Trojan.NSIS.StartPage_a384498a49

by malwarelabrobot on March 7th, 2016 in Malware Descriptions.

Trojan.NSIS.StartPage.FD, Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: a384498a49e1cdd235b190d4d5274f2d
SHA1: cdaa7d260d410c02b9e6b696bd6a16619d1066e1
SHA256: f38e4ec236a7fa000360a2ce006a3ea696e45628eb888b3d5a6e6649acd26e13
SSDeep: 12288:tTzHC57C0BDbxRLhP4FbfEjL/1V6CVPa5CysCikKWFMV:t2fxn4FDe71V6CirdKWOV
Size: 567224 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Download Assistant
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

GoogleUpdate.exe:1836
GoogleUpdate.exe:612
GoogleUpdate.exe:2832
GoogleUpdate.exe:388
GoogleUpdate.exe:372
GoogleUpdate.exe:172
GoogleUpdate.exe:492
wmic.exe:972
chrome.exe:2656
chrome.exe:2768
chrome.exe:3160
chrome.exe:3092
chrome.exe:1816
chrome.exe:3212
chrome.exe:3120
chrome.exe:2328
chrome.exe:3180
chrome.exe:3084
chrome.exe:3600
chrome.exe:2420
chrome.exe:2760
chrome.exe:1136
chrome.exe:2856
chrome.exe:3076
chrome.exe:3132
chrome.exe:3544
chrome.exe:3228
chrome.exe:928
49.0.2623.75_chrome_installer.exe:2572
chrmstp.exe:4052
setup.exe:2596
%original file name%.exe:1156
Setup_product_2937.exe:728

The Trojan injects its code into the following process(es):

chrome.exe:3712
chrome.exe:3536
chrome.exe:2824
chrome.exe:3068
chrome.exe:3564
rd.exe:580

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process GoogleUpdate.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\49.0.2623.75\49.0.2623.75_chrome_installer.exe (341308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9F606F64-2231-43AB-8573-7F1703BDB3F2}-49.0.2623.75_chrome_installer.exe (3464826 bytes)
%WinDir%\Temp\gui6.tmp (53 bytes)
%Program Files%\Google\Update\Install\{5DB6DAF7-E302-417C-94FD-8C3B51E11250}\49.0.2623.75_chrome_installer.exe (341308 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Update\Install (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9F606F64-2231-43AB-8573-7F1703BDB3F2}-49.0.2623.75_chrome_installer.exe (0 bytes)

The process GoogleUpdate.exe:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Update\1.3.21.165\goopdateres_te.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_en-GB.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_iw.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_en.dll (6841 bytes)
%Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_et.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\psuser.dll (673 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_nl.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_de.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_pl.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_id.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe (59 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ar.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_gu.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_hu.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_sr.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_lv.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll (4185 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ro.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ru.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ms.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_fil.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_am.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (1425 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_bn.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_uk.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdate.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_sl.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_zh-CN.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_mr.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_pt-BR.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_it.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_zh-TW.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_sw.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleCrashHandler.exe (1281 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_lt.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ja.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_sk.dll (6841 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_fi.dll (6841 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
%Program Files%\Google\Update\1.3.21.165\psmachine.dll (673 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_fr.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ml.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_cs.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ur.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ko.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_es-419.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_kn.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_is.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\GoogleUpdateSetup.exe (5873 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_no.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_bg.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_vi.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ta.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_sv.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_fa.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_es.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_el.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_tr.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_pt-PT.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_hr.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_hi.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_ca.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_da.dll (6841 bytes)
%Program Files%\Google\Update\1.3.21.165\goopdateres_th.dll (6841 bytes)

The process wmic.exe:972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\91457247656.txt (238 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\91457247656.txt (0 bytes)

The process chrome.exe:3712 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:2656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_TW\messages.json (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\page_embed_script.js (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ur\messages.json (375 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\id\messages.json (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\mn\messages.json (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\da\messages.json (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\si\messages.json (334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\cs\messages.json (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_metadata\verified_contents.json (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hr\messages.json (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\no\messages.json (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ro\messages.json (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sk\messages.json (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hy\messages.json (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lt\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es_419\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\am\messages.json (357 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_MESSAGE_CATALOGS (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\kn\messages.json (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\eventpage_bin_prod.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ja\messages.json (349 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\de\messages.json (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fi\messages.json (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sw\messages.json (153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sr\messages.json (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sl\messages.json (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zu\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_BR\messages.json (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\nl\messages.json (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ru\messages.json (574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hu\messages.json (171 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ta\messages.json (512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr_CA\messages.json (179 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_GB\messages.json (135 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ko\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\el\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hi\messages.json (473 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\uk\messages.json (550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\gl\messages.json (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pl\messages.json (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_HK\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_PT\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\th\messages.json (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ca\messages.json (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ne\messages.json (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr\messages.json (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\it\messages.json (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\az\messages.json (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\gu\messages.json (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\eu\messages.json (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\vi\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es\messages.json (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lv\messages.json (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_US\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bn\messages.json (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fil\messages.json (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ka\messages.json (357 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\et\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\tr\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\af\messages.json (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\km\messages.json (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fa\messages.json (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sv\messages.json (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\is\messages.json (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ml\messages.json (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bg\messages.json (545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ms\messages.json (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lo\messages.json (450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_CN\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\te\messages.json (396 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\iw\messages.json (362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\mr\messages.json (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ar\messages.json (426 bytes)

The process chrome.exe:2768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\id\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\et\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\el\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\uk\messages.json (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\no\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\th\messages.json (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\he\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_TW\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\vi\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\da\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\de\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_CN\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\tr\messages.json (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_MESSAGE_CATALOGS (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\it\messages.json (238 bytes)

The process chrome.exe:3536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:2824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sk\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\da\messages.json (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\it\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\vi\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2D.tmp (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\he\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lt\messages.json (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fr\messages.json (708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\nl\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\manifest.json (755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\manifest.json (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (21006 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\vi\messages.json (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sv\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ca\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bn\messages.json (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_PT\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\el\messages.json (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hu\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fr\messages.json (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_30799 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\es\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lt\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\12.tmp (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ko\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ja\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\11.tmp (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fil\messages.json (692 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\manifest.json (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\bg\messages.json (319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_US\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr_CA\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sv\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\es\messages.json (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fi\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\vi\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ko\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\de\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sk\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\22.tmp (840 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\th\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es_419\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_16.png (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\bg\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\th\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sv\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fil\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (98 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ar\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\he\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_GB\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sk\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_BR\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lt\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\da\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ko\messages.json (669 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\it\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_US\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\th\messages.json (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (2650 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_US\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\14.tmp (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ar\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fil\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (5550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_PT\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\bg\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fr\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\da\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sk\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\it\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fr\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hu\messages.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fr\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\vi\messages.json (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\et\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sl\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\et\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ja\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_29172 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\cs\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\es\messages.json (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ru\messages.json (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ro\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (32990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\en\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\nl\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hu\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pl\messages.json (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ro\messages.json (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\th\messages.json (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\drive.crx (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\et\messages.json (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sr\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2692 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pl\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ru\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_BR\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ja\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lv\messages.json (699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fi\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\da\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\23.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es_419\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\tr\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\cs\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\17.tmp (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\el\messages.json (875 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en_GB\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_BR\messages.json (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\id\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_metadata\verified_contents.json (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (13248 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (15080 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (64488 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (308664 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ca\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2C.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\mr\messages.json (300 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1B.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000003.log (1569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_CN\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2F.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\en\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sv\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lv\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sl\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (4143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_TW\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nb\messages.json (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\es\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\el\messages.json (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\id\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hr\messages.json (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_9PUrhYQWbukd7vA (744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hu\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sv\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lv\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sk\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ru\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\de\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\id\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\gmail.crx (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\34.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\el\messages.json (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\de\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\gu\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\he\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\el\messages.json (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (5375 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es_419\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_BR\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_PT\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr\messages.json (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lt\messages.json (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\et\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fa\messages.json (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\te\messages.json (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\manifest.json (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_CN\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_CN\messages.json (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\da\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\15.tmp (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_TW\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\16.tmp (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ro\messages.json (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\da\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ru\messages.json (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ja\messages.json (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ca\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (5093 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\he\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\_metadata\computed_hashes.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sk\messages.json (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ms\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QWGNuAeFQb8VM5q (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bg\messages.json (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\el\messages.json (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\id\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (11985 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (8470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pl\messages.json (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1F.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ko\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\da\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\33.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (30289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es_419\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\da\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pl\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_CN\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fil\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\nl\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lt\messages.json (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ca\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sl\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vW30HKY8vY1NoSd (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\uk\messages.json (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\kn\messages.json (327 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (3478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hr\messages.json (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CvWdaIjVMc0ANQ1 (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\id\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ms\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_8eWiGUmjn2Se8nO (744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fi\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\tr\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\18.tmp (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sk\messages.json (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_GB\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_PT\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\th\messages.json (356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_CN\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2E.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_US\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hr\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\he\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sv\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_PT\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ro\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\manifest.json (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ar\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (3436 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lv\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sv\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\tr\messages.json (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hi\messages.json (345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ms\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ar\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\uk\messages.json (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\th\messages.json (356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sk\messages.json (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (18376 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (16484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sr\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ru\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ko\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (1173760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fr\messages.json (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\nl\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\uk\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\el\messages.json (304 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\de\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\de\messages.json (701 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sl\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\bg\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\tr\messages.json (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sw\messages.json (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\it\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_1DDgbw5aZziAFUj (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_CN\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hu\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\el\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (27106 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_US\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ar\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ja\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\de\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\el\messages.json (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\tr\messages.json (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lv\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sr\messages.json (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\th\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_PT\messages.json (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ca\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\el\messages.json (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\it\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ro\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_GB\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\it\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\vi\messages.json (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_16.png (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hi\messages.json (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_TW\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_BR\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\30.tmp (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_PT\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hi\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fi\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (22579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ca\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\C.tmp (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\cs\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (7143 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\uk\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\it\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ms\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\en\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\cs\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\id\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ja\messages.json (778 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_16.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hu\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lv\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fi\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\youtube.crx (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ko\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sv\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\computed_hashes.json (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\th\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fil\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\th\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\id\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sk\messages.json (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sl\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\de\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\id\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_CN\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\tr\messages.json (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_TW\messages.json (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fil\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\de\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\id\messages.json (187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\da\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0ELK5tmOfy3uoq2 (1648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\bg\messages.json (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Inclusion Whitelist_new (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_GB\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\de\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_TW\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (10522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\manifest.json (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\el\messages.json (298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_US\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\de\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ru\messages.json (783 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\manifest.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ca\messages.json (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\E.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sr\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sr\messages.json (814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ml\messages.json (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_PT\messages.json (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\uk\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ca\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\20.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ar\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_TW\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\th\messages.json (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\id\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fr\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ca\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fil\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ja\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hi\messages.json (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pl\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\et\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hi\messages.json (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ro\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es\messages.json (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_GB\messages.json (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\et\messages.json (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_GB\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\cs\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lv\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\es\messages.json (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\24.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hr\messages.json (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lv\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hr\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ar\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hu\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\vi\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\cs\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\bg\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (6590 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\27.tmp (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\docs.crx (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (13416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\id\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es_419\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\de\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fil\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_BR\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ru\messages.json (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ko\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ta\messages.json (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\uk\messages.json (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\manifest.json (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\nl\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\da\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (2548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pl\messages.json (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\cs\messages.json (663 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\1D.tmp (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_16.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG (172 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\17.tmp (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager (5207 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IClFxux1hjpq3Jz (406 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\it\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\cs\messages.json (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ms\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ja\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_TW\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\no\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (2845 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_3H0AKWIayNTm6Jt (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fr\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1C.tmp (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hi\messages.json (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_TW\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\tr\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs (1705 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\id\messages.json (242 bytes)
%Program Files%\Google\Chrome\Application\debug.log (534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fi\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ro\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\39.tmp (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\bg\messages.json (886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pl\messages.json (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\vi\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fi\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\he\messages.json (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\it\messages.json (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\it\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Ybp05t5EkW4u7DM (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_BR\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fil\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es_419\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lv\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hi\messages.json (345 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sr\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12948 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_BR\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_CN\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (96544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sr\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fi\messages.json (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ru\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\38.tmp (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (318003 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ms\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\de\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\tr\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pl\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ja\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sl\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\it\messages.json (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\36.tmp (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\uk\messages.json (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\37.tmp (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\se\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ro\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WqmgWvlHxzj6ccd (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\da\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fi\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\en\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hi\messages.json (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\he\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ru\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (32048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\13.tmp (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\manifest.json (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\it\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\et\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\th\messages.json (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ro\messages.json (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hTcqUuyzUZGSt0W (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\da\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sv\messages.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\cs\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ko\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hr\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ko\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pl\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\31.tmp (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\manifest.json (981 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\nl\messages.json (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\uk\messages.json (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\35.tmp (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es_419\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\bg\messages.json (319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hi\messages.json (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\tr\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sr\messages.json (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\el\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\en\messages.json (179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sr\messages.json (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_PT\messages.json (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_TW\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lt\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\32.tmp (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\uk\messages.json (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_CN\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\128.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\vi\messages.json (279 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\es\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFdf780.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\eu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\bg\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\uk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ja\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_30799 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_GB\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFf5e34.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ro\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe6b48.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\et (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ca\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fil\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_29520 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\he (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\nl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19626 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\en\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lt\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\et\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\drive.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\23.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFdd820.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\17.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\se (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\uk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\vi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\da\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\eu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\cs\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_7632 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\gmail.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_29258 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_US\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_26557 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lt\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_25198 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFfbfeb.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\id\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ar\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFd7909.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_7656 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\tr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\it\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_US (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_GB (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_CN\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\da\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\__MACOSX\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\th\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_CN\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\en (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_PT\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\he\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ro\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFed608.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\se\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_BR\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\no\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_8147 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\cs\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\el\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFe4d22.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_BR\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFeaef8.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ja\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ko\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\en (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ru\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFe294e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\es (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ms (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ms\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\no (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\20.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFdacbb.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_TW\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\th\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\no (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_11054 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFe12d8.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\he (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\__MACOSX (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\docs.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFf8999.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\youtube.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\nl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\vi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFea36f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_11012 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sv (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFdb0e2.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ru\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\17.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences~RFdc237.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_metadata\verified_contents.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es_419 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\id\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_metadata (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ja (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\no (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\de\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_29172 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFe2650.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RFe5196.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFdff11.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\el (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\__MACOSX (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\it\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\no\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_TW\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_1583 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\uk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\tr\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFf37c0.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_PT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fil\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_PT\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\bg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_TW (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sl\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFe7451.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RFefd28.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\de\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ko\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\el\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\tr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\th (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es_419\messages.json (0 bytes)

