D B2 F4 81 88 AA BF 0E 43 67 B7"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3124 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C B9 EF 08 46 10 84 96 B2 5F 3F BF D1 94 84 2E"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 19 A0 54 0C 46 30 79 10 DB 6B 76 61 CB CB DF"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 8D 2F 36 49 F7 60 06 CC 55 ED 11 39 9A 0B A1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 40 32 3C 2C 40 C1 4B 54 F7 2C 4A 7A 24 06 74"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 E9 B2 4B 2B 7D 70 EC F4 C5 F9 D6 28 C5 0C 9C"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "74 5C 40 11 BD 99 D8 AD AB 66 1E BE A2 02 42 5B"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 EB FE 95 32 5A AB F1 90 07 2F CB A3 55 5D 32"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 FC 4B AC B2 20 3C 09 7C C6 62 98 25 17 58 D0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1932 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 55 1C 5C A5 9D 9F 18 8A 3E 90 DA FE 4D FA 71"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Google\Chrome\BLBeacon]
"Version" = "40.0.2214.115"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Chrome\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13069122655844500"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 11 C5 96 A4 FB CA E1 95 E3 E3 F8 81 02 60 C0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan deletes the following registry key(s):

[HKCU\Software\Google\Chrome\BLFinchList]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels"

The process chrome.exe:2216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 5D F3 F2 51 7F EF A6 CB 17 C9 5C 4C 98 79 03"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 A5 C0 2F 4B 0D 78 01 9E 71 0E 72 C7 A5 67 07"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Google\Common\Rlz\Events\C]
"C7F" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels" = "CrVar1=3310785|Sun, 22 Feb 2016 23:51:18 GMT;CrVar2=3300085|Sun, 22 Feb 2016 23:51:18 GMT;CrVar3=3300129|Sun, 22 Feb 2016 23:51:18 GMT;CrVar4=3300133|Sun, 22 Feb 2016 23:51:18 GMT;CrVar5=3300106|Sun, 22 Feb 2016 23:51:18 GMT;CrVar6=3300135|Sun, 22 Feb 2016 23:51:18 GMT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Chrome\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13069122673016375"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 E4 CF 02 08 41 88 94 3C 9C 26 47 04 BB 62 13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan deletes the following registry key(s):

[HKCU\Software\Google\Chrome\BLFinchList]

The process chrome.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 DC 90 0C 9F CC 73 AC E1 16 1A D8 8A 1B 20 EB"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 B1 47 FD 74 99 0A CA F4 1B ED 53 D7 25 C6 8F"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D BD 83 C2 68 9E 8B BA 4E 4C D4 B9 75 98 B2 5E"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process %original file name%.exe:1392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium" = "%Documents and Settings%\%current user%\Application Data\Chromium.exe"

The process Chromium.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 AF 68 D9 23 16 92 C4 AE 6D 3A 23 2B C1 B9 9B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-dev-multi-chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-dev-multi-chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Policies\Google\Update]
"UpdateDefault" = "0"
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}" = "0"
"AutoUpdateCheckPeriodMinutes" = "0"
"DisableAutoUpdateChecksCheckboxValue" = "1"

The process Chromium.exe:1936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 73 CF 38 B8 FD 2C 7F 85 CF 3F A8 5B F7 84 03"

The process setup.exe:844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --show-icons"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerResult" = "0"

[HKCR\.shtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"oopcrashes" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --uninstall --multi-install --chrome --system-level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Google\Chrome,"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayVersion" = "40.0.2214.115"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription" = "Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm" = "ChromeHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"

[HKCR\.xht\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"

[HKCR\ChromeHTML]
"(Default)" = "Chrome HTML Document"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --make-default-browser"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\.webp\OpenWithProgids]
"ChromeHTML" = ""

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto" = "ChromeHTML"
"mms" = "ChromeHTML"

[HKCR\ChromeHTML\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"

[HKCR\.html\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn" = "ChromeHTML"
"https" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-stage:preconditions-full"

[HKCR\ChromeHTML\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml" = "ChromeHTML"

[HKCR\.htm\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 42 0B 77 A5 8F CF 66 C6 60 1A F4 50 43 54 37"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "40.0.2214.115"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --query-eula-acceptance --system-level"

[HKCR\.xhtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerError" = "0"

[HKCR\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoRepair" = "1"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "40.0.2214.115"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path" = "%Program Files%\Google\Chrome\Application"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"
"DisplayIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files%\Google\Chrome\Application"
"VersionMajor" = "2214"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"

[HKLM\SOFTWARE\RegisteredApplications]
"google chrome" = "Software\Clients\StartMenuInternet\Google Chrome\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallDate" = "20150223"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Google\Chrome\Application]
"Chrome.exe" = "%Program Files%\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"
"InstallerExtraCode1"