The process chrome.exe:3068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:3160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (243 bytes)

The process chrome.exe:3092 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\main.js (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_MESSAGE_CATALOGS (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_IMAGES (66 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\manifest.json (370 bytes)

The process chrome.exe:1816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\bg\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\da\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_TW\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\no\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\tr\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\he\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pl\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fi\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fil\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ja\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ru\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hr\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sk\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hu\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ar\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ko\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\manifest.json (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\th\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fr\messages.json (159 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\cs\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ro\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\nl\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sv\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_MESSAGE_CATALOGS (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\id\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\vi\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sl\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_PT\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\de\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\it\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\el\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\en\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_BR\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sr\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lv\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\es\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hi\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lt\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\uk\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ca\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_CN\messages.json (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\128.png (3 bytes)

The process chrome.exe:3212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\bg\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\se\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hu\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ca\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_BR\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ru\messages.json (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\id\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\de\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hr\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_CN\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\da\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\vi\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ko\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\el\messages.json (321 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\manifest.json (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lt\messages.json (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\en\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\it\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pl\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sk\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ro\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\uk\messages.json (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\no\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\cs\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ar\messages.json (301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ja\messages.json (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fil\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_PT\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\es\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sr\messages.json (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_TW\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fr\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hi\messages.json (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lv\messages.json (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fi\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\th\messages.json (313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\tr\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\128.png (392 bytes)

The process chrome.exe:3120 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ar\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_BR\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\de\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hu\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\it\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\nl\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_US\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es\messages.json (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sv\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sl\messages.json (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_TW\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ca\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ko\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\id\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sr\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_GB\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ja\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\uk\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\et\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\main.js (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sk\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hi\messages.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lt\messages.json (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\el\messages.json (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_CN\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es_419\messages.json (198 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\no\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\manifest.json (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\th\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\cs\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fil\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pl\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ru\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ro\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\da\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_16.png (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\tr\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\he\messages.json (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_PT\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fr\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lv\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_MESSAGE_CATALOGS (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fi\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\bg\messages.json (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\vi\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ms\messages.json (187 bytes)

The process chrome.exe:2328 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\uk\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\it\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_US\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fr\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ms\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\cs\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\id\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ca\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\tr\messages.json (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hi\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pl\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ar\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es_419\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\main.js (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sl\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_BR\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sk\messages.json (196 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\de\messages.json (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fi\messages.json (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_16.png (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fil\messages.json (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\el\messages.json (281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\da\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\no\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ru\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sv\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\vi\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lt\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_GB\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ja\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\manifest.json (449 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_PT\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\he\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_TW\messages.json (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\et\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\th\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ro\messages.json (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_CN\messages.json (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ko\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\nl\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sr\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lv\messages.json (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\bg\messages.json (280 bytes)

The process chrome.exe:3180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_TW\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pl\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ro\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fr\messages.json (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\en\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\es\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ru\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\tr\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\id\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ja\messages.json (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hi\messages.json (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ko\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_PT\messages.json (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lv\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\bg\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\vi\messages.json (252 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fi\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\th\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sk\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\it\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\de\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\he\messages.json (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\no\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sr\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\manifest.json (473 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\el\messages.json (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fil\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hr\messages.json (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sv\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_CN\messages.json (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ca\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\cs\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\da\messages.json (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\nl\messages.json (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\uk\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hu\messages.json (218 bytes)

The process chrome.exe:3084 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:3600 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_16.png (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\da\messages.json (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\it\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fr\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\craw_window.js (14776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es\messages.json (590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_MESSAGE_CATALOGS (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\de\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\id\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\et\messages.json (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ca\messages.json (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\craw_background.js (12376 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ko\messages.json (763 bytes)

The process chrome.exe:2420 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\vi\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\no\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\th\messages.json (314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ro\messages.json (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\en\messages.json (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_BR\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\tr\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\es\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sk\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sr\messages.json (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fil\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\it\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ru\messages.json (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fr\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hu\messages.json (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\id\messages.json (232 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\manifest.json (763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lv\messages.json (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\bg\messages.json (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_PT\messages.json (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hi\messages.json (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pl\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ar\messages.json (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_TW\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sl\messages.json (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ca\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\se\messages.json (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\de\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fi\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\uk\messages.json (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\el\messages.json (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\da\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hr\messages.json (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_CN\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ko\messages.json (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lt\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ja\messages.json (261 bytes)

The process chrome.exe:2760 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:1136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\uk\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\manifest.json (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_US\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\el\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ja\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_BR\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sr\messages.json (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sk\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\vi\messages.json (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sv\messages.json (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ko\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sl\messages.json (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fil\messages.json (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ar\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\nl\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lv\messages.json (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\tr\messages.json (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\no\messages.json (195 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hu\messages.json (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_128.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\th\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fr\messages.json (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\de\messages.json (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\he\messages.json (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\cs\messages.json (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fi\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ro\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es_419\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\et\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\da\messages.json (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hi\messages.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ca\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_TW\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\it\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_GB\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\main.html (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_PT\messages.json (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ms\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pl\messages.json (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ru\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\main.js (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\bg\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\id\messages.json (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es\messages.json (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_CN\messages.json (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_16.png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lt\messages.json (205 bytes)

The process chrome.exe:2856 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (215 bytes)

The process chrome.exe:3076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:3132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\tr\messages.json (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\da\messages.json (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_TW\messages.json (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_MESSAGE_CATALOGS (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\no\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\he\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\manifest.json (732 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
%Program Files%\Google\Chrome\Application\debug.log (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\et\messages.json (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\id\messages.json (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\vi\messages.json (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_IMAGES (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\de\messages.json (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\it\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\el\messages.json (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\th\messages.json (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es\messages.json (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\uk\messages.json (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_CN\messages.json (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\128.png (7 bytes)

The process chrome.exe:3544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (243 bytes)

The process chrome.exe:3228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (243 bytes)

The process chrome.exe:3564 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process chrome.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Application\debug.log (114 bytes)

The process 49.0.2623.75_chrome_installer.exe:2572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\SETUP.EX_ (1653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\setup.exe (17312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\CHROME.PACKED.7Z (336276 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\CHROME.PACKED.7Z (0 bytes)

The process chrmstp.exe:4052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1453 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)

The process setup.exe:2596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_child.dll (328359 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_100_percent.pak (3878 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\d3dcompiler_47.dll (23407 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\VisualElements\smalllogo.png (27 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hi.pak (3702 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\it.pak (299 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\he.pak (1637 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\icudtl.dat (75554 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\es-419.pak (305 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\kn.pak (3774 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\nb.pak (277 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\el.pak (1832 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ja.pak (1648 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ml.pak (3863 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hr.pak (288 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\es.pak (311 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\PepperFlash\manifest.json (2 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ar.pak (1697 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\nl.pak (295 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ms.pak (233 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\bg.pak (1787 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ta.pak (3803 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\PepperFlash\pepflashplayer.dll (124061 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\am.pak (1706 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\snapshot_blob.bin (1767 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\uk.pak (1764 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\VisualElements\logo.png (27 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\da.pak (279 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\tr.pak (303 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sv.pak (280 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pt-PT.pak (302 bytes)
%Program Files%\Google\Chrome\Application\master_preferences (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (16868 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\vi.pak (1629 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\xinput1_3.dll (81 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl_irt_x86_64.nexe (22433 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl64.exe (12289 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\chrome.exe (6315 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_elf.dll (127 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\de.pak (266 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\gmail.crx (24 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\chrome.VisualElementsManifest.xml (340 bytes)
%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\drive.crx (25 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fi.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\external_extensions.json (1 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\resources.pak (138244 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_watcher.dll (1659 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\lv.pak (312 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hu.pak (323 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\49.0.2623.75.manifest (250 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\te.pak (3752 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_200_percent.pak (7386 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\widevinecdmadapter.dll (193 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\th.pak (3685 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ro.pak (312 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\id.pak (275 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\zh-TW.pak (251 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Extensions\external_extensions.json (99 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\gu.pak (3683 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\en-GB.pak (254 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\youtube.crx (23 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pt-BR.pak (298 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\lt.pak (309 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\chrome.7z (1252932 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\delegate_execute.exe (3822 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sl.pak (287 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\mr.pak (3694 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ru.pak (1764 bytes)
%Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\wow_helper.exe (77 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ko.pak (309 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sk.pak (320 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sw.pak (259 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome.dll (267750 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libglesv2.dll (9606 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sr.pak (1748 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\docs.crx (4 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ca.pak (307 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libegl.dll (86 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin (4 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\cs.pak (311 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\zh-CN.pak (250 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fa.pak (1718 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fr.pak (1609 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl_irt_x86_32.nexe (20507 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\secondarytile.png (637 bytes)
%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe (7433 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\et.pak (269 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_material_200_percent.pak (2 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\bn.pak (3724 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\en-US.pak (254 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fil.pak (312 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\natives_blob.bin (1693 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libexif.dll (315 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pl.pak (306 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_material_100_percent.pak (1 bytes)
%Program Files%\Google\Chrome\Application\chrome.exe (6841 bytes)

The Trojan deletes the following file(s):

%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\wow_helper.exe (0 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549 (0 bytes)
%Program Files%\Google\Chrome\Temp (0 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\chrome.exe (0 bytes)
%WinDir%\Temp\gui6.tmp (0 bytes)
%Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin (0 bytes)
%Program Files%\Google\Chrome (0 bytes)

The process %original file name%.exe:1156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\instructionsalgk4.exe (398737 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rd.zip (57028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp\nsisunz.dll (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp\Convert.dll (4597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructionsalgk4.dat (8368 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rd.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructionsalgk4.dat (0 bytes)

The process Setup_product_2937.exe:728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\GUM3.tmp\goopdateres_bg.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files%\GUM3.tmp\goopdateres_sw.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_en-GB.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_am.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files%\GUM3.tmp\goopdateres_es-419.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_th.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_sk.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_hu.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ko.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_sl.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ml.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleCrashHandler.exe (237 bytes)
%Program Files%\GUM3.tmp\psuser.dll (163 bytes)
%Program Files%\GUM3.tmp\goopdateres_de.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_el.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleUpdate.exe (116 bytes)
%Program Files%\GUM3.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files%\GUM3.tmp\goopdateres_fa.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_hi.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_pl.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ru.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ro.dll (1990 bytes)
%Program Files%\GUT4.tmp (378095 bytes)
%Program Files%\GUM3.tmp\goopdateres_te.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_sr.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_da.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_pt-PT.dll (1990 bytes)
%Program Files%\GUM3.tmp\npGoogleUpdate3.dll (1126 bytes)
%Program Files%\GUM3.tmp\goopdateres_en.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_et.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_cs.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ar.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_vi.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_nl.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdate.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_fil.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ta.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_is.dll (1990 bytes)
%Program Files%\GUM3.tmp\psmachine.dll (163 bytes)
%Program Files%\GUM3.tmp\goopdateres_id.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_tr.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_bn.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_uk.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateHelper.msi (26 bytes)
%Program Files%\GUM3.tmp\goopdateres_ca.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_lt.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_no.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_pt-BR.dll (1990 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateSetup.exe (5873 bytes)
%Program Files%\GUM3.tmp\goopdateres_ms.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ja.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_ur.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_gu.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_zh-TW.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_iw.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_kn.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_mr.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_fi.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_lv.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_sv.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_fr.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_zh-CN.dll (1990 bytes)
%Program Files%\GUM3.tmp (28 bytes)
%Program Files%\GUM3.tmp\goopdateres_hr.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_it.dll (1990 bytes)
%Program Files%\GUM3.tmp\goopdateres_es.dll (1990 bytes)

The Trojan deletes the following file(s):

%Program Files%\GUM3.tmp\goopdateres_bg.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateOnDemand.exe (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_id.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_sw.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_en-GB.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_am.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateBroker.exe (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_es-419.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_th.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_sk.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_hu.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ko.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_sl.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ml.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleCrashHandler.exe (0 bytes)
%Program Files%\GUM3.tmp\psuser.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_de.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_el.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleUpdate.exe (0 bytes)
%Program Files%\GUM3.tmp\GoogleCrashHandler64.exe (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_fa.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_hi.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_pl.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ru.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ro.dll (0 bytes)
%Program Files%\GUT4.tmp (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_te.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_sr.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_da.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_pt-PT.dll (0 bytes)
%Program Files%\GUM3.tmp\npGoogleUpdate3.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_en.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_et.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_cs.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ar.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_vi.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_nl.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdate.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_fil.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ta.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_is.dll (0 bytes)
%Program Files%\GUM3.tmp\psmachine.dll (0 bytes)
%Program Files%\GUM3.tmp (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_tr.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_bn.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_uk.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateHelper.msi (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ca.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_lt.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_no.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_pt-BR.dll (0 bytes)
%Program Files%\GUM3.tmp\GoogleUpdateSetup.exe (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ms.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ja.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_ur.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_gu.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_zh-TW.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_iw.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_kn.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_mr.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_fi.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_lv.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_sv.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_fr.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_zh-CN.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_hr.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_it.dll (0 bytes)
%Program Files%\GUM3.tmp\goopdateres_es.dll (0 bytes)