Dropped PE files

MD5 File path
731ed7b4b5e834c40f9ee689b9e4c4e4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Chromium.exe
51fd155d4cc266d9c79444db6883b58d c:\Program Files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
51fd155d4cc266d9c79444db6883b58d c:\Program Files\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe
579862fc2cf26cc6457ed1cd14b63cd7 c:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
b6f074942656e1513c7188db04cb2b9a c:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome.dll
16972129842ab6fe6385df48b6c081da c:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome_child.dll
75f6587ce8b903d844281d6d8e79b976 c:\Program Files\Google\Chrome\Application\40.0.2214.115\chrome_elf.dll
c81e0c917d5db4fecd2ec3c7e2712bbf c:\Program Files\Google\Chrome\Application\40.0.2214.115\d3dcompiler_46.dll
722abca36fb218da6cef55df251f054a c:\Program Files\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe
f5f69d245835a8607c32a7bccde444c8 c:\Program Files\Google\Chrome\Application\40.0.2214.115\ffmpegsumo.dll
1c985061e0c51be6da9bda0ab65874ce c:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
b92561960839e078dddd9571b9557e2a c:\Program Files\Google\Chrome\Application\40.0.2214.115\libexif.dll
427a2b0c6be5abfae1c0ef59a8911232 c:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
3bb16474f3f4aeaf8ee875ededf3e0db c:\Program Files\Google\Chrome\Application\40.0.2214.115\libpeerconnection.dll
7384e0ff709a1fd959185511ea350952 c:\Program Files\Google\Chrome\Application\40.0.2214.115\metro_driver.dll
4cac46ba392e93b6c0b1c8359993896a c:\Program Files\Google\Chrome\Application\40.0.2214.115\nacl64.exe
8b56fcfcb0f84733070d97d39fbcd2f6 c:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
a306f7b7cf83964b01baf307b89f1a5f c:\Program Files\Google\Chrome\Application\40.0.2214.115\widevinecdmadapter.dll
77f595dee5ffacea72b135b1fce1312e c:\Program Files\Google\Chrome\Application\40.0.2214.115\xinput1_3.dll
b9d6d7e6e5c4fcd8dd7f88ec9d563085 c:\Program Files\Google\Chrome\Application\chrome.exe
397d14958d6c9c2b365469a857b2ac4e c:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
aa0e4f73727bfc8ba404884b1c1db719 c:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
506708142bc63daba64f2d3ad1dcd5bf c:\Program Files\Google\Update\1.3.24.15\GoogleUpdate.exe
ac6998d92a311e7cf0b4daec3566f444 c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
80e350e0aa963b2125896b13e60a4d68 c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
956672375af066d958e4d07f5abafc1a c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
731ed7b4b5e834c40f9ee689b9e4c4e4 c:\Program Files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
77e585edd4c7eb7ab2acc36bc1dc32a5 c:\Program Files\Google\Update\1.3.24.15\goopdate.dll
d61afdfe740a994d0a22a34de3f61137 c:\Program Files\Google\Update\1.3.24.15\goopdateres_am.dll
4793909a18ee5b63ce94e7d70a0f3a1c c:\Program Files\Google\Update\1.3.24.15\goopdateres_ar.dll
77634ccb5198292e632b9a80da42365e c:\Program Files\Google\Update\1.3.24.15\goopdateres_bg.dll
deab1c19fd1250b1bf8aea1cb608bc70 c:\Program Files\Google\Update\1.3.24.15\goopdateres_bn.dll
98667f712c9e5003127928ed7a9829ad c:\Program Files\Google\Update\1.3.24.15\goopdateres_ca.dll
1afceb20c750b72179d18135514ba15d c:\Program Files\Google\Update\1.3.24.15\goopdateres_cs.dll
2cd601f2fcf8f05e8ab7a6a4d7d0496e c:\Program Files\Google\Update\1.3.24.15\goopdateres_da.dll
c18197508a939adbfa6c5c9833977fee c:\Program Files\Google\Update\1.3.24.15\goopdateres_de.dll
3002b7337b3b433ec63a24772e142d8e c:\Program Files\Google\Update\1.3.24.15\goopdateres_el.dll
cbec3fb2f1f095a046e15dca0c2093ce c:\Program Files\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c8e5975c1ec98961829cd03d615d2fe4 c:\Program Files\Google\Update\1.3.24.15\goopdateres_en.dll
f691dcfc0ba183bef640123fa60a4949 c:\Program Files\Google\Update\1.3.24.15\goopdateres_es-419.dll
32a0279c8aa3391e9662bc0bbe91fa52 c:\Program Files\Google\Update\1.3.24.15\goopdateres_es.dll
be7435d5b2a981e2265661b2df955435 c:\Program Files\Google\Update\1.3.24.15\goopdateres_et.dll
e07c4b44856b55051efd06826851f5ae c:\Program Files\Google\Update\1.3.24.15\goopdateres_fa.dll
f5c61c06b7de5aa92cc8eeb552a6e932 c:\Program Files\Google\Update\1.3.24.15\goopdateres_fi.dll
8e44acb717ff41bd092fae58c9750ef0 c:\Program Files\Google\Update\1.3.24.15\goopdateres_fil.dll
8e8da223c55765a3cdec58e16de67214 c:\Program Files\Google\Update\1.3.24.15\goopdateres_fr.dll
30e80d4a719c0b5701457dde799ff27e c:\Program Files\Google\Update\1.3.24.15\goopdateres_gu.dll
e6b0cb3f2a470027ed6f7ce3ce704422 c:\Program Files\Google\Update\1.3.24.15\goopdateres_hi.dll
4ad419c381e707716ed7e875a1dd65de c:\Program Files\Google\Update\1.3.24.15\goopdateres_hr.dll
f4c27dd0880ac9e00cdc712dd3c3aba2 c:\Program Files\Google\Update\1.3.24.15\goopdateres_hu.dll
352cf322bdd962f593a8e38fa388db01 c:\Program Files\Google\Update\1.3.24.15\goopdateres_id.dll
0d346fc09f0f2c775709afa01e861fb4 c:\Program Files\Google\Update\1.3.24.15\goopdateres_is.dll
cae8a960d617a6cff108aa5507895dab c:\Program Files\Google\Update\1.3.24.15\goopdateres_it.dll
2f31dc69dd73c671a59bb4fe22b581a2 c:\Program Files\Google\Update\1.3.24.15\goopdateres_iw.dll
1c74d17be2033500720247f26d77a8ba c:\Program Files\Google\Update\1.3.24.15\goopdateres_ja.dll
2ba497841e523a47cc83a9eb48ef519a c:\Program Files\Google\Update\1.3.24.15\goopdateres_kn.dll
d183a7a80e49c7b8ac029e75fc31997e c:\Program Files\Google\Update\1.3.24.15\goopdateres_ko.dll
ffa1a0345357580e29b1374dd90b1bef c:\Program Files\Google\Update\1.3.24.15\goopdateres_lt.dll
c51d8057ac63568fc618d9b955675580 c:\Program Files\Google\Update\1.3.24.15\goopdateres_lv.dll
6ed8817955adea5261d176dd0427b0ec c:\Program Files\Google\Update\1.3.24.15\goopdateres_ml.dll
4b601ef2f120b45368a2cbf13d8f6eeb c:\Program Files\Google\Update\1.3.24.15\goopdateres_mr.dll
a6e227d8771e01f52ce33097fe155deb c:\Program Files\Google\Update\1.3.24.15\goopdateres_ms.dll
32a715bf2150cd22ae7bb938a20d257d c:\Program Files\Google\Update\1.3.24.15\goopdateres_nl.dll
4a3cae163d513ed055ded1c41af9dd62 c:\Program Files\Google\Update\1.3.24.15\goopdateres_no.dll
2bb71089aee677eaf7775a71375e6e76 c:\Program Files\Google\Update\1.3.24.15\goopdateres_pl.dll
2c1e65c9952b0fe8877ece76d68268ee c:\Program Files\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
258baec048b3f5504720e7177bb22871 c:\Program Files\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
2b539ec15ef21e546d9f111f478e5649 c:\Program Files\Google\Update\1.3.24.15\goopdateres_ro.dll
d62d91dcde594126c880c8f0b8fbc927 c:\Program Files\Google\Update\1.3.24.15\goopdateres_ru.dll
1a39fed7fb204a55bd326ca4f6c3f8dc c:\Program Files\Google\Update\1.3.24.15\goopdateres_sk.dll
10ea323471e0a7af98e3d75c220ff219 c:\Program Files\Google\Update\1.3.24.15\goopdateres_sl.dll
e34524d1a7bd56d987158fa429c10fb9 c:\Program Files\Google\Update\1.3.24.15\goopdateres_sr.dll
43bd01839066f2612d1e8c85d98da6f4 c:\Program Files\Google\Update\1.3.24.15\goopdateres_sv.dll
d29376eb1ebe1bdf7fa07cd7cbcf6ed2 c:\Program Files\Google\Update\1.3.24.15\goopdateres_sw.dll
925795bc2a01cffa36b1ca5e808a2972 c:\Program Files\Google\Update\1.3.24.15\goopdateres_ta.dll
5376c422235370d7dc5ca2457a297f6e c:\Program Files\Google\Update\1.3.24.15\goopdateres_te.dll
96a9cc8bf87af86ec0d5d91d66f6e23d c:\Program Files\Google\Update\1.3.24.15\goopdateres_th.dll
6fbd9fcb6b477ed5df12cdf5cae089a3 c:\Program Files\Google\Update\1.3.24.15\goopdateres_tr.dll
f67d150a2eb5eb0093513d6d52d2628f c:\Program Files\Google\Update\1.3.24.15\goopdateres_uk.dll
169711868ee1ce7362556830cd162e97 c:\Program Files\Google\Update\1.3.24.15\goopdateres_ur.dll
652b04c7f141d91bfd6d628580aa211c c:\Program Files\Google\Update\1.3.24.15\goopdateres_vi.dll
909b5c55403e06e4d1b0076ce0525178 c:\Program Files\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
b3dc1334fb59cb869efbcd00a21c5626 c:\Program Files\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
fb5621842fdabf9f8359775573498fbc c:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
84180917aab55ee4392c54e0e0bd4022 c:\Program Files\Google\Update\1.3.24.15\psmachine.dll
c95cddf65f9f8c9433aff8f0a811375a c:\Program Files\Google\Update\1.3.24.15\psmachine_64.dll
3d58798bd1d1f96381c0b47ca859739d c:\Program Files\Google\Update\1.3.24.15\psuser.dll
715ccb3f5eda626198ccadc7ab8ce9a2 c:\Program Files\Google\Update\1.3.24.15\psuser_64.dll
c5fd49b0561203a17bbf947738cb124a c:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe
506708142bc63daba64f2d3ad1dcd5bf c:\Program Files\Google\Update\GoogleUpdate.exe
c5fd49b0561203a17bbf947738cb124a c:\Program Files\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: The Chromium Authors
Product Name: Chromium
Product Version: 42.0.2298.0
Legal Copyright: Copyright 2014 The Chromium Authors. All rights reserved.
Legal Trademarks:
Original Filename: chrome.exe
Internal Name: chrome_exe
File Version: 42.0.2298.0
File Description: Chromium
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 154993 155136 4.3778 4df82a14ba2afdd79f01b88b2fe9dc17
.rdata 159744 38168 38400 3.21382 8036dfbe69cebb2504e31a834d51f762
.data 200704 14088 6144 2.95727 45b1ac47bba4424adfe5ae1aed2c0773
.rsrc 217088 69453 69632 1.37561 19d3464c19ba195994fc70030747214b
.reloc 286720 15628 15872 2.99068 d2243b94d2ba90b5d58ef8c47b974575