The process rd.exe:580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (458 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\914572476560\Setup_product_2937.exe (92963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Setup_product_2937[1].exe (156566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DynamicOfferScreen[1].htm (850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui-bg_inset-hard_100_fcfdfd_1x100[1].png (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-ui[1].css (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-ui.min[1].js (14884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bodyImg[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\dc[1].js (3154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui-bg_gloss-wave_75_2191c0_500x100[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-ui-1.8.19.custom[1].css (5521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\button_over[1].png (921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[1].htm (1140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (6707 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\91457247656 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\91457247656.txt (0 bytes)

Registry activity

The process GoogleUpdate.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "49.0.2623.75"
"browser" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"iid" = "{A7ADAE6F-6072-2BAF-4938-12670FB09148}"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lang" = "en"
"InstallTime" = "1457247682"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResult" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerError" = "0"
"LastCheckSuccess" = "1457247693"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 D6 CE 97 7A 95 4F 2A D3 A3 5F 07 84 28 18 76"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"usagestats" = "0"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"
"LastInstallerResult" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"
"eulaaccepted"
"InstallerError"
"UpdateAvailableCount"
"InstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerError"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerResultUIString"
"InstallerResult"
"iid"
"tttoken"
"ap"
"LastInstallerResult"
"experiment_labels"

[HKLM\SOFTWARE\Google\Update]
"uid"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerError"
"LastInstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Google\Update]
"LastInstallerSuccessLaunchCmdLine"
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerExtraCode1"

The process GoogleUpdate.exe:612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 69 A6 88 98 8C 35 57 B9 A1 74 DD 94 16 91 C6"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"
"eulaaccepted"

The process GoogleUpdate.exe:2832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 61 C6 B3 52 8D FC 22 4B 9F 59 3E 59 BB 38 1C"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods]
"(Default)" = "13"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Google.OneClickProcessLauncherMachine]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods]
"(Default)" = "41"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-1004"

[HKCR\GoogleUpdate.CoCreateAsync\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}]
"(Default)" = "IAppCommand2"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\GoogleUpdate.Update3WebMachine\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}]
"(Default)" = "IProgressWndEvents"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-1004"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
"(Default)" = "IGoogleUpdate3"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
"(Default)" = "IGoogleUpdate"

[HKCR\GoogleUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\GoogleUpdate.CoreMachineClass\CurVer]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-1004"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}]
"(Default)" = "IAppCommand"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}]
"(Default)" = "IApp2"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-3000"

[HKCR\GoogleUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}]
"(Default)" = "IJobObserver"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.CoreMachineClass\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods]
"(Default)" = "5"

[HKCR\Google.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}]
"(Default)" = "CoCreateAsync"

[HKCR\GoogleUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}\InProcServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\psmachine.dll"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}]
"(Default)" = "IAppBundle"

[HKCR\GoogleUpdate.ProcessLauncher\CurVer]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-3000"

[HKCR\GoogleUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\psmachine.dll"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}]
"(Default)" = "IAppWeb"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Google.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods]
"(Default)" = "41"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 2D A0 0E 17 C2 34 EF D5 14 43 13 A9 37 59 68"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-1004"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}]
"(Default)" = "ICurrentState"

[HKCR\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods]
"(Default)" = "17"

[HKCR\GoogleUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass"

[HKCR\GoogleUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}]
"(Default)" = "IPackage"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\GoogleUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\CLSID\{50AC8ACB-D28F-4082-A1BC-C04054B5A5AC}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}]
"(Default)" = "IProcessLauncher2"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.CoCreateAsync\CurVer]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}]
"(Default)" = "IAppVersion"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods]
"(Default)" = "10"

[HKCR\GoogleUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"(Default)" = "Google Update Core Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync"

[HKCR\GoogleUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}]
"(Default)" = "IAppCommandWeb"

[HKCR\GoogleUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}]
"(Default)" = "IApp"

[HKCR\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods]
"(Default)" = "12"

[HKCR\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods]
"(Default)" = "11"

[HKCR\GoogleUpdate.Update3WebMachine\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}]
"(Default)" = "IAppVersionWeb"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-1004"

[HKCR\GoogleUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}]
"(Default)" = "PSFactoryBuffer"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{50AC8ACB-D28F-4082-A1BC-C04054B5A5AC}\InprocHandler32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\psmachine.dll"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}]
"(Default)" = "IAppBundleWeb"

[HKCR\GoogleUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-3000"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"CLSID" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-3000"

[HKCR\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods]
"(Default)" = "43"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.165\goopdate.dll,-3000"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}]
"(Default)" = "IProcessLauncher"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32]
"(Default)" = "{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}]
"(Default)" = "ICoCreateAsync"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"Policy" = "3"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\GoogleUpdate.ProcessLauncher\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine"

[HKCR\CLSID\{D0CD6E57-FBA5-4F71-98DF-3AAEB8CB8118}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}]
"(Default)" = "ICredentialDialog"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}]
"(Default)" = "IBrowserHttpRequest2"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}]
[HKCR\CLSID\{50AC8ACB-D28F-4082-A1BC-C04054B5A5AC}\InprocHandler32]
[HKCR\CLSID\{50AC8ACB-D28F-4082-A1BC-C04054B5A5AC}]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.Update3WebSvc\CurVer]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\GoogleUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3COMClassService\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\GoogleUpdate.Update3WebSvc\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\GoogleUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc"

[HKCR\GoogleUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "ServiceModule"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"LocalService" = "gupdatem"

[HKCR\GoogleUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "ServiceModule"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreClass"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.CoreClass\CurVer]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 50 08 1D ED 06 A2 4D D8 9B 7A BC 35 12 86 19"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.CoreClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"LocalService" = "gupdate"

[HKCR\GoogleUpdate.CoreClass.1\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKCR\GoogleUpdate.Update3COMClassService\CurVer]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\GoogleUpdate.CoreClass\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

The Trojan deletes the following registry key(s):

[HKCR\AppID\GoogleUpdate.exe]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 70 43 8F 49 E2 4E 72 8A C5 46 8A 20 BB 54 F8"

[HKCU\Software\Google\Update\proxy]
"source" = "auto"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Google.Update3WebControl.3\CLSID]
"(Default)" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\Google.OneClickCtrl.9]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppName" = "GoogleUpdateBroker.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1457247667"

[HKCR\Google.Update3WebControl.3]
"(Default)" = "Google Update Plugin"

[HKCR\Google.OneClickCtrl.9\CLSID]
"(Default)" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path" = "%Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppPath" = "%Program Files%\Google\Update\1.3.21.165"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
"(Default)" = "Google.OneClickCtrl.9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description" = "Google Update"

[HKLM\SOFTWARE\Google\Update]
"LastOSVersion" = "1C 01 00 00 05 00 00 00 01 00 00 00 28 0A 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path" = "%Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update]
"Version" = "1.3.21.165"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
"(Default)" = "Google.Update3WebControl.3"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description" = "Google Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3]
"CLSID" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.21.165"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"iid" = "{A7ADAE6F-6072-2BAF-4938-12670FB09148}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.21.165"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Google\Update]
"IsMSIHelperRegistered" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB BD 4E F9 21 8E 20 55 FD 98 2C CE 0C EF 1B E6"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Version" = "9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppPath" = "%Program Files%\Google\Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"ProductName" = "Google Update"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats" = "0"

[HKLM\SOFTWARE\Google\Update]
"UninstallCmdLine" = "%Program Files%\Google\Update\GoogleUpdate.exe /uninstall"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Version" = "3"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)" = "CATID_AppContainerCompatible"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"ProductName" = "Google Update"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppName" = "GoogleUpdate.exe"

[HKLM\SOFTWARE\Google\Update]
"Path" = "%Program Files%\Google\Update\GoogleUpdate.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"Policy" = "3"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9]
"CLSID" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"Policy" = "3"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"Name" = "Google Update"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"
"LastChecked"
"ui"
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
"UpdateAvailableCount"

[HKLM\SOFTWARE\Google\Update]
"old-uid"
"mi"

The process wmic.exe:972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 6C 38 6C 93 13 7C 3D 4B 4D 70 95 A3 54 D2 EC"

The process chrome.exe:3712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 D2 01 3B BF 98 81 7E A8 FE 7D 13 44 81 E1 A8"

The process chrome.exe:2656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 A3 26 54 3F 91 D3 51 6C 3D 3B 5A 1A CC 5A 4D"

The process chrome.exe:2768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 84 E8 71 73 67 8F 6C 81 7F 16 DB 4D 99 E5 F0"

The process chrome.exe:3536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 29 E0 06 47 0F 37 3F 70 BD 0C 2B D7 9A 9F 44"

The process chrome.exe:2824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKCU\Software\Classes\.html]
"(Default)" = "ChromeHTML"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Classes\.shtml]
"(Default)" = "ChromeHTML"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels" = "CrVar1=3300164|Sun, 06 Mar 2017 07:01:46 GMT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Google\Chrome\BLBeacon]
"Version" = "49.0.2623.75"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\Classes\.htm]
"(Default)" = "ChromeHTML"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Google Chrome"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"

[HKCU\Software\Google\Chrome\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "ChromeHTML"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13101721301178000"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 46 6D 5B F3 6E 7D 52 69 A3 7E C2 2C 0D FA D0"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKCU\Software\Classes\.xht]
"(Default)" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

The Trojan deletes the following registry key(s):

[HKCU\Software\Google\Chrome\BLFinchList]
[HKCU\Software\Google\Chrome\PreReadFieldTrial]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003"

The process chrome.exe:3068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 7E 66 A4 B8 9B 9E 10 5B A0 D0 4F 96 D6 3E 3E"

The process chrome.exe:3160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 38 30 DA 41 AC 28 E1 89 CD D1 58 24 BA 90 2B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process chrome.exe:3092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 91 E4 4F 2F 53 E6 4B 14 94 5E 37 A6 50 58 35"

The process chrome.exe:1816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 99 FE 8B DA 39 69 93 69 44 1D 3D 68 CF 9B A0"

The process chrome.exe:3212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 67 DE 13 DA E7 E1 7C B9 25 67 E4 98 23 6D 2C"

The process chrome.exe:3120 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 66 6F 18 A9 04 48 64 C1 00 C8 D1 84 5D 0A B9"

The process chrome.exe:2328 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 62 2A 95 4A 62 36 4D C2 DF 93 35 54 A2 42 29"

The process chrome.exe:3180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 23 1E E8 1B E5 6A 75 FD 7D B3 EE A7 FF 9B D8"

The process chrome.exe:3084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF A2 7D E7 16 D3 1E 22 10 87 50 F5 9E 0C CC FB"

The process chrome.exe:3600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 D5 9F DE DB 4D 8C 2B 3F 55 E7 A9 4D BE 32 0B"

The process chrome.exe:2420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 37 E1 BA D4 BC F6 5E A2 B8 7D F3 E3 C3 FC 30"

The process chrome.exe:2760 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 59 03 58 47 B9 CB 37 53 02 92 D8 84 F0 51 60"

The process chrome.exe:1136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 EB 53 1D F2 02 A1 CF A4 3A DF 25 07 74 C4 00"

The process chrome.exe:2856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 FE 81 B1 7F F1 0E 9A D4 AC CE D3 C9 9A F6 31"

The process chrome.exe:3076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 77 5B DA B8 F3 9D 6E F7 A5 2C 9A 0E 72 AC 1A"

The process chrome.exe:3132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 58 17 B3 06 60 CB 50 83 3B 88 68 95 EF 71 E3"

The process chrome.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 2A 90 F3 61 78 A9 68 DD 9F 7E 6B 6C 42 2D 4D"

The process chrome.exe:3228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 9F 34 6C 5A 89 CC 39 30 C4 A8 FA E7 26 89 31"

The process chrome.exe:3564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 26 BD C6 64 B8 6F F9 3D 2E D6 37 E3 5A 37 1F"

The process chrome.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC F7 1D C4 AD 76 06 A8 52 E6 3B 53 CA 2F 63 FE"

The process 49.0.2623.75_chrome_installer.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B FF 20 A2 52 F3 AC 05 90 ED F5 BB 12 B2 9E 62"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-full"

The process chrmstp.exe:4052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 6A 0A C3 F5 B3 54 A3 80 75 CA EC 9F 69 6C F8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003"

The process setup.exe:2596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --show-icons"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerResult" = "0"

[HKCR\.shtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"oopcrashes" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\ChromeHTML]
"(Default)" = "Chrome HTML Document"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "75"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe --uninstall --multi-install --chrome --system-level --verbose-logging"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml" = "ChromeHTML"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Google\Chrome,"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "49.0.2623.75"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayVersion" = "49.0.2623.75"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription" = "Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"brand" = "GGLS"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm" = "ChromeHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "43,0,0,0"

[HKCR\.xht\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --make-default-browser"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level --verbose-logging"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\.webp\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto" = "ChromeHTML"
"mms" = "ChromeHTML"

[HKCR\ChromeHTML\DefaultIcon]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level --verbose-logging"

[HKCR\.html\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-stage:preconditions-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml" = "ChromeHTML"

[HKCR\.htm\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 82 01 FF C7 99 E9 62 6E 6D 98 2C 85 B8 04 F9"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "49.0.2623.75"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\.xhtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp" = "ChromeHTML"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerError" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoRepair" = "1"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal" = "ChromeHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "49.0.2623.75"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "49.0.2623.75"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path" = "%Program Files%\Google\Chrome\Application"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"
"DisplayIcon" = "%Program Files%\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files%\Google\Chrome\Application"
"VersionMajor" = "2623"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms" = "ChromeHTML"

[HKLM\SOFTWARE\RegisteredApplications]
"google chrome" = "Software\Clients\StartMenuInternet\Google Chrome\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand" = "%Program Files%\Google\Chrome\Application\chrome.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"

[HKCR\ChromeHTML\shell\open\command]
"(Default)" = "%Program Files%\Google\Chrome\Application\chrome.exe -- %1"

[HKLM\SOFTWARE\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallDate" = "20160306"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Google\Chrome\Application]
"Chrome.exe" = "%Program Files%\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"usagestats"
"InstallerExtraCode1"

The process %original file name%.exe:1156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 BB CB ED 0C 2C 78 16 ED 18 51 29 9D 23 D0 AC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process Setup_product_2937.exe:728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 33 5C D6 0F FF D5 BD F7 F8 E6 49 08 BA 14 65"

The process rd.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}]
"(Default)" = "CBrowserExternal Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0]
"(Default)" = "SmartInstallerLib"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
"(Default)" = "IBrowserExternals"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe"
"ServerExecutable" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 0A 78 D6 58 03 FC B7 79 44 30 C8 B2 FC 33 CE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\FLAGS]
"(Default)" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
078a1732a1f49539689a2c92b6c57dc2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\914572476560\Setup_product_2937.exe
a554f729d2b1eb8c588388ee37ee7ad4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp2.tmp\Convert.dll
5f13dbc378792f23e598079fc1e4422b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp2.tmp\nsisunz.dll
f0a491b4e489aaeab96ca5a10d30b7e3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\rd.exe
078a1732a1f49539689a2c92b6c57dc2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Setup_product_2937[1].exe
0cf3c5770a06244040bf39f9fefdcba7 c:\Program Files\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
0cf3c5770a06244040bf39f9fefdcba7 c:\Program Files\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe
d5fda4d71a027a51d479de2fc7559498 c:\Program Files\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll
02106a50d41c6107a23e5ee04f66dab1 c:\Program Files\Google\Chrome\Application\49.0.2623.75\chrome.dll
52d5375478da8671cd0cbfde94a2e867 c:\Program Files\Google\Chrome\Application\49.0.2623.75\chrome_child.dll
4c827ac305bd3a4b0abf743de7afab90 c:\Program Files\Google\Chrome\Application\49.0.2623.75\chrome_elf.dll
7b1e10184556654e27cc19f93eca891b c:\Program Files\Google\Chrome\Application\49.0.2623.75\chrome_watcher.dll
7375633014ca3bcabf6d337abe399afc c:\Program Files\Google\Chrome\Application\49.0.2623.75\d3dcompiler_47.dll
9609fe464dd5fa71c9e69fa6e2234909 c:\Program Files\Google\Chrome\Application\49.0.2623.75\delegate_execute.exe
2c2ae5a186082e1d99e2ff514330ac6c c:\Program Files\Google\Chrome\Application\49.0.2623.75\libegl.dll
e970783e30232f6252c87b2f77a6d115 c:\Program Files\Google\Chrome\Application\49.0.2623.75\libexif.dll
f798d6e3639a7dcc1c0a2988901e85d1 c:\Program Files\Google\Chrome\Application\49.0.2623.75\libglesv2.dll
a592e37f451b5c10e045466d00c6f472 c:\Program Files\Google\Chrome\Application\49.0.2623.75\nacl64.exe
3850412f1289a2b741363d4820b23a72 c:\Program Files\Google\Chrome\Application\49.0.2623.75\widevinecdmadapter.dll
77f595dee5ffacea72b135b1fce1312e c:\Program Files\Google\Chrome\Application\49.0.2623.75\xinput1_3.dll
2be3ca2006b9d362834ee59373e2a2c3 c:\Program Files\Google\Chrome\Application\chrome.exe
cf7b0e597c1f34e528285495721deee9 c:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
0dc0de2966a6dba4cfbf6639df44f5ba c:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
506708142bc63daba64f2d3ad1dcd5bf c:\Program Files\Google\Update\1.3.21.165\GoogleUpdate.exe
eb8eeb98d01b5d31898d8e53c3789832 c:\Program Files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
cefebdb9e274bd90c12d131ed25cc819 c:\Program Files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
078a1732a1f49539689a2c92b6c57dc2 c:\Program Files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
6d6b5d52bb81f82f5d0103e6175d1f4f c:\Program Files\Google\Update\1.3.21.165\goopdate.dll
c1da1f8089bc219c5d99b8cdf70ba08a c:\Program Files\Google\Update\1.3.21.165\goopdateres_am.dll
49c96e4bcff9783e88b1c4dc478ec28b c:\Program Files\Google\Update\1.3.21.165\goopdateres_ar.dll
a89df35951b818b293cca10a91b66537 c:\Program Files\Google\Update\1.3.21.165\goopdateres_bg.dll
91a109b87cf03a4f402589e1cde4d631 c:\Program Files\Google\Update\1.3.21.165\goopdateres_bn.dll
f9c61dc173bf4dd49ccbe7e2532d30f7 c:\Program Files\Google\Update\1.3.21.165\goopdateres_ca.dll
8de600692d969588e6ed7b300b45a316 c:\Program Files\Google\Update\1.3.21.165\goopdateres_cs.dll
e593624ba19bcab05633aeb79089426e c:\Program Files\Google\Update\1.3.21.165\goopdateres_da.dll
a943fa108f01d9f0787d95e0aa5ddb8a c:\Program Files\Google\Update\1.3.21.165\goopdateres_de.dll
94f4d8e1ab325e302666ba66fdf04440 c:\Program Files\Google\Update\1.3.21.165\goopdateres_el.dll
2d2256bb3f6324025147eba4872ab686 c:\Program Files\Google\Update\1.3.21.165\goopdateres_en-GB.dll
2fee18a796a25970bc339b7e5aa9c683 c:\Program Files\Google\Update\1.3.21.165\goopdateres_en.dll
a9ff6d4635e310e7e0c169fd288295d4 c:\Program Files\Google\Update\1.3.21.165\goopdateres_es-419.dll
305daf842c0b5e5386a13a249f2ae7e7 c:\Program Files\Google\Update\1.3.21.165\goopdateres_es.dll
e6f684a617137a19f3831cb72712c88a c:\Program Files\Google\Update\1.3.21.165\goopdateres_et.dll
c0a8c500f9188e8d0b895ed9f5d76cd8 c:\Program Files\Google\Update\1.3.21.165\goopdateres_fa.dll
c1feed7d8a7ff1a91dc51cb875d75ea6 c:\Program Files\Google\Update\1.3.21.165\goopdateres_fi.dll
8f3a8af9c47bd7881afe5877e7e022ca c:\Program Files\Google\Update\1.3.21.165\goopdateres_fil.dll
1e79c8d6eb78dd30ae9e9f560e65e1c6 c:\Program Files\Google\Update\1.3.21.165\goopdateres_fr.dll
07114463f9bb0c94a51b100ff28af039 c:\Program Files\Google\Update\1.3.21.165\goopdateres_gu.dll
8c5c07972c19af603ea8d2ba1ac3401f c:\Program Files\Google\Update\1.3.21.165\goopdateres_hi.dll
1229fb60d0e744092f4d29d80baa74f4 c:\Program Files\Google\Update\1.3.21.165\goopdateres_hr.dll
6b9642028e6cb5ef907a89397b797e68 c:\Program Files\Google\Update\1.3.21.165\goopdateres_hu.dll
626826d5ccfbdfe41bd7b143d419158f c:\Program Files\Google\Update\1.3.21.165\goopdateres_id.dll
4369335485793a95f277e0205b136edf c:\Program Files\Google\Update\1.3.21.165\goopdateres_is.dll
70af51b3c85b6576a7c8ed33526dc41b c:\Program Files\Google\Update\1.3.21.165\goopdateres_it.dll
57aad528fcb370cc0e885279a85270b7 c:\Program Files\Google\Update\1.3.21.165\goopdateres_iw.dll
509e36c884b9d2a99d872e2372e186d5 c:\Program Files\Google\Update\1.3.21.165\goopdateres_ja.dll
c24ecf74ecfc8137e2e71afb31fe266b c:\Program Files\Google\Update\1.3.21.165\goopdateres_kn.dll
00603979c006f746f93292d50586ea2c c:\Program Files\Google\Update\1.3.21.165\goopdateres_ko.dll
7864114a799eb5b66116cefec91044f1 c:\Program Files\Google\Update\1.3.21.165\goopdateres_lt.dll
3122a4b33a9fd2d6df9ad8c9b3b2a304 c:\Program Files\Google\Update\1.3.21.165\goopdateres_lv.dll
9d30b511b7129b189552b258f4660062 c:\Program Files\Google\Update\1.3.21.165\goopdateres_ml.dll
cbaada698d6d871bd88c76916bd6f108 c:\Program Files\Google\Update\1.3.21.165\goopdateres_mr.dll
c2cba9992131d74c4d1e2de5308a29a6 c:\Program Files\Google\Update\1.3.21.165\goopdateres_ms.dll
0ef575f1419aec1869a931398a0c120b c:\Program Files\Google\Update\1.3.21.165\goopdateres_nl.dll
5b16529b4e1d06959cf434a082ad0cf2 c:\Program Files\Google\Update\1.3.21.165\goopdateres_no.dll
4e3f85d0f4a21829e60cde95ba49d4e2 c:\Program Files\Google\Update\1.3.21.165\goopdateres_pl.dll
42619749c16385e65bea783dd6057f55 c:\Program Files\Google\Update\1.3.21.165\goopdateres_pt-BR.dll
5a289d4ebdb56ae7820147e51d2abc51 c:\Program Files\Google\Update\1.3.21.165\goopdateres_pt-PT.dll
a9d0da4ebef588926d5cf95b57f22bfd c:\Program Files\Google\Update\1.3.21.165\goopdateres_ro.dll
2fa975d31863b4673905d20d5e097b2d c:\Program Files\Google\Update\1.3.21.165\goopdateres_ru.dll
9499f011f076f9da078281ae92df1acd c:\Program Files\Google\Update\1.3.21.165\goopdateres_sk.dll
7f42814a86b145fdab8a06d94086255f c:\Program Files\Google\Update\1.3.21.165\goopdateres_sl.dll
f009a3b88c006cbc161e36f0ed5a88ff c:\Program Files\Google\Update\1.3.21.165\goopdateres_sr.dll
098676d7bed153744fa139b9750cb9b4 c:\Program Files\Google\Update\1.3.21.165\goopdateres_sv.dll
b6a285c9ab36ca36b31095fb9d0c1b0c c:\Program Files\Google\Update\1.3.21.165\goopdateres_sw.dll
c0efc923d378ee64e0f5fcbc12cd8a23 c:\Program Files\Google\Update\1.3.21.165\goopdateres_ta.dll
276b76f262a5890ae16efb95e2d8932f c:\Program Files\Google\Update\1.3.21.165\goopdateres_te.dll
a4262c475a3d0f2b2b7931c3fde7559e c:\Program Files\Google\Update\1.3.21.165\goopdateres_th.dll
ecd96422fe7dd9a9bffdfe0bf4c1a73c c:\Program Files\Google\Update\1.3.21.165\goopdateres_tr.dll
71cfec671efc48b9ae56c7657bda4db7 c:\Program Files\Google\Update\1.3.21.165\goopdateres_uk.dll
f511d18ae96422dbf8f74b95dfe754fa c:\Program Files\Google\Update\1.3.21.165\goopdateres_ur.dll
3b9915d555f73f6c392bbc57c0ef6c85 c:\Program Files\Google\Update\1.3.21.165\goopdateres_vi.dll
903c3a6e261220ce3aa87b09bc6956c3 c:\Program Files\Google\Update\1.3.21.165\goopdateres_zh-CN.dll
2f51a38a5bdacd0ad753190918e0df48 c:\Program Files\Google\Update\1.3.21.165\goopdateres_zh-TW.dll
cfaf7b67c78d09d79688aedca3d090e2 c:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
5a868a07fd086421bc103c8087023b31 c:\Program Files\Google\Update\1.3.21.165\psmachine.dll
d8cd92ec440e97b9f146ab8af5a22599 c:\Program Files\Google\Update\1.3.21.165\psuser.dll
5bd34a050d2f357ce64e15912e9d8da6 c:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\49.0.2623.75\49.0.2623.75_chrome_installer.exe
506708142bc63daba64f2d3ad1dcd5bf c:\Program Files\Google\Update\GoogleUpdate.exe
5bd34a050d2f357ce64e15912e9d8da6 c:\Program Files\Google\Update\Install\{5DB6DAF7-E302-417C-94FD-8C3B51E11250}\49.0.2623.75_chrome_installer.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Googlechrome
Product Version: 5.0
Legal Copyright: Googlechrome
Legal Trademarks: Googlechrome
Original Filename:
Internal Name:
File Version:
File Description: Googlechrome
Comments: setup Installer
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 36864 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 229376 3224 3584 2.78766 06bc0fd52ae3c454380be795e314ffd0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 23
b60d20f4752127b0a37450e419ce6f50
2a6fc13fa99c48ad6f45ede34c82b2bb
6eb84fae07b5e0191d1af505a1cdbd2e
ea797d210951a61e66f99d24ebbb7f03
0f2e868ef9795d6f1b5c9d0c04e33996
3b3396d19f97db54fb97d7d5a1c986f5
2ddbf91544605dd199e15311ced0df17
fe626b262249c98ffd2b8438ad4a7aab
a922d0bb5817d88bb5ee0f3ecb889abe
6471afb85b4f13378c434b4d8c2c75c5
94c8733ae7a4f148a1aab15c7412883c
81d451425223770dc7d83c677c61045c
20b450858e1daaf1945c50ce66a7916c
047d1bb562806e3f6f3a99c0b6143cc6
01456e6485b8639205b142dca86460ae
ba4530288adebabefdb7b8cc1a3fa5f1
5da96b074f7f949d41b8c23c6fcd58a5
be3688f1464fff586a508eb8f25dcad3
7a94778c71fe7dc7422f44fb66600b76
fd24f821e286556b39add28883df2e15
9eb66b55d1d5847bfcb090065b378c43
d789b7593ef4b52dedee191369c32294
67ae2c9cf5ab31f87fba55790376df6e