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://filmpika.com/cpp/state 104.24.127.216
hxxp://filmpika.com/cpp/app.crx 104.24.127.216
hxxp://ssl.gstatic.com/chrome/profile_avatars/NothingToDownload 64.233.165.94
hxxp://www.gstatic.com/chrome/profile_avatars/NothingToDownload 64.233.165.94
clients3.google.com 64.233.165.102
www.googleapis.com 64.233.165.95
translate.googleapis.com 64.233.165.95
safebrowsing-cache.google.com 64.233.165.101
clients2.google.com 64.233.165.102
clients2.googleusercontent.com 64.233.165.132
www.google.com 64.233.165.104
safebrowsing.google.com 64.233.165.136
www.google.com.ua 64.233.165.94
tools.google.com 64.233.165.102
apis.google.com 64.233.165.101
clients4.google.com 64.233.165.113
dl.google.com 64.233.165.190


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /chrome/profile_avatars/NothingToDownload HTTP/1.1
Host: VVV.gstatic.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Accept-Encoding: gzip, deflate


HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 22 Feb 2015 23:51:12 GMT
Server: sffe
Content-Length: 1465
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
<!DOCTYPE html>.<html lang=en>.  <meta charset=utf-8>
;.  <meta name=viewport content="initial-scale=1, minimum-scale=1, 
width=device-width">.  <title>Error 404 (Not Found)!!1</ti
tle>.  <style>.    *{margin:0;padding:0}html,code{font:15px/2
2px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body
{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px
}* > body{background:url(//VVV.google.com/images/errors/robot.png) 
100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:h
idden}ins{color:#777;text-decoration:none}a img{border:0}@media screen
 and (max-width:772px){body{background:none;margin-top:0;max-width:non
e;padding-right:0}}#logo{background:url(//VVV.google.com/images/errors
/logo_sm_2.png) no-repeat}@media only screen and (min-resolution:192dp
i){#logo{background:url(//VVV.google.com/images/errors/logo_sm_2_hr.pn
g) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//VVV.google.com/im
ages/errors/logo_sm_2_hr.png) 0}}@media only screen and (-webkit-min-d
evice-pixel-ratio:2){#logo{background:url(//VVV.google.com/images/erro
rs/logo_sm_2_hr.png) no-repeat;-webkit-background-size:100% 100%}}#log
o{display:inline-block;height:55px;width:150px}.  </style>.  <
;a href=//VVV.google.com/><span id=logo aria-label=Google><
;/span></a>.  <p><b>404.</b> <ins>Tha
t...s an error.</ins>.  <p>The requested URL <code>/
chrome/profile_avatars/NothingToDownload</code> was not foun
<<< skipped >>>


GET /cpp/state HTTP/1.1
User-Agent: Google Omaha
Host: filmpika.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 22 Feb 2015 23:50:04 GMT
Content-Type: application/octet-stream
Content-Length: 3
Connection: keep-alive
Set-Cookie: __cfduid=dd8a28f6d4a0ea5757b94be45f3c467b01424649004; expires=Mon, 22-Feb-16 23:50:04 GMT; path=/; domain=.filmpika.com; HttpOnly
Last-Modified: Wed, 04 Feb 2015 01:58:39 GMT
ETag: "54d17ccf-3"
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1bcf157464410c0b-AMS
httHTTP/1.1 200 OK..Date: Sun, 22 Feb 2015 23:50:04 GMT..Content-Type:
 application/octet-stream..Content-Length: 3..Connection: keep-alive..
Set-Cookie: __cfduid=dd8a28f6d4a0ea5757b94be45f3c467b01424649004; expi
res=Mon, 22-Feb-16 23:50:04 GMT; path=/; domain=.filmpika.com; HttpOnl
y..Last-Modified: Wed, 04 Feb 2015 01:58:39 GMT..ETag: "54d17ccf-3"..A
ccept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 1bcf157464410c0
b-AMS..htt..



GET /cpp/app.crx HTTP/1.1
User-Agent: Google Omaha
Host: filmpika.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 22 Feb 2015 23:50:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d64a3ab5b0141fecfc6f6572462a25ed61424649053; expires=Mon, 22-Feb-16 23:50:53 GMT; path=/; domain=.filmpika.com; HttpOnly
X-Request-ID: dgojakmmpihghnggcjlicbdaihhandhb
Server: cloudflare-nginx
CF-RAY: 1bcf16ab5beb14a9-AMS
5cd..Cr24............0..0...*.H............0.........C.^.M..|.%~.A.. .
q).|?4..>8._.....f..;'1.........a9...A.9_...0.<!.........w..M..;
...Cl.Z......k|..i-D..}....6.Q.nZ.F2......s........x..B.G...R?c....3N.
..UT.2..... .D.......5k^......%m~g.Z.........................\..!.uS..
f..][email protected].}gV..J3J.h.f...PK.........rEF\..`....V.......bg.
txtUX...`.T.`.T.....VmO.8.. [email protected];......7..Rh.
.....=..3![(..V'.)`...U...ebN.X.....7...[xZ...{...f?.w.....z....%.....
[email protected],&.r..).Y.*.U...h...A... .\.R ...F^....b....(.ac.......Y....U)
,`[.7..&X.O......(.....A3.E .........,.\&.po..V......)@I.B.x...4P..j81
[email protected].. .o...b`....(2..<......A... 0_...w..8..%E..h.... 0...
P..Q'Pw..j.....W...M.W0i.SS<h{...%."I....~bb.'.........:`*..`..S...
8R...8f.(3....e........mk,...q...8.....W...1.H....;..1..T...... j....Y
..;...q......1WS..7>l..YL.b2.......TC....Kx.7...z.{.=.U<X.X.K9..
[email protected].:R..f.....~.ke.2.&.e..m....}^A.E.RX...1..._E..jy...P..0.
..G.IQ...Woh"....}G.j.....(.........M...dDhRX..0{..L....I.:.H1.h\.4$..
....H.`.tON..y(.......>....q..m..%.y?uS.~jm.i.v2.C....Ol....e......
..m,.iP..E}}...bl.MNi.{...c.V.b~/..J.<.U........UNov.....=..I.|....
....b2....2./....E.^I........i;>?.......N..... ..F.z!)...w....bT"'.
^.oB.,.0!JD.~.2.M......U.......Yi..97...{....... ....Pt.y...#..o>D.
.....W....svmbv.=..0........k.`M_....%u.r...bx..EQ........(..PK.......
.6gEFD`}.............manifest.jsonUX...L.T.L.T....}.1O.0.......(jZ..l.
04.CU!...S.s./.T..s.%P.6..>.g.Z.%....%.h..C.<.......13d..<
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