URLs

URL IP
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Flow?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&version=4.4
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/Files//Setup_product_2937.exe
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/ui/css/start/jquery-ui-1.8.19.custom.css
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.5/jquery.min.js
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/topLine.jpg
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/topComp.png
hxxp://stats.l.doubleclick.net/dc.js
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/bgImg.jpg
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/bottomLine.jpg
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Track?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&reqid=398451200&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&status=0&installedid=2937&offerscreenid=&offerorder=5&downloadduration=3281&installduration=47&issecond=0
hxxp://smartinstaller.elasticbeanstalk.com/Installer/TrackFinish?reqid=398451200&x=y&clickid=
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
hxxp://www.postdownload.net/portal/redirect.php?id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&d=ez-download.com&p=Google Chrome&pid=3 104.24.23.17
hxxp://www.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0 104.24.23.17
hxxp://www.postdownload.net/css/thanks1.css 104.24.23.17
hxxp://cast-prod-dlv-pull.ironsrc.netdna-cdn.com/scripts/1/adnl.min.js
hxxp://neu-dl-api.cloudapp.net/api/vv/1?callback=cb_1457247668740&ts=1457247668740&sessionId=BReHy&rfr=&aus=1228,1
hxxp://cast-prod-dlv-pull.ironsrc.netdna-cdn.com/images/4b0f3d20-4d8d-41d7-8a7a-a77178b97528.gif
hxxp://neu-dl-api.cloudapp.net/api/vp/1?clk=GXSXEDoTA7aFEbt_ngKhOUjZVcE9AxGTthTRcPVDzupuJDChxOqgz3cWKhHoWsezZBenlp08mKoL6YRIIPS0Wa_LJTgsw5kJLQRaYnSFRJ_ZIbsbT3IHu4FeboYW1XPnfhubImtHxoR9gMYjBZlJ6GdEXbfWV01adF9PclEaqu-xMf3CmHRbvv7ig2ogWVk3GL-Qr1L3PR4FupSMiWiH290skTpKQaE1c0eBTfmSuD0kRf_kNhKVUlWjXdHs81s7gCKuEmGKEGSR2qeXVEJtxTm01tFWj8HyBn-aqWWBlq1VqvkX3W4K40hNLuctjNe55tSme4SdCtEktzOZ0_LIfMUX3SRqwZSusXaKnHeJxGntSmXEOR7GEsJ2XQJU5H2Q8kBFB_u1V3MfgSnUr5wlXakD0wcqnmrJHLvn88La3E3YanKbNtpraLdjUka4U1at7Zg8EpH8TwhfH-6zE6yOQw&rfr=
hxxp://tools.l.google.com/service/update2
hxxp://tools.l.google.com/service/update2?w=6:YDhcG6eGfow2S2ks153n8eykTLoZ0QGgz42FvRfez3BV0PX4rwVnIhIxh8kyBrI-Rg2SFoHGOlpANYjyww78prZYnHTZYDxcu3-cdB8qVTajg0JbaXvTzTapiMTZDxTNY5FpRACi4Zsanj-n9CBNqMCuS_8KH7-MB3T4YZrjLRGVSW5lmG1TnTqivb9XSelWwr9VeGlcpY2BHG5w5EuDyw9cpULNy-6cOkOPrq_8MrcExDjATGLwFbMamHhMwwaTvcwtaRCq0ljKCeZzOlIyCu0VcUrtR18vlBeWTGwC7GOjhA4ajTDNuZxY-rWl_1deYXWHvJSQkWecB9WS21V40A
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/bodyImg.png
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/nextCase.jpg
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/button_over.png
hxxp://dlrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme14/button.png
hxxp://tools.l.google.com/edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe
hxxp://r2.sn-2puapox-ig3e.gvt1.com/edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe?cms_redirect=yes&expire=1457262236&ip=194.242.96.218&ipbits=0&mm=28&mn=sn-2puapox-ig3e&ms=nvh&mt=1457247695&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B3C52D106C2ADB0ED811DA8BE0E263843313A02.17B09E3ADE5E2C9DA7ADAC9FBDA0260D0F385110&key=cms1
hxxp://clients.l.google.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx
hxxp://r2.sn-2puapox-ig3e.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx?cms_redirect=yes&expire=1457262261&ip=194.242.96.218&ipbits=0&mm=31&mn=sn-2puapox-ig3e&ms=au&mt=1457247760&mv=m&pl=22&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl&signature=3E7B3AC51D0912B2079EB002BA44F35B18A42ACB.341DD40C22AF6581DF434A9421A0D1E8765A442B&key=cms1
hxxp://tools.l.google.com/chrome/intl/en/welcome.html
hxxp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0 104.24.22.17
hxxp://static.revenyou.com/offers/images/Theme14/button.png 198.232.124.224
hxxp://tools.google.com/service/update2 216.58.209.206
hxxp://d.castplatform.com/api/vp/1?clk=GXSXEDoTA7aFEbt_ngKhOUjZVcE9AxGTthTRcPVDzupuJDChxOqgz3cWKhHoWsezZBenlp08mKoL6YRIIPS0Wa_LJTgsw5kJLQRaYnSFRJ_ZIbsbT3IHu4FeboYW1XPnfhubImtHxoR9gMYjBZlJ6GdEXbfWV01adF9PclEaqu-xMf3CmHRbvv7ig2ogWVk3GL-Qr1L3PR4FupSMiWiH290skTpKQaE1c0eBTfmSuD0kRf_kNhKVUlWjXdHs81s7gCKuEmGKEGSR2qeXVEJtxTm01tFWj8HyBn-aqWWBlq1VqvkX3W4K40hNLuctjNe55tSme4SdCtEktzOZ0_LIfMUX3SRqwZSusXaKnHeJxGntSmXEOR7GEsJ2XQJU5H2Q8kBFB_u1V3MfgSnUr5wlXakD0wcqnmrJHLvn88La3E3YanKbNtpraLdjUka4U1at7Zg8EpH8TwhfH-6zE6yOQw&rfr= 40.127.174.50
hxxp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0& 50.19.96.76
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png 216.58.214.202
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js 216.58.214.202
hxxp://r2---sn-2puapox-ig3e.gvt1.com/edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe?cms_redirect=yes&expire=1457262236&ip=194.242.96.218&ipbits=0&mm=28&mn=sn-2puapox-ig3e&ms=nvh&mt=1457247695&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B3C52D106C2ADB0ED811DA8BE0E263843313A02.17B09E3ADE5E2C9DA7ADAC9FBDA0260D0F385110&key=cms1 185.43.249.13
hxxp://static.revenyou.com/offers/images/Theme14/nextCase.jpg 198.232.124.224
hxxp://static.revenyou.com/offers/ui/css/start/jquery-ui-1.8.19.custom.css 198.232.124.224
hxxp://static.revenyou.com/offers/images/Theme14/topComp.png 198.232.124.224
hxxp://static.revenyou.com/offers/images/Theme14/bgImg.jpg 198.232.124.224
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css 216.58.214.202
hxxp://data.getserverinfo.com/Installer/TrackFinish?reqid=398451200&x=y&clickid= 50.19.96.76
hxxp://tools.google.com/service/update2?w=6:YDhcG6eGfow2S2ks153n8eykTLoZ0QGgz42FvRfez3BV0PX4rwVnIhIxh8kyBrI-Rg2SFoHGOlpANYjyww78prZYnHTZYDxcu3-cdB8qVTajg0JbaXvTzTapiMTZDxTNY5FpRACi4Zsanj-n9CBNqMCuS_8KH7-MB3T4YZrjLRGVSW5lmG1TnTqivb9XSelWwr9VeGlcpY2BHG5w5EuDyw9cpULNy-6cOkOPrq_8MrcExDjATGLwFbMamHhMwwaTvcwtaRCq0ljKCeZzOlIyCu0VcUrtR18vlBeWTGwC7GOjhA4ajTDNuZxY-rWl_1deYXWHvJSQkWecB9WS21V40A 216.58.209.206
hxxp://static.revenyou.com/offers/images/Theme14/bottomLine.jpg 198.232.124.224
hxxp://cdn.castplatform.com/images/4b0f3d20-4d8d-41d7-8a7a-a77178b97528.gif 198.232.124.20
hxxp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0& 50.19.96.76
hxxp://tools.google.com/chrome/intl/en/welcome.html 216.58.209.206
hxxp://static.revenyou.com/offers/images/Theme14/bodyImg.png 198.232.124.224
hxxp://stats.g.doubleclick.net/dc.js 173.194.220.157
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js 216.58.214.202
hxxp://cdn.castplatform.com/scripts/1/adnl.min.js 198.232.124.20
hxxp://dl.revenyou.com/Files//Setup_product_2937.exe 198.232.124.224
hxxp://static.revenyou.com/offers/images/Theme14/topLine.jpg 198.232.124.224
hxxp://thankyou.postdownload.net/css/thanks1.css 104.24.22.17
hxxp://d.castplatform.com/api/vv/1?callback=cb_1457247668740&ts=1457247668740&sessionId=BReHy&rfr=&aus=1228,1 40.127.174.50
hxxp://redirector.gvt1.com/edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe 216.58.209.206
hxxp://redirector.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx 216.58.209.206
hxxp://r2---sn-2puapox-ig3e.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx?cms_redirect=yes&expire=1457262261&ip=194.242.96.218&ipbits=0&mm=31&mn=sn-2puapox-ig3e&ms=au&mt=1457247760&mv=m&pl=22&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl&signature=3E7B3AC51D0912B2079EB002BA44F35B18A42ACB.341DD40C22AF6581DF434A9421A0D1E8765A442B&key=cms1 185.43.249.13
hxxp://data.getserverinfo.com/Installer/Track?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&reqid=398451200&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&status=0&installedid=2937&offerscreenid=&offerorder=5&downloadduration=3281&installduration=47&issecond=0 50.19.96.76
hxxp://data.getserverinfo.com/Installer/Flow?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&version=4.4 50.19.96.76
hxxp://static.revenyou.com/offers/images/Theme14/button_over.png 198.232.124.224
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png 216.58.214.202
fonts.googleapis.com 64.233.163.95
apis.google.com 216.58.209.174
docs.google.com 216.58.214.238
translate.googleapis.com 173.194.71.239
accounts.google.com 216.58.209.173
az735311.vo.msecnd.net 93.184.221.200
www.googleapis.com 216.58.214.202
clients2.google.com 216.58.214.206
s.ytimg.com 216.58.209.206
clients4.google.com 216.58.209.206
accounts.youtube.com 216.58.214.206
www.gstatic.com 216.58.214.195
www.youtube.com 216.58.209.174
ssl.gstatic.com 216.58.209.163
fonts.gstatic.com 216.58.214.227
clients2.googleusercontent.com 216.58.214.193
www.google.com 173.194.113.211
ssl.google-analytics.com 216.58.209.200


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe?cms_redirect=yes&expire=1457262236&ip=194.242.96.218&ipbits=0&mm=28&mn=sn-2puapox-ig3e&ms=nvh&mt=1457247695&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B3C52D106C2ADB0ED811DA8BE0E263843313A02.17B09E3ADE5E2C9DA7ADAC9FBDA0260D0F385110&key=cms1 HTTP/1.1
X-Old-UID: cnt=0
User-Agent: Google Update/1.3.21.165;winhttp
X-Last-HR: 0x80072f94
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
Host: r2---sn-2puapox-ig3e.gvt1.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 44828064
Content-Type: application/x-msdos-program
Etag: "add1c"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Sun, 06 Mar 2016 03:04:06 GMT
Last-Modified: Wed, 02 Mar 2016 05:33:00 GMT
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......y7.t=V.'=V.'
=V.'.Y.':V.'=V.'.V.'...'5V.'...'<V.'=V.'?V.'...'<V.'Rich=V.'....
............PE..L...&q.V.............................1.......@....@...
..............................!.......................................
D7..P....P..h................M........................................
...................................................text....,..........
................ ..`.data........@[email protected].
...P.......2..............@..@........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...................................................8...8...8...8...8..
.9..$9..69..D9......b9..n9..~9...9...9...9...9...9...9...9...9...:..$:
..0:..<:..J:..\:..j:...:...:...:...:...:...:...;...;..";..8;..H;..Z
;..n;..|;...;...;...;...;...;...;...;...<..&<..:<..J<..^&l
t;..z<...<.......<..............&q.V........0...............{
.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.F.1.-.A.6.9.D.9.E.5.3.0.F.9
.6.}.....{.8.B.A.9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A
.0.2.A.C.B.F.}.....{.4.D.C.8.B.4.C.A.-.1.B.D.A.-.4.8.3.e.-.B.5.F.A
<<< skipped >>>


GET /crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx HTTP/1.1
Host: redirector.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Date: Sun, 06 Mar 2016 07:04:21 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r2---sn-2puapox-ig3e.gvt1.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx?cms_redirect=yes&expire=1457262261&ip=194.242.96.218&ipbits=0&mm=31&mn=sn-2puapox-ig3e&ms=au&mt=1457247760&mv=m&pl=22&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl&signature=3E7B3AC51D0912B2079EB002BA44F35B18A42ACB.341DD40C22AF6581DF434A9421A0D1E8765A442B&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 719
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://r2---sn-2puapox-ig3e.gvt1.com/crx/blobs/QgAAAC6z
w0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdF
WOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/e
xtension_0_1_2_0.crx?cms_redirect=yes&expire=1457262261&ip=194
.242.96.218&ipbits=0&mm=31&mn=sn-2puapox-ig3e&ms=au&am
p;mt=1457247760&mv=m&pl=22&sparams=expire,ip,ipbits,mm,mn,
ms,mv,pl&signature=3E7B3AC51D0912B2079EB002BA44F35B18A42ACB.341DD4
0C22AF6581DF434A9421A0D1E8765A442B&key=cms1">here</A>...&
lt;/BODY></HTML>......
<<< skipped >>>


GET /offers/images/Theme14/topLine.jpg HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 502 Bad Gateway
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: text/html
Content-Length: 575
Connection: keep-alive
Server: NetDNA-cache/2.2
<html>..<head><title>502 Bad Gateway</title>&l
t;/head>..<body bgcolor="white">..<center><h1>502
 Bad Gateway</h1></center>..<hr><center>nginx/
1.7.11</center>..</body>..</html>..<!-- a padding
 to disable MSIE and Chrome friendly error page -->..<!-- a padd
ing to disable MSIE and Chrome friendly error page -->..<!-- a p
adding to disable MSIE and Chrome friendly error page -->..<!-- 
a padding to disable MSIE and Chrome friendly error page -->..<!
-- a padding to disable MSIE and Chrome friendly error page -->..&l
t;!-- a padding to disable MSIE and Chrome friendly error page -->.
.....


GET /offers/images/Theme14/bodyImg.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: image/png
Content-Length: 1914
Connection: keep-alive
Cache-Control: max-age=604800
Last-Modified: Mon, 05 Aug 2013 10:27:32 GMT
ETag: "36dd864c691ce1:0"
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Sun, 13 Mar 2016 07:03:55 GMT
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR.......:.....j.......sRGB.........gAMA......a.... cHRM
..z&..............u0...`..:....p..Q<...0PLTE.......................
.........................{.......IDATx......:..`..p..J.4.ty.:......)v.
.\....,.fwv..U...!.....b.f.....Cy(..OW......w......]R..l..2My}<..].
.8hn{*..X.).m..4w.U.J.....u..l.J...<...>uJ.....i.>o.%......I.
\..S......U.D.}OK..J`......sJ`.}..M.9%..A....u.T.%........K....OQ..._.
.d.>..L....]I. U.].c.Je...|.W.U?..E.}...*.vZ...K...M....).W...^V..&
gt;).e(.].Z.}dg%@....S.*/...........Y.W.]}...|.SgO........rrj...4UY../
..r.~.....Z.ep.wui.sP^..X.g%$(.......C........Ze....4yn}....U.({.V..{o
..}O...w.G.Q.^..r..p....0y............8......6.v....zz~....-...F*..f.F
]...R..*. -......e{mO.s.i.9.U....zz.6.f.T>.f.DQ%.. ...l.q\N."eA({_W
7..Q.....d........>...Y.."e.\....s,.. .Li)%....R.o.....C.9wQ....8..
......KNY..t..)...k...v)P*.....I...4&../.{)..qe..R.'...2..*..d.z&.T;y.
.)Q*....)R..2..)Tj.B..)V..b..)W......QB!rj.B.J)..N)b*...R)q..<S...z
%.LPr..%.LQ2.4e.....q&*c.De,..J.x& ig...g..b.(.g..p.)Qf..uf*1g..af .Y.
..... .;(.....s......r.v. ...s'...K.0wS.....sG%.......-.R..}......4S..
...W.....=.9eN(..OS..Jt(...<...P.(..DJ;_)..Y. ..7.>[email protected])e
M.qi;...........$.z%.[..P...SJzT*E]......2zT.t..L%6.TJ..Y.a...}.V..J..
.,.....H... ....;..2_._/[.^/[.\.W.\.!..%oT*y.Z....#Q.Bw.FI.7...H..2Jt.
*..../........2.F..X.....gqJ.q:.U.q.. V...B..s.(.J2.x..()#1@.'d4.Hh.h.
J.I.i.G.#.;.J....*Q$Z..?.........sR..D.<...| ......2.1b.A3...v.....
X.y{..R....{h..pzJ.I.).Y..Kn.z;%Jn..c.W...bL........t..!...A..(..*
<<< skipped >>>

GET /offers/images/Theme14/bottomLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme14/button_over.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: image/png
Content-Length: 921
Connection: keep-alive
Cache-Control: max-age=604800
Last-Modified: Mon, 05 Aug 2013 17:21:05 GMT
ETag: "f072da2a092ce1:0"
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Sun, 13 Mar 2016 07:03:55 GMT
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR...Y............m....tEXtSoftware.Adobe ImageReadyq.e&
lt;...;IDATx..Z;o.1..Y.D...W."$=D..*[email protected].
...........;..N.h..=.|..x6..f..pf...n...yX...>z......`87.3...t.e:.s
h..e..z.A....G.p..IZ.z...?Ra8........Y......O.......[[email protected].
...y..-.....Lc.0......O..|z.O/...k.....e...n..!......G.p...9....3. .'?
7 ..GD@..{.<....C$....N.........Q...<.,@...].;Q.'<.(.X.r.,.6.
......QrB..h..d&r....6....G..Shr.... .....4r..= ..f.....B.qP..l.K.....
...YB.Z....H....../:.l.(.S.D...nM7..P.%R........&_uR.H6A..(raP.H9...[\
D. .(....d...`.8.A......r5Q..........:v.e....u.....-&.1.....&.........
Z.|....).L...$....)K%a-....b..a*{<(W..P<..w7_Z.....h.%6.N.......
.*\FB...A...#..f.N...C..(.p...........K.|..5d..3u-........(.k. 7..6..t
svP!.U0.q.......9z.e [email protected]............. .>=...{WVim...
.f.c6.:...|.....0X.yk...../z..!.SHW.d......o.s........a..8..g.|zvg...o
[email protected].^......IEND.B`.....


GET /offers/images/Theme14/button.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: image/png
Content-Length: 458
Connection: keep-alive
Cache-Control: max-age=604800
Last-Modified: Mon, 05 Aug 2013 17:21:12 GMT
ETag: "1b5642f092ce1:0"
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Sun, 13 Mar 2016 07:03:55 GMT
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR...Y............m....tEXtSoftware.Adobe ImageReadyq.e&
lt;...lIDATx...1..p....at.`...[_)...&.........~...C..V$z.J.w.Wi.......
.../..<........R.H)s..i....t.....}2M...9i.&..(..c.....l.&.0`.&a..f.
..p...R.Jr....bA....$.....cr....u....sq..x....?..> ..pu`.h..C......
.$w$..gY. .....%9MS...V.....IF'..0].;..HF..]b..Hr..pW...k..{..EQD.....
-L.....#..H.u.. ..lF....j".,<........<. ......18....\.....oI...^
.....:..._......rU.<Z`..d..E.|.0.......B.....IEND.B`...



GET /offers/ui/css/start/jquery-ui-1.8.19.custom.css HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:41 GMT
Content-Type: text/css
Content-Length: 20706
Connection: keep-alive
Cache-Control: max-age=604800
Last-Modified: Thu, 26 Apr 2012 17:23:56 GMT
ETag: "ca38195cd123cd1:0"
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Sun, 13 Mar 2016 07:03:41 GMT
X-Cache: HIT
Accept-Ranges: bytes
/*!. * jQuery UI CSS Framework 1.8.19. *. * Copyright 2012, AUTHORS.tx
t (hXXp://jqueryui.com/about). * Dual licensed under the MIT or GPL Ve
rsion 2 licenses.. * hXXp://jquery.org/license. *. * hXXp://docs.jquer
y.com/UI/Theming/API. */../* Layout helpers.--------------------------
--------*/..ui-helper-hidden { display: none; }..ui-helper-hidden-acce
ssible { position: absolute !important; clip: rect(1px 1px 1px 1px); c
lip: rect(1px,1px,1px,1px); }..ui-helper-reset { margin: 0; padding: 0
; border: 0; outline: 0; line-height: 1.3; text-decoration: none; font
-size: 100%; list-style: none; }..ui-helper-clearfix:before, .ui-helpe
r-clearfix:after { content: ""; display: table; }..ui-helper-clearfix:
after { clear: both; }..ui-helper-clearfix { zoom: 1; }..ui-helper-zfi
x { width: 100%; height: 100%; top: 0; left: 0; position: absolute; op
acity: 0; filter:Alpha(Opacity=0); }.../* Interaction Cues.-----------
-----------------------*/..ui-state-disabled { cursor: default !import
ant; }.../* Icons.----------------------------------*/../* states and 
images */..ui-icon { display: block; text-indent: -99999px; overflow: 
hidden; background-repeat: no-repeat; }.../* Misc visuals.------------
----------------------*/../* Overlays */..ui-widget-overlay { position
: absolute; top: 0; left: 0; width: 100%; height: 100%; }.../*!. * jQu
ery UI CSS Framework 1.8.19. *. * Copyright 2012, AUTHORS.txt (hXXp://
jqueryui.com/about). * Dual licensed under the MIT or GPL Version 2 li
censes.. * hXXp://jquery.org/license. *. * hXXp://docs.jquery.com/
<<< skipped >>>

GET /offers/images/Theme14/topLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Sun, 06 Mar 2016 07:03:42 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme14/bgImg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Sun, 06 Mar 2016 07:03:42 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme14/bottomLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Sun, 06 Mar 2016 07:03:42 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>..HTTP/1.1 404 Not Found..Date: Sun, 06 Mar 2016 07:03:42 GMT..Co
ntent-Type: text/html..Content-Length: 1245..Connection: keep-aliv
<<< skipped >>>


GET /api/vv/1?callback=cb_1457247668740&ts=1457247668740&sessionId=BReHy&rfr=&aus=1228,1 HTTP/1.1
Accept: */*
Referer: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1055
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-Country: UA
P3P: CP='NON UNI COM NAV STA OUR IND'
Set-Cookie: cuuid=a5373fc1-bbc4-4b27-a2c4-5087a1d7a4b4; expires=Fri, 06 Mar 2026 07:03:49 GMT; domain=d.castplatform.com; path=/
X-Elapsed: 465
X-Node: NEU3940D6
Date: Sun, 06 Mar 2016 07:03:49 GMT
cb_1457247668740 && cb_1457247668740({"zones":[{"id":1228,"status":200
,"enabled":true,"template":"Free_Creative_300X250","data":[{"clickTag"
:null,"clk":"GXSXEDoTA7aFEbt_ngKhOUjZVcE9AxGTthTRcPVDzupuJDChxOqgz3cWK
hHoWsezZBenlp08mKoL6YRIIPS0Wa_LJTgsw5kJLQRaYnSFRJ_ZIbsbT3IHu4FeboYW1XP
nfhubImtHxoR9gMYjBZlJ6GdEXbfWV01adF9PclEaqu-xMf3CmHRbvv7ig2ogWVk3GL-Qr
1L3PR4FupSMiWiH290skTpKQaE1c0eBTfmSuD0kRf_kNhKVUlWjXdHs81s7gCKuEmGKEGS
R2qeXVEJtxTm01tFWj8HyBn-aqWWBlq1VqvkX3W4K40hNLuctjNe55tSme4SdCtEktzOZ0
_LIfMUX3SRqwZSusXaKnHeJxGntSmXEOR7GEsJ2XQJU5H2Q8kBFB_u1V3MfgSnUr5wlXak
D0wcqnmrJHLvn88La3E3YanKbNtpraLdjUka4U1at7Zg8EpH8TwhfH-6zE6yOQw","widt
h":300,"height":250,"cUrl":"hXXp://d.castplatform.com/api/c/1?clk=%clk
%","trackers":[{"type":"Url","content":"hXXp://d.castplatform.com/api/
vp/1?clk=%clk%"}],"category":null,"assets":[{"assetDisplayType":1,"wid
th":300,"height":250,"url":"//cdn.castplatform.com/images/4b0f3d20-4d8
d-41d7-8a7a-a77178b97528.gif","javascript":"","clickTagVar":""}]}],"st
yles":null,"settings":{"adUnitTitle":""},"displayType":"Size"}],"ts":4
65});....


GET /api/vp/1?clk=GXSXEDoTA7aFEbt_ngKhOUjZVcE9AxGTthTRcPVDzupuJDChxOqgz3cWKhHoWsezZBenlp08mKoL6YRIIPS0Wa_LJTgsw5kJLQRaYnSFRJ_ZIbsbT3IHu4FeboYW1XPnfhubImtHxoR9gMYjBZlJ6GdEXbfWV01adF9PclEaqu-xMf3CmHRbvv7ig2ogWVk3GL-Qr1L3PR4FupSMiWiH290skTpKQaE1c0eBTfmSuD0kRf_kNhKVUlWjXdHs81s7gCKuEmGKEGSR2qeXVEJtxTm01tFWj8HyBn-aqWWBlq1VqvkX3W4K40hNLuctjNe55tSme4SdCtEktzOZ0_LIfMUX3SRqwZSusXaKnHeJxGntSmXEOR7GEsJ2XQJU5H2Q8kBFB_u1V3MfgSnUr5wlXakD0wcqnmrJHLvn88La3E3YanKbNtpraLdjUka4U1at7Zg8EpH8TwhfH-6zE6yOQw&rfr= HTTP/1.1


Accept: */*
Referer: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d.castplatform.com
Connection: Keep-Alive
Cookie: cuuid=a5373fc1-bbc4-4b27-a2c4-5087a1d7a4b4


HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 43
Content-Type: image/gif
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: cuuid=d33074fa-2c23-4a49-b223-29d6bd2a0da3; expires=Fri, 06 Mar 2026 07:03:49 GMT; domain=d.castplatform.com; path=/
P3P: CP='NON UNI COM NAV STA OUR IND'
X-Elapsed: 0
Date: Sun, 06 Mar 2016 07:03:49 GMT
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: no-cache..Content-Length: 43..Content-Type: image/gif..Server: Mi
crosoft-HTTPAPI/2.0..Set-Cookie: cuuid=d33074fa-2c23-4a49-b223-29d6bd2
a0da3; expires=Fri, 06 Mar 2026 07:03:49 GMT; domain=d.castplatform.co
m; path=/..P3P: CP='NON UNI COM NAV STA OUR IND'..X-Elapsed: 0..Date: 
Sun, 06 Mar 2016 07:03:49 GMT..GIF89a.............!.......,...........
L..;..