chrome.exe_2496:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
No valid Chrome version found
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
allow-insecure-websocket-from-https-origin
disable-webgl
disable-web-security
enable-experimental-web-platform-features
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-webgl-draft-extensions
enable-webgl-image-chromium
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
trace-upload-url
utility-cmd-prefix
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-hw-vp8-encoding
enable-webrtc-hw-h264-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
font_key_name
subresource_url
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc
NTDLL.DLL
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableDeprecatedWebPlatformFeatures
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportAutofillFormData
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostAllowRelayedConnection
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RemoteAccessHostUdpPortRange
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
ShowAppsShortcutInBookmarkBar
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
TouchVirtualKeyboardEnabled
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
update_url
^update_url:
CHROME_VERSION
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
pack-extension-key
permission-request-api-url
promo-server-url
proxy-bypass-list
proxy-pac-url
remember-cert-error-decisions
spelling-service-feedback-url
sync-url
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-port-selection
disable-save-password-bubble
disable-web-resources
enable-auth-negotiate-port
enable-npn-http
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
enable-website-settings-manager
explicitly-allowed-ports
extensions-not-webstore
ignore-urlfetcher-cert-requests
install-chrome-app
install-ephemeral-app-from-webstore
40.0.2214.115
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
profile.ephemeral_mode
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
session.startup_urls_migration_time
profile.exited_cleanly
profile.exit_type
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.custodian_profile_image_url
profile.managed.custodian_profile_url
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.second_custodian_email
profile.managed.second_custodian_name
profile.managed.second_custodian_profile_image_url
profile.managed.second_custodian_profile_url
profile.managed.shared_settings
session.startup_urls
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
safebrowsing.enabled
safebrowsing.extended_reporting_enabled
safebrowsing.proceed_anyway_disabled
safebrowsing.incident_report_sent
safebrowsing.incidents_sent
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
net.network_prediction_options
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
settings.history_recorded
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.ui.dismissed_adt_promo
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.default_browser_setting_enabled
browser.custom_chrome_frame
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
partition.default_zoom_level
profile.default_zoom_level
partition.per_host_zoom_levels
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
enable_deprecated_web_platform_features
import_autofill_form_data
import_bookmarks
import_history
import_home_page
import_saved_passwords
import_search_engine
profile.avatar_index
profile.using_default_name
profile.name
profile.using_default_avatar
profile.using_gaia_avatar
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
profile.reset_prompt_memento
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
gcm.channel_enabled
gcm.push_messaging_registration_count
easy_unlock.allowed
easy_unlock.enabled
easy_unlock.pairing
easy_unlock.proximity_required
easy_unlock.show_tutorial
zerosuggest.cachedresults
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.version_fallback_min
ssl.cipher_suites.blacklist
ssl.ssl_record_splitting.disabled
ssl.ssl_blocking_bypassed
user_experience_metrics.reporting_enabled
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
profile.reset_prompt_mementos
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.page_load_count
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
browser.window_placement_popup
task_manager.window_placement
browser.app_window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
download.open_pdf_in_system_reader
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_open_tabs
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.password_hash
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
remote_access.host_allow_relayed_connection
remote_access.host_udp_port_range
printing.print_preview_sticky_settings
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.always_on_search_enabled
hotword.audio_logging_enabled
hotword.audio_history_enabled
hotword.previous_language
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.allow_cross_origin_prompt
async_dns.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.policy.registered_protocol_handlers
custom_handlers.policy.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
message_center.show_icon
message_center.was_forced_on_taskbar
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.max_separation_for_gesture_touches_in_pixels
gesture.semi_long_press_time_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launcher.drive_app_mapping
apps.app_launcher.uninstalled_drive_apps
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_version
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
proxy.quick_check_enabled
profile.browser_guest_enabled
profile.add_person_enabled
easy_unlock.hardlock_state
password_bubble.timestamp
password_bubble.nopes
password_bubble.interactions
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
full-memory-crash-report
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
40.0.2214.115-000009c0-000dbc6b
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="40.0.2214.115" version="40.0.2214.115" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
= =$=(=,=0=4=8=]=
>&>,>3>9>@>]>
01f1
3%3U3w3
9.:4:8:<:@:
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
DGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
ntdll.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Bkernel32.dll
kernelbase.dll
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Cntdll.dll
SOFTWARE\Policies\Google\Chrome
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Origin Bound Certs
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Cached Theme.pak
Web Applications
pepflashplayer.dll
Software\Google\Chrome\Metro
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\BrowserCrashDumpAttempts
${windows}
hunspecified-crash-key
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_2704:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
No valid Chrome version found
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
allow-insecure-websocket-from-https-origin
disable-webgl
disable-web-security
enable-experimental-web-platform-features
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-webgl-draft-extensions
enable-webgl-image-chromium
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
trace-upload-url
utility-cmd-prefix
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-hw-vp8-encoding
enable-webrtc-hw-h264-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
font_key_name
subresource_url
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\app\breakpad_win.cc
NTDLL.DLL
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableDeprecatedWebPlatformFeatures
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportAutofillFormData
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostAllowRelayedConnection
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RemoteAccessHostUdpPortRange
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
ShowAppsShortcutInBookmarkBar
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
TouchVirtualKeyboardEnabled
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
update_url
^update_url:
CHROME_VERSION
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
pack-extension-key
permission-request-api-url
promo-server-url
proxy-bypass-list
proxy-pac-url
remember-cert-error-decisions
spelling-service-feedback-url
sync-url
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-port-selection
disable-save-password-bubble
disable-web-resources
enable-auth-negotiate-port
enable-npn-http
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
enable-website-settings-manager
explicitly-allowed-ports
extensions-not-webstore
ignore-urlfetcher-cert-requests
install-chrome-app
install-ephemeral-app-from-webstore
40.0.2214.115
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
profile.ephemeral_mode
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
session.startup_urls_migration_time
profile.exited_cleanly
profile.exit_type
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.custodian_profile_image_url
profile.managed.custodian_profile_url
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.second_custodian_email
profile.managed.second_custodian_name
profile.managed.second_custodian_profile_image_url
profile.managed.second_custodian_profile_url
profile.managed.shared_settings
session.startup_urls
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
safebrowsing.enabled
safebrowsing.extended_reporting_enabled
safebrowsing.proceed_anyway_disabled
safebrowsing.incident_report_sent
safebrowsing.incidents_sent
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
net.network_prediction_options
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
settings.history_recorded
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.ui.dismissed_adt_promo
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.default_browser_setting_enabled
browser.custom_chrome_frame
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
partition.default_zoom_level
profile.default_zoom_level
partition.per_host_zoom_levels
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
enable_deprecated_web_platform_features
import_autofill_form_data
import_bookmarks
import_history
import_home_page
import_saved_passwords
import_search_engine
profile.avatar_index
profile.using_default_name
profile.name
profile.using_default_avatar
profile.using_gaia_avatar
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
profile.reset_prompt_memento
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
gcm.channel_enabled
gcm.push_messaging_registration_count
easy_unlock.allowed
easy_unlock.enabled
easy_unlock.pairing
easy_unlock.proximity_required
easy_unlock.show_tutorial
zerosuggest.cachedresults
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.version_fallback_min
ssl.cipher_suites.blacklist
ssl.ssl_record_splitting.disabled
ssl.ssl_blocking_bypassed
user_experience_metrics.reporting_enabled
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
profile.reset_prompt_mementos
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.page_load_count
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
browser.window_placement_popup
task_manager.window_placement
browser.app_window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
download.open_pdf_in_system_reader
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_open_tabs
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.password_hash
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
remote_access.host_allow_relayed_connection
remote_access.host_udp_port_range
printing.print_preview_sticky_settings
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.always_on_search_enabled
hotword.audio_logging_enabled
hotword.audio_history_enabled
hotword.previous_language
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.allow_cross_origin_prompt
async_dns.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.policy.registered_protocol_handlers
custom_handlers.policy.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
message_center.show_icon
message_center.was_forced_on_taskbar
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.max_separation_for_gesture_touches_in_pixels
gesture.semi_long_press_time_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launcher.drive_app_mapping
apps.app_launcher.uninstalled_drive_apps
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_version
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
proxy.quick_check_enabled
profile.browser_guest_enabled
profile.add_person_enabled
easy_unlock.hardlock_state
password_bubble.timestamp
password_bubble.nopes
password_bubble.interactions
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
full-memory-crash-report
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
.ep|.ep
%epD.ep
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="40.0.2214.115" version="40.0.2214.115" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
= =$=(=,=0=4=8=]=
>&>,>3>9>@>]>
01f1
3%3U3w3
9.:4:8:<:@:
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXp://VVV.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
DGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
ntdll.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Bkernel32.dll
kernelbase.dll
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Cntdll.dll
SOFTWARE\Policies\Google\Chrome
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Origin Bound Certs
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Cached Theme.pak
Web Applications
pepflashplayer.dll
Software\Google\Chrome\Metro
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\BrowserCrashDumpAttempts
${windows}
hunspecified-crash-key
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
.Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_2704_rwx_04C0A000_00078000:

WebK

chrome.exe_2704_rwx_34C0A000_000F5000:

PSSSh
-%0U$
-%1U$
-%4U$
-%6U$
-%7U$
-I}V$
-u}V$

chrome.exe_2704_rwx_3590A000_000F5000:

-%cq4
-%Ur4
-5}r4
-E}r4
-U}r4
-a}r4
-y}r4
-)%s4
-5%s4
-E%s4
-Q%s4
-]%s4
-i%s4
-y%s4
-%0s4
-%4s4
-%7s4
-%Ss4
-%Us4
h%Dt4h}
-%St4
-%Ut4
-Itt4}


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    GoogleUpdate.exe:1992
    GoogleUpdate.exe:940
    GoogleUpdate.exe:1040
    GoogleUpdate.exe:1368
    GoogleUpdate.exe:1596
    GoogleUpdate.exe:1036
    GoogleUpdate.exe:728
    chrome_installer.exe:1776
    chrome.exe:740
    chrome.exe:2712
    chrome.exe:1140
    chrome.exe:1208
    chrome.exe:572
    chrome.exe:2736
    chrome.exe:3440
    chrome.exe:1484
    chrome.exe:1716
    chrome.exe:3028
    chrome.exe:3124
    chrome.exe:1376
    chrome.exe:500
    chrome.exe:2012
    chrome.exe:2816
    chrome.exe:1156
    chrome.exe:2764
    chrome.exe:380
    chrome.exe:1932
    chrome.exe:1620
    chrome.exe:2216
    chrome.exe:3372
    chrome.exe:2000
    chrome.exe:2352
    chrome.exe:924
    chrome.exe:1512
    %original file name%.exe:1392
    Chromium.exe:396
    Chromium.exe:1936
    setup.exe:844