GET /edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe HTTP/1.1
X-Old-UID: cnt=0
User-Agent: Google Update/1.3.21.165;winhttp
X-Last-HR: 0x80072f94
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: redirector.gvt1.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 302 Found
Date: Sun, 06 Mar 2016 07:03:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r2---sn-2puapox-ig3e.gvt1.com/edgedl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe?cms_redirect=yes&expire=1457262236&ip=194.242.96.218&ipbits=0&mm=28&mn=sn-2puapox-ig3e&ms=nvh&mt=1457247695&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B3C52D106C2ADB0ED811DA8BE0E263843313A02.17B09E3ADE5E2C9DA7ADAC9FBDA0260D0F385110&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 723
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://r2---sn-2puapox-ig3e.gvt1.com/edgedl/release2/en
ydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekd
zwm72hetbep16ae806g639luiti/49.0.2623.75_chrome_installer.exe?cms_redi
rect=yes&expire=1457262236&ip=194.242.96.218&ipbits=0&
mm=28&mn=sn-2puapox-ig3e&ms=nvh&mt=1457247695&mv=u&
;pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl
,shardbypass&signature=7B3C52D106C2ADB0ED811DA8BE0E263843313A02.17
B09E3ADE5E2C9DA7ADAC9FBDA0260D0F385110&key=cms1">here</A>
...</BODY></HTML>....
<<< skipped >>>


GET /offers/images/Theme14/topComp.png HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Sun, 06 Mar 2016 07:03:48 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme14/bgImg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 502 Bad Gateway
Date: Sun, 06 Mar 2016 07:03:55 GMT
Content-Type: text/html
Content-Length: 575
Connection: keep-alive
Server: NetDNA-cache/2.2
<html>..<head><title>502 Bad Gateway</title>&l
t;/head>..<body bgcolor="white">..<center><h1>502
 Bad Gateway</h1></center>..<hr><center>nginx/
1.7.11</center>..</body>..</html>..<!-- a padding
 to disable MSIE and Chrome friendly error page -->..<!-- a padd
ing to disable MSIE and Chrome friendly error page -->..<!-- a p
adding to disable MSIE and Chrome friendly error page -->..<!-- 
a padding to disable MSIE and Chrome friendly error page -->..<!
-- a padding to disable MSIE and Chrome friendly error page -->..&l
t;!-- a padding to disable MSIE and Chrome friendly error page -->.
.....


GET /offers/images/Theme14/nextCase.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 502 Bad Gateway
Date: Sun, 06 Mar 2016 07:04:02 GMT
Content-Type: text/html
Content-Length: 575
Connection: keep-alive
Server: NetDNA-cache/2.2
<html>..<head><title>502 Bad Gateway</title>&l
t;/head>..<body bgcolor="white">..<center><h1>502
 Bad Gateway</h1></center>..<hr><center>nginx/
1.7.11</center>..</body>..</html>..<!-- a padding
 to disable MSIE and Chrome friendly error page -->..<!-- a padd
ing to disable MSIE and Chrome friendly error page -->..<!-- a p
adding to disable MSIE and Chrome friendly error page -->..<!-- 
a padding to disable MSIE and Chrome friendly error page -->..<!
-- a padding to disable MSIE and Chrome friendly error page -->..&l
t;!-- a padding to disable MSIE and Chrome friendly error page -->.
.HTTP/1.1 502 Bad Gateway..Date: Sun, 06 Mar 2016 07:04:02 GMT..Conten
t-Type: text/html..Content-Length: 575..Connection: keep-alive..Server
: NetDNA-cache/2.2..<html>..<head><title>502 Bad Gat
eway</title></head>..<body bgcolor="white">..<cen
ter><h1>502 Bad Gateway</h1></center>..<hr>
<center>nginx/1.7.11</center>..</body>..</html>
;..<!-- a padding to disable MSIE and Chrome friendly error page --
>..<!-- a padding to disable MSIE and Chrome friendly error page
 -->..<!-- a padding to disable MSIE and Chrome friendly error p
age -->..<!-- a padding to disable MSIE and Chrome friendly erro
r page -->..<!-- a padding to disable MSIE and Chrome friendly e
rror page -->..<!-- a padding to disable MSIE and Chrome fri
<<< skipped >>>


GET /Files//Setup_product_2937.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.revenyou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:41 GMT
Content-Type: application/octet-stream
Content-Length: 819176
Connection: keep-alive
Cache-Control: max-age=604800
Last-Modified: Thu, 21 Nov 2013 23:14:56 GMT
ETag: "a67de17dfe7ce1:0"
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Sun, 13 Mar 2016 07:03:41 GMT
X-Cache: MISS
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........&...G...G..
.G.......G.......G.......G.......G.......G...G..RG.......G.......G...G
...G.......G..Rich.G..................PE..L...q.8R.................^..
.........[.......p....@.......................................@.......
...........................y.......................h...............r..
.............................................p........................
.......text....\.......^.................. ..`.rdata..$....p.......b..
............@[email protected]...\[email protected].........
.......z..............@[email protected]...............^[email protected]....
......................................................................
......................................................................
......................................................................
......................................................................
............................................U..3..}.....j....j.j.H....
[email protected],...t ...t..."[email protected]...
[email protected]@.....t%[email protected].;.s.N....|O.u.;.r.3...f.
.f....#._^][email protected]@...u.].P.u..E..z...YY].U..QSVW3..t
[email protected]......<..u>[email protected]@...t.P.E.V.0.......Y
Yu..u.....Q...E.....u.3._^[.......H........J........P.R..U...........@
[email protected]..([email protected]@[email protected].^..A....U
[email protected]@.WV......P..([email protected]@...t.h.@.......
<<< skipped >>>


GET //offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0& HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: srv.serverdatasrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 06 Mar 2016 07:03:40 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8788
Connection: keep-alive
.<html>.    <head>.      .       <style type="text/css"
>.            .ui-progressbar-value { background-image: url(images/
pbar-ani.gif); }.        </style>.       .        <link type=
"text/css" href="hXXp://static.revenyou.com/offers/ui/css/start/jquery
-ui-1.8.19.custom.css" rel="stylesheet" />.        <link href="h
ttp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/jquery-u
i.css" rel="stylesheet" type="text/css" />.        <script  type
="text/javascript"  src="hXXp://ajax.googleapis.com/ajax/libs/jquery/1
.5/jquery.min.js"></script>.        <script  type="text/ja
vascript"  src="hXXp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jque
ry-ui.min.js"></script>..       <title>2 - NonProduct (
Google Chrome)</title><script type='text/javascript'>var _
gaq = _gaq || [];_gaq.push(['_setAccount', 'UA-37348037-1']);_gaq.push
(['_setDomainName', 'ppdownload.com']);_gaq.push(['_setAllowLinker', t
rue]);..                                            _gaq.push(['_track
Pageview']);..                                            (function() 
{..                                              var ga = document.cre
ateElement('script'); ga.type = 'text/javascript'; ga.async = true;.. 
                                             ga.src = ('https:' == doc
ument.location.protocol ? 'hXXps://' : 'hXXp://')   'stats.g.doublecli
ck.net/dc.js';..                                              var s = 
document.getElementsByTagName('script')[0]; s.parentNode.insertBef
<<< skipped >>>

GET //offers/DynamicOfferScreen?offerid=4&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0& HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: srv.serverdatasrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 06 Mar 2016 07:03:47 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 7512
Connection: keep-alive
<html>.    <head>.      <title>4 - NonProduct (Googl
e Chrome)</title><script type='text/javascript'>var _gaq =
 _gaq || [];_gaq.push(['_setAccount', 'UA-37348037-1']);_gaq.push(['_s
etDomainName', 'ppdownload.com']);_gaq.push(['_setAllowLinker', true])
;..                                            _gaq.push(['_trackPagev
iew']);..                                            (function() {..  
                                            var ga = document.createEl
ement('script'); ga.type = 'text/javascript'; ga.async = true;..      
                                        ga.src = ('https:' == document
.location.protocol ? 'hXXps://' : 'hXXp://')   'stats.g.doubleclick.ne
t/dc.js';..                                              var s = docum
ent.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s
);..                                            })();</script>&l
t;style type='text/css'>..body {..    width: 100%;..    height: 100
%;..    margin: 0px;..    padding: 0px;..    font-size: font-family:he
lvetica;..    font-size: 12px;..}...divLeadpName {..    border-bottom-
style: groove;..    border-bottom-width: thin;..    padding-left: 61px
;..    padding-top: 9px;..    font-size: font-family:helvetica;..    f
ont-style: italic;..    font-size: 25px;..    font-weight: bold;..    
color: black;..    position: absolute;..    width: 94%;..    ba;..}..#
divTop {..    display: none;..}..#divMiddle {..    background-color: #
efecec;..    height: 100%;..}..#middle {..    background-color: #f
<<< skipped >>>


GET /crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP3JhGfde_qB0i4AGFheiw2tTb3K6LcQf20IP74eoXNHAIX8nIOYdFWOToDjV8cZQ94IPWaaT-I78bm_QX7OYnNlAMZSmuW4A7eviT39bqZoLgRHXkZ6Ztnrrw/extension_0_1_2_0.crx?cms_redirect=yes&expire=1457262261&ip=194.242.96.218&ipbits=0&mm=31&mn=sn-2puapox-ig3e&ms=au&mt=1457247760&mv=m&pl=22&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl&signature=3E7B3AC51D0912B2079EB002BA44F35B18A42ACB.341DD40C22AF6581DF434A9421A0D1E8765A442B&key=cms1 HTTP/1.1
Host: r2---sn-2puapox-ig3e.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK
X-GUploader-UploadID: AEnB2UoEusuUlDKJz0cV4ur_bRA6qGfeCKTVZKfDa8v0fHlhnkVaewP70aJVobe3UimF8hG_HGC-Ln1C8VrkEtozTPQZYp-cBQ
Date: Sun, 06 Mar 2016 01:38:32 GMT
ETag: 123ec502_a4283aad_5aa158d1_74156512_32176386
Expires: Mon, 06 Mar 2017 01:38:32 GMT
Content-Type: application/x-chrome-extension
Content-Length: 182747
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Server: UploadServer
Last-Modified: Wed, 22 Jul 2015 17:13:49 GMT
Connection: close
Alternate-Protocol: 80:quic,p=0
X-Content-Type-Options: nosniff
Cr24............0..0...*.H............0.......).'..b.*$w\$..q&..]zF_2.
.;...?.U,...W...L1.2....R..#....W.....c1k.$W..$.J....... M!.Hz.n`U.I)N
.|b.l.....{.K@]6.LlP/.....](.A..........6.Q.9.f.M....U....#....3.hSb.w
.........)Y.x>.........lO.........%.vQK.......O#..\n.zn...H.4......
U.G......Q?pz0.._..J.%xW.q.D.PK.........Q.F................_locales/..
PK..............PK.........Q.F................_locales/bg/..PK........
......PK.........Q.F................_locales/bg/messages.json.T.n. ...
 ,........Q.a )m.-.I.Q...B..HT..^V,0..;..\..$U...WG.v...|}.....vX.....
6W[Z..lq.|F....n.....:.a...!D8...x\....RpB.bP..V.o......u._&.x]{ou/.Zz
.....A...W..I62..q.5Or....l.G....D.*.W...T..j\c.<....%.B..X.z.-4...
y.h..\$jl.[.......S.k..Xl......%.tq...}.2[....hZ..U....z..........."y?
.D..)......[g.Vn...I32.t.`.d...c9I.#L....s'ltf.)G8&O..._.M.i.C.,..D.dW
i -l...p...x..).......|.PK..?..I|...O...PK.........Q.F................
_locales/ca/..PK..............PK.........Q.F................_locales/c
a/messages.json..=O.1..w~.u...*1.VubAHEbA...{5..!.]...wrW:...l....v...
.s..."..-.Z...U [email protected]..`.......#ys&...$o
/%..:u.^.....c.....E.W...F..&H..r4...&K x..,M2..5....%........d....~. 
....[...3..ZB%..D........AK.|q.q7....e....[.kT_B...v........h...e.....
Sx...?l.h.,}i.....e.....oPK...x.."...7...PK.........Q.F...............
._locales/cs/..PK..............PK.........Q.F................_locales/
cs/messages.json..=O.1..w~.u3.....!&6.&......]...qU[...kN.v``s,...7.F.
. .^e.....Q.tjF..w.l....j.........F....`..[...j..^L...f.....-...J.
<<< skipped >>>


POST /service/update2?w=6:YDhcG6eGfow2S2ks153n8eykTLoZ0QGgz42FvRfez3BV0PX4rwVnIhIxh8kyBrI-Rg2SFoHGOlpANYjyww78prZYnHTZYDxcu3-cdB8qVTajg0JbaXvTzTapiMTZDxTNY5FpRACi4Zsanj-n9CBNqMCuS_8KH7-MB3T4YZrjLRGVSW5lmG1TnTqivb9XSelWwr9VeGlcpY2BHG5w5EuDyw9cpULNy-6cOkOPrq_8MrcExDjATGLwFbMamHhMwwaTvcwtaRCq0ljKCeZzOlIyCu0VcUrtR18vlBeWTGwC7GOjhA4ajTDNuZxY-rWl_1deYXWHvJSQkWecB9WS21V40A HTTP/1.1
X-Old-UID: cnt=0
User-Agent: Google Update/1.3.21.165;winhttp;cup
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
If-Match: "VIl5BMAbeenfoLymGZjrMmITodI"
Host: tools.google.com
Content-Length: 570
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.21.165" shell_version="1.3.21.103" ismachine="1" sessionid="{8D2FA8F0-02CA-4E13-8430-E68507412DFB}" installsource="taggedmi" requestid="{DA7E24EC-6979-444E-BAB9-608620101E98}" dedup="cr"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="" lang="en" brand="" client="" installage="-1" iid="{A7ADAE6F-6072-2BAF-4938-12670FB09148}"><updatecheck/><data name="install" index="defaultbrowser"/></app></request>
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 06 Mar 2016 07:03:51 GMT
ETag: "T_zVHPICEhPl415oJFwSXI8adA8"
Content-Type: text/xml; charset=UTF-8
Content-Length: 55051
X-Daynum: 3351
X-Daystart: 83031
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Set-Cookie: c=ANcH4TLT-ZvgxFmEk1lKQL2-oJz9x17cOmQZKoeBR1KMv8-saUI5Si-Ap1sgLMMtnnjs9WkBzXlkv55wMd5nvSHP5jGP4SfToA
<?xml version="1.0" encoding="UTF-8"?><response protocol="3.0
" server="prod"><daystart elapsed_days="3351" elapsed_seconds="8
3031"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" cohor
t="1:gu:" cohortname="Stable" status="ok"><updatecheck status="o
k"><urls><url codebase="hXXp://redirector.gvt1.com/edgedl/
release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3
avm32q8uekdzwm72hetbep16ae806g639luiti/"/><url codebase="hXXp://
VVV.google.com/dl/release2/enydvj7x05a3uha4zg4drdwbdij7120kw9kqn716968
pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luiti/"/><url
 codebase="hXXps://dl.google.com/release2/enydvj7x05a3uha4zg4drdwbdij7
120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep16ae806g639luit
i/"/><url codebase="hXXp://dl.google.com/release2/enydvj7x05a3uh
a4zg4drdwbdij7120kw9kqn716968pbkwmm1t3gi2iriid3avm32q8uekdzwm72hetbep1
6ae806g639luiti/"/></urls><manifest version="49.0.2623.75"
><packages><package fp="2.49.0.2623.75" hash="aYRxdFoh0TMR
pZtWBXykPYnzmWs=" name="49.0.2623.75_chrome_installer.exe" required="t
rue" size="44828064"/></packages><actions><action ar
guments="--multi-install --chrome --verbose-logging --do-not-launch-ch
rome" event="install" run="49.0.2623.75_chrome_installer.exe"/><
action Version="49.0.2623.75" event="postinstall" onsuccess="exitsilen
tlyonlaunchcmd"/></actions></manifest></updatecheck&
gt;<data index="defaultbrowser" name="install" status="ok">{
<<< skipped >>>