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Program Files%\Google\Update\1.3.24.15\goopdateres_hu.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pt-BR.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_de.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ml.dll (40 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_vi.dll (37 bytes)
    %Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_cs.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fi.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (51 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_zh-CN.dll (31 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_is.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_lv.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1281 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_am.dll (36 bytes)
    %Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115_chrome_installer.exe (312970 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_en.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_da.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fr.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1425 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_et.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ko.dll (33 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ar.dll (35 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_hr.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_iw.dll (35 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pt-PT.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_it.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_bg.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_th.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_nl.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_bn.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ro.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdate.dll (10815 bytes)
    %Program Files%\Google\Update\1.3.24.15\psuser_64.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe (601 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sk.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ru.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_gu.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sw.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sl.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sv.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_el.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ta.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\psmachine.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_kn.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_es-419.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\psmachine_64.dll (673 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_mr.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\psuser.dll (673 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (51 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_en-GB.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_sr.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_zh-TW.dll (31 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ca.dll (38 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_id.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ur.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ms.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_lt.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_ja.dll (34 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_tr.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_hi.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_pl.dll (38 bytes)
    %Program Files%\Google\Update\Offline\{DDCE437C-58B9-4A55-8CD4-AD0E8C4C4BF7}\OfflineManifest.gup (5 bytes)
    %Program Files%\Google\Update\1.3.24.15\GoogleUpdateSetup.exe (322985 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_no.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_te.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_uk.dll (37 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fa.dll (36 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_fil.dll (38 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
    %Program Files%\Google\Update\1.3.24.15\goopdateres_es.dll (39 bytes)
    %Program Files%\Google\Update\1.3.24.15\npGoogleUpdate3.dll (4185 bytes)
    %WinDir%\Temp\gui3.tmp (107 bytes)
    %Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe (312970 bytes)
    %Program Files%\Google\Update\Install\{D971ACF7-830D-432B-A41A-E54E956524C9}\chrome_installer.exe (312970 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\SETUP.EX_ (1656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\setup.exe (17312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_7E440.tmp\CHROME.PACKED.7Z (307964 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\manifest.json (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\de\messages.json (285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ar\messages.json (305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\et\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fr\messages.json (303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sk\messages.json (296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_GB\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\cs\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\en_US\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ro\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sr\messages.json (325 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\32.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hu\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ja\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ru\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_PT\messages.json (305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\el\messages.json (355 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pl\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\he\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hr\messages.json (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\it\messages.json (298 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ca\messages.json (300 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\pt_BR\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es_419\messages.json (307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\no\messages.json (300 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\16.png (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\da\messages.json (294 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\es\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fi\messages.json (283 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lv\messages.json (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\fil\messages.json (315 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\ko\messages.json (307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\bg\messages.json (337 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\sl\messages.json (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\nl\messages.json (301 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\lt\messages.json (311 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\hi\messages.json (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\48.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\CRX_INSTALL\_locales\id\messages.json (297 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_57Pb6fGDZOtlQMM (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sqE0lbmGPa8MXZ6 (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (20339 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_xXoAQXVBWAkjVUV (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (21181 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_COISweXrjgllKSj (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_572_11982\docs.crx (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ja\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_BR\messages.json (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sk\messages.json (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\de\messages.json (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_CN\messages.json (247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\manifest.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pt_PT\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\it\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\pl\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sr\messages.json (284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ko\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\th\messages.json (313 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ar\messages.json (301 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\en\messages.json (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ca\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fr\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\id\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lv\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\128.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\lt\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\da\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\se\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ro\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\tr\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\uk\messages.json (293 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\el\messages.json (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\cs\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hi\messages.json (278 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\zh_TW\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fi\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\fil\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hr\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\bg\messages.json (281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\es\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\hu\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\no\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\CRX_INSTALL\_locales\ru\messages.json (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\error.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-16.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.html (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio_input.html (175 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\manifest.json (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options-compiled.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-normal.gif (524 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_en-gb.nmf (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_de.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword-x86-32.nexe (21968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\off.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\mic-hotword.gif (482 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_platform_specific\x86-32_\hotword.data (18240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio\1_short_Open_16_16.wav (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_.nmf (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-manager-compiled.js (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\hotword.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\options.css (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\_metadata\verified_contents.json (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\audio-input-compiled.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\speech.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_fr.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\DECODED_IMAGES (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\content-bundle-compiled.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\hotword_ru.nmf (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\images\icon-48.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\CRX_INSTALL\background.html (276 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ja\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_BR\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\he\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sk\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\de\messages.json (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_CN\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\manifest.json (448 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pt_PT\messages.json (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\it\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\pl\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sr\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ko\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\th\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ar\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\nl\messages.json (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\et\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_US\messages.json (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\uk\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_128.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\vi\messages.json (202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ca\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\tr\messages.json (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fr\messages.json (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\id\messages.json (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lv\messages.json (201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\lt\messages.json (205 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ro\messages.json (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.js (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\en_GB\messages.json (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ms\messages.json (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\el\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\cs\messages.json (199 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\hi\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\zh_TW\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fi\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\fil\messages.json (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sl\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es_419\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\bg\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\sv\messages.json (191 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\es\messages.json (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\icon_16.png (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\da\messages.json (193 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\no\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\CRX_INSTALL\_locales\ru\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\it\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\128.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\es\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\de\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\el\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\da\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\no\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\th\messages.json (336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\et\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\he\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\CRX_INSTALL\_locales\id\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.js (79 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\manifest.json (370 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\CRX_INSTALL\icon_16.png (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (1121 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (1454 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\17.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_29111\search.crx (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\youtube.crx (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (7647 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (1678 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (3340 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_19377\gmail.crx (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000004.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bNd36tTOLoR3h7H (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\18.tmp (62 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (46 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_GtiYnPzbOv7mbuG (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000004 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\7.tmp (854 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (12870 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bwgWHZEk4opAHGG (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_30021\drive.crx (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\8.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000005.log (57 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (2527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\E.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (2791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_10428\docs.crx (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PTU8u5A3XtVHHVY (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (19573 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\id\messages.json (469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\de\messages.json (571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\da\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\et\messages.json (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\es\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\it\messages.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_18602\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_background.js (9352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_PT\messages.json (559 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pl\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hr\messages.json (519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\it\messages.json (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\es_419\messages.json (528 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_128.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\da\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fi\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\DECODED_MESSAGE_CATALOGS (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lv\messages.json (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fil\messages.json (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_CN\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ko\messages.json (749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\zh_TW\messages.json (671 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\vi\messages.json (655 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sl\messages.json (504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nl\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\lt\messages.json (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\id\messages.json (469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sv\messages.json (544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\icon_16.png (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\de\messages.json (571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\pt_BR\messages.json (558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\nb\messages.json (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ca\messages.json (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\et\messages.json (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\fr\messages.json (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\en_GB\messages.json (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\cs\messages.json (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\craw_window.js (10864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\tr\messages.json (585 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ro\messages.json (557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\hu\messages.json (623 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\22.tmp (86 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9936 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2B.tmp (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000002 (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5097 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\20.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_tyxbQ2jGgiGmaPw (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_FBAnhFdYjaHhnn8 (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000006 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (844 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (732 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS (1932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\23.tmp (840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001 (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_PqEbG3oWHswgdzP (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000002 (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CY1CTTavDQSS5c9 (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager (5791 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (6215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000004.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ew7Rjwo7eR2qtqJ (753 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_32056\1B.tmp (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\SHORTCUTS-JOURNAL (1208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (56 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log (833 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (50 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (56 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (507756 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Index-journal (21474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1B.tmp (46613 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\f_000001 (40 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_29301\1E.tmp (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000006.log (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (2898 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (16786 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (26368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (160432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2024 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\25.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (7612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\27.tmp (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (969152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IpNmEptaMtzPlTw (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000006.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_1 (12440 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_0 (6404 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_3 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\data_2 (3368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000008.log (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000002.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2496_15040\1C.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\26.tmp (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (16088 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\29.tmp (703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ca\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\el\messages.json (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\it\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hi\messages.json (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hu\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fi\messages.json (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fil\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\he\messages.json (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\lv\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ja\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\id\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\ko\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\de\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\fr\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\da\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\cs\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\no\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\nl\messages.json (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\bg\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\pl\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\es\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\hr\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1620_13711\CRX_INSTALL\_locales\en\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Application Data\Chromium.exe (36452 bytes)
    %Program Files%\Google\Chrome\Application\default_apps\app.crx (1 bytes)
    %Program Files%\Google\Chrome\Application\default_apps\external_extensions.json (88 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State (425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Chromium.exe (5491424 bytes)
    %Program Files%\GUM1.tmp\goopdateres_en.dll (36 bytes)
    %Program Files%\GUM1.tmp\psuser_64.dll (189 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ur.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ml.dll (40 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ca.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ta.dll (39 bytes)
    %Program Files%\GUT2.tmp (356471 bytes)
    %Program Files%\GUM1.tmp\goopdateres_es-419.dll (38 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateOnDemand.exe (51 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sr.dll (37 bytes)
    %Program Files%\GUM1.tmp\40.0.2214.115_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96} (153282 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hi.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleCrashHandler64.exe (550 bytes)
    %Program Files%\GUM1.tmp\goopdateres_en-GB.dll (36 bytes)
    %Program Files%\GUM1.tmp\goopdateres_it.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ko.dll (33 bytes)
    %Program Files%\GUM1.tmp\goopdateres_de.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pt-PT.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fa.dll (36 bytes)
    %Program Files%\GUM1.tmp\npGoogleUpdate3.dll (1126 bytes)
    %Program Files%\GUM1.tmp\psmachine.dll (166 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pt-BR.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_id.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_th.dll (36 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateBroker.exe (51 bytes)
    %Program Files%\GUM1.tmp\goopdateres_cs.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_uk.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_tr.dll (37 bytes)
    %Program Files%\GUM1.tmp\psmachine_64.dll (189 bytes)
    %Program Files%\GUM1.tmp\goopdateres_zh-CN.dll (31 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hu.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_es.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_bn.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_el.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ms.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ja.dll (34 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdate.exe (116 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sk.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_nl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdate.dll (3850 bytes)
    %Program Files%\GUM1.tmp\goopdateres_no.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fil.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ro.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_mr.dll (38 bytes)
    %Program Files%\GUM1.tmp\GoogleCrashHandler.exe (230 bytes)
    %Program Files%\GUM1.tmp\goopdateres_lv.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_da.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\GUM1.tmp\goopdateres_te.dll (39 bytes)
    %Program Files%\GUM1.tmp\psuser.dll (166 bytes)
    %Program Files%\GUM1.tmp\goopdateres_am.dll (36 bytes)
    %Program Files%\GUM1.tmp\goopdateres_is.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fr.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sw.dll (39 bytes)
    %Program Files%\GUM1.tmp\goopdateres_pl.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_et.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_vi.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_lt.dll (37 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateComRegisterShell64.exe (114 bytes)
    %Program Files%\GUM1.tmp\goopdateres_sv.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ar.dll (35 bytes)
    %Program Files%\GUM1.tmp\goopdateres_iw.dll (35 bytes)
    %Program Files%\GUM1.tmp\goopdateres_bg.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_ru.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_kn.dll (39 bytes)
    %Program Files%\GUM1.tmp\OfflineManifest.gup (5 bytes)
    %Program Files%\GUM1.tmp\goopdateres_gu.dll (39 bytes)
    %Program Files%\GUM1.tmp\GoogleUpdateSetup.exe (322985 bytes)
    %Program Files%\GUM1.tmp\goopdateres_fi.dll (37 bytes)
    %Program Files%\GUM1.tmp\goopdateres_hr.dll (38 bytes)
    %Program Files%\GUM1.tmp\goopdateres_zh-TW.dll (31 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lv.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\splash-620x300.png (10 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Extensions\external_extensions.json (99 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\chrome.exe (3916 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nb.pak (259 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\resources.pak (113371 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-PT.pak (282 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\wow_helper.exe (73 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\VisualElementsManifest.xml (399 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\uk.pak (1728 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_elf.dll (133 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\id.pak (258 bytes)
    %Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\youtube.crx (23 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\icudtl.dat (76792 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libegl.dll (211 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\nl.pak (277 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hu.pak (301 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\manifest.json (2 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\ffmpegsumo.dll (9606 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fil.pak (291 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sl.pak (264 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\mr.pak (1859 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-US.pak (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1551 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ja.pak (1626 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\tr.pak (284 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\pdf.dll (67091 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\am.pak (1676 bytes)
    %Program Files%\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hr.pak (268 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_100_percent.pak (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\chrome.7z (1212312 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\et.pak (251 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\cs.pak (286 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\widevinecdmadapter.dll (142 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_32.nexe (15801 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pl.pak (283 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bg.pak (1755 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\gu.pak (1849 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\40.0.2214.115.manifest (224 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\delegate_execute.exe (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\vi.pak (326 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ca.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\xinput1_3.dll (81 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sv.pak (263 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\gmail.crx (24 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\PepperFlash\pepflashplayer.dll (110258 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\d3dcompiler_46.dll (22433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\secondarytile.png (637 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\it.pak (279 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome.dll (247928 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\docs.crx (4 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\hi.pak (1867 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\search.crx (26 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\metro_driver.dll (1787 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\smalllogo.png (9 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ta.pak (3760 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_200_percent.pak (9606 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl_irt_x86_64.nexe (20507 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\el.pak (1801 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\da.pak (259 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ru.pak (1727 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-CN.pak (232 bytes)
    %Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\zh-TW.pak (234 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\drive.crx (25 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\nacl64.exe (12288 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ar.pak (1662 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\he.pak (1610 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sk.pak (297 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\de.pak (247 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\pt-BR.pak (277 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ms.pak (215 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sw.pak (240 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libexif.dll (310 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\VisualElements\logo.png (3 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es-419.pak (286 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\chrome_child.dll (258733 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ml.pak (3823 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fr.pak (304 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\en-GB.pak (238 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\lt.pak (282 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ko.pak (290 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\ro.pak (291 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libglesv2.dll (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\sr.pak (1715 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\es.pak (292 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\libpeerconnection.dll (22433 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\bn.pak (3678 bytes)
    %Program Files%\Google\Chrome\Application\master_preferences (107 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\default_apps\external_extensions.json (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fa.pak (1689 bytes)
    %Program Files%\Google\Chrome\Application\chrome.exe (5873 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\te.pak (3711 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\kn.pak (3727 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\fi.pak (270 bytes)
    %Program Files%\Google\Chrome\Temp\source844_11881\Chrome-bin\40.0.2214.115\Locales\th.pak (1857 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Chromium" = "%Documents and Settings%\%current user%\Application Data\Chromium.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now