GET /thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: thankyou.postdownload.net
Connection: Keep-Alive
Cookie: __cfduid=d020726d235273a8a5cb93ae62013c11f1457247828


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4-14 deb7u14
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 27f3f32f92d12324-FRA
Content-Encoding: gzip
440.............T.s.8......n..5X.l ..$..:Ci..I..e.i.Nl..D......M.L..}.
[email protected]:...N.....a..4...d..gc.$.6;.t.^.....
.N't....yw..g...... '...4.O`..^....".}....-.GZ....)$.%-J[.n3$....X.X..
..GL.....u.K.....6...2V..L..P.i.......%........ ..#hLBb.6A.!Z...EH.1..
....S.......f.S...X.%`4/.7...,6.R.e.>W)}04KVFI........{^@....^.m...
.D...p..].RDKA...U.V../...1.<a....,b&6..&.1..J1.Qc.@E...^[email protected]
.L..q.*....!. $)..X....[.lC.^)W....L.>)....F..uu;Z......bv.......f)
..R..j_...k5...n3z...Q....eo..Z........u.gG....j.G.I...........)[.6...
f..lv...m..'{.o...........*m}....:{H;..fO..A.j.4R.Z.u...........^...L.
._....^..u..X.($..........{......[E.nJ~9{}..iX.=g. ..t;v...XI....d)V..
.....{....q....lN.....H.yx...I.. 9..K.8.\...g..Bf....9..9,...Vf.....Q%
.}.hV.5...>n.W...S..d.G.^.]i..z..\%...!p....x9y;Pi.$J[.!...o.o_..&g
t;. ...... d...#.a6?.J..g .Uf...(i,.........n...........:.d.D."y0..]NF
..R.....Y..B....C(...|t2}.~..a\...R^\......4..gV.......3y.$...c...%.'t
.....W.|.#..|..Qp..>..,.%.........*..h........6.3.Oc..c..~P....g..}
.......n.l.....V.^uV..,.P.A.'.b.....P|.4V..o.8...u...I.........a....Q.
.nC.....0......


GET /css/thanks1.css HTTP/1.1


Accept: */*
Referer: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: thankyou.postdownload.net
Connection: Keep-Alive
Cookie: __cfduid=d020726d235273a8a5cb93ae62013c11f1457247828


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:49 GMT
Content-Type: text/css
Content-Length: 435
Connection: keep-alive
Last-Modified: Mon, 24 Feb 2014 13:02:00 GMT
ETag: "8873c-36f-4f32693c04200"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Sun, 06 Mar 2016 11:03:49 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 27f3f331f30d2324-FRA
............Qn.0....S.1.R...tE...... ..hI....!)m..w.%.s..E..0)........
W.....Vl......... .c........n...".:{.j.O.9[ieZ.*Vr.i..:p.. ...E.Hi.v..
...G.Q..z81....F.>{.2`.kc...Tn:.......E..bE.:..E.!`G"..Gk$......b..
_..c/ ..m-d..}Z..1...s...Z5..%.Bh.r...'H.....)&.........J..w,.R..._.L.
.1.N.... .}.....l?......L....u..v.....0.J.^c...G.s............\...(.l.
...`W.-...i.... .q.f^.f.Y^._.M...Uq..4U7h../2j..m....:F.w.. Tz.9L.G...
sw#....\...k.wo...HTTP/1.1 200 OK..Date: Sun, 06 Mar 2016 07:03:49 GMT
..Content-Type: text/css..Content-Length: 435..Connection: keep-alive.
.Last-Modified: Mon, 24 Feb 2014 13:02:00 GMT..ETag: "8873c-36f-4f3269
3c04200"..Content-Encoding: gzip..CF-Cache-Status: REVALIDATED..Expire
s: Sun, 06 Mar 2016 11:03:49 GMT..Cache-Control: public, max-age=14400
..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 27f3f331f30d
2324-FRA..............Qn.0....S.1.R...tE...... ..hI....!)m..w.%.s..E..
0)........W.....Vl......... .c........n...".:{.j.O.9[ieZ.*Vr.i..:p.. .
..E.Hi.v.....G.Q..z81....F.>{.2`.kc...Tn:.......E..bE.:..E.!`G"..Gk
$......b.._..c/ ..m-d..}Z..1...s...Z5..%.Bh.r...'H.....)&.........J..w
,.R..._.L..1.N.... .}.....l?......L....u..v.....0.J.^c...G.s..........
..\...(.l....`W.-...i.... .q.f^.f.Y^._.M...Uq..4U7h../2j..m....:F.w.. 
Tz.9L.G...sw#....\...k.wo.....
<<< skipped >>>


GET /dc.js HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400
Date: Sun, 06 Mar 2016 06:26:25 GMT
Expires: Sun, 06 Mar 2016 08:26:25 GMT
Last-Modified: Thu, 04 Feb 2016 00:31:28 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15977
Cache-Control: public, max-age=7200
Age: 2237
...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g.
.Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i
...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X
..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p
3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q..
.......[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|
..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x.
.p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O.
...l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI
.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E
.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.
#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.&
gt;?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."..
/.kX.)[email protected].,HP........# ....d...-,.......-.j..B
S....9...%.~Sug,...`."[email protected]]..yn.i(5.....U.r..$j..0{|.i.5........
H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:
cuV=.P.q..d.....X....#[email protected][email protected].#....Q.....K.....
.A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E
.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|.
.6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..
#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B
9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b
<<< skipped >>>


POST /service/update2 HTTP/1.1
X-Old-UID: cnt=0
User-Agent: Google Update/1.3.21.165;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: tools.google.com
Content-Length: 1118
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.21.165" shell_version="1.3.21.103" ismachine="1" sessionid="{8D2FA8F0-02CA-4E13-8430-E68507412DFB}" installsource="taggedmi" requestid="{878AE5F2-1BCB-44D6-8B90-56036A5AAD00}" dedup="cr"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="49.0.2623.75" lang="en" brand="" client="" installage="-1" iid="{A7ADAE6F-6072-2BAF-4938-12670FB09148}"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="6" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="50" eventresult="0" errorcode="1" extracode1="-1606221291"/><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" source_url_index="0" update_check_time_ms="2656" download_time_ms="10813" downloaded="44828064" total="44828064" install_time_ms="11156"/><data name="install" index="defaultbrowser"/></app></request>
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 06 Mar 2016 07:04:18 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 54020
X-Daynum: 3351
X-Daystart: 83058
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
<?xml version="1.0" encoding="UTF-8"?><response protocol="3.0
" server="prod"><daystart elapsed_days="3351" elapsed_seconds="8
3058"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" statu
s="ok"><event status="ok"/><event status="ok"/><even
t status="ok"/><event status="ok"/><event status="ok"/>
<event status="ok"/><data index="defaultbrowser" name="instal
l" status="ok">{"distribution":{"make_chrome_default_for_user":true
},"variations_compressed_seed":"H4sIAAAJbogA\/ z9B3wb15UoDhMgKdFXhdCIk
oaULdFyiSKbMjDo2uxLAJKwBIsSDVKyVvtt6AEwJMcEMPDMgBL9vn1P7onXdtyddRz3Evc
Wl7jHZppTN tNcZrTq1Oek42TbJL\/OdMHGIAgKcmShd\/PHoH3nnvOueece24\/l6zP E
IRJsiEOV82yDKjo1kumB1lAukg549EvH5fxhsK P3hIHWhi6yO7UwIpUKWlXmhMMBmdvJZ
Tuhli3JJ5Ojp7114c2vEFW\/r4yU2neOyyRPJkv6C8jM lcixY56mDcs5JaGHnRw1ECU9Z
KEG52HoP1\/7iiu5mBhYPExqMdXiD23c0N3U7Vrvon7lInRsdJTP8UrpOCtx2QFWzozzhT
Eg366hSohCvlfIcsl\/JbSWNDwuCqWx8QTP5bLDIs\/mPFnGR05gTWQjInd2iZNkaWRUEE
eypXx amSUzXCyRBkMMSeTY4uiUGTHWJkbKbKStEcQsyOZcbYwxkkjsjCyh0tTeo1sVWlK
Lifl\/HmaUquploB\/44auRYHoRu9GJhhlNnq7m7vd3a7uJoolnbGSLACLudO4qbTAitlY
JsNJkiBO0dPnXf9xlPnCPm6ULeXk5CKLKPGPXqEgi0JO\/UMDAoog0UBYk2gLNVKTxAtPP
16NhMtKwmUlkU4RjUQzEBDAcgpZUeCzQ4AV5LxNkPlRPqPIXKKnf\/S1ZxQSTjLLWmk0Wa
k3pZZRiwIhFFkgHN3o73avb9n13TsvvIxQZx8ggsvtBBXxaSQPUh2bDYLXuAilU THCnxh
ECxKwAaoYWKSrcTl9XTgPz71Hwawwz9 9Z AmhhU\/wmpiWH4B3jTcGA58y8onlpDLQ74k
B8mzGwM Ltagj7VkMBeUddfc5HlsWIxzhYKnAitbGyME6Fl0tM\/uPBFmx3FLFVmFpEFWV
7kMjLl8jFLSBtfMP9cTBbm UJJ5iTKFWQIaZUFmc1RLibZR0hsbExEeU9y0JjnhsXW
<<< skipped >>>


GET /chrome/intl/en/welcome.html HTTP/1.1
Host: tools.google.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36
X-Client-Data: CKW2yQEIxLbJAQj9lcoB
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com/intl/en/chrome/browser/welcome.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 06 Mar 2016 07:04:24 GMT
Server: sffe
Content-Length: 255
X-XSS-Protection: 1; mode=block
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com/intl/en/chrome/browser/welcome.h
tml">here</A>...</BODY></HTML>..HTTP/1.1 302 Foun
d..Location: hXXps://VVV.google.com/intl/en/chrome/browser/welcome.htm
l..Cache-Control: private..Content-Type: text/html; charset=UTF-8..X-C
ontent-Type-Options: nosniff..Date: Sun, 06 Mar 2016 07:04:24 GMT..Ser
ver: sffe..Content-Length: 255..X-XSS-Protection: 1; mode=block..<H
TML><HEAD><meta http-equiv="content-type" content="text/ht
ml;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD>
;<BODY>.<H1>302 Moved</H1>.The document has moved.&l
t;A HREF="hXXps://VVV.google.com/intl/en/chrome/browser/welcome.html"&
gt;here</A>...</BODY></HTML>......



GET /Installer/Flow?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&version=4.4 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: data.getserverinfo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 06 Mar 2016 07:03:38 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 10642
Connection: keep-alive
..Sv.NlmsAxc.2..*.JqaEv`.5. ).Bkmnjf`grQsoa"8,$.Fmkcsez_oajgRvjdo
"8.(.% O_fGew.2.AIBS^?UPM=IM]RMDN Qj^op_o_[XAkd_j.nsv.x FF=TXARLQ
ANRZMN>P.Mnbtu\j`UZJ[hh.PpTW:kfanEnqoYgeco.qbr '.M^eH_x24 5.CDC
VYBQRP@FOXSP?Q.SmalrZpbV[=mgbg.ity.{.HI@QZ<SOLDJT][email protected]_m]WUK^
ck*RsWT<fgdiHjsr\dg^p.len"*.J`imonM]mc.2.:kfan>rmrk`k ).Ono
bp[oBB.4154.3$.:jt[xoOda]m.8-&!EsU\ao?moCmot_gd.3/).DteSMD.3 ensl:
-*Yhbel\hj.a_fhZgi(qq/?habhBfmsni`)]s^ ).DteSMD-.8.bspp8*'\fgdiaen
,^\if_ff-nu-<ed`mAcrprg]&`qc.&!?okhYi]Jfhd.: ..<fgdiCesr
ma]'cu_.)-qdd`gr.',nfp8/32/43.)-s\Wm_p:=G=NL@DZ066 65  (e\dc*^
dbasgl8*.*'o]rri]mXlbq^qrj8`omn7).iebdYghed_q*rs*Ykb-p[uaPmnl]Zah9
skkci5hBA>mNLJ0ok!`sf^< _]BMD=$pcf9$]ZKD@$lpq9$]ZGQK$o_e9764)22$
`bh`=00*3.a^cc925/.ornb7`iiej..% L`earSMD.3 ensl:-*kmo,P?QREP?9O:QOP-_
ok*'j_dblr DwiYhbaL`earQ^j`^l<iebepd\8/12 onobp[obb:,8006!\dlrf
^</050.g^_aj<.912.^hsknquib8*1 $psr^ir8 -.bc\<,&f]50.gp[f
c=.!n`kqfim94,/.`qrblm]l; .'.P^nd.: ,$.:bacseol\d?Zr^.9."*.9i
mgscqqscnJ``Ibsr.: VU.% M[xkur.2(**.?ebeaoaq^ 7'0("NmghhrfimN
ar`.5&/).Cesam]kZl`sQ]tc.2(**.Mkaen<^o^pFhrpajg.5)*.Phnts\dJ_db
lBkmk\f_Egk_!6nsgd'.A^hQqn?n;c^ah\nt"8ojp^*.LtjIl<_bkcpmhr
eGikoZji_q.: ,.'.PrhHjRcbmgZpFhrpajg]m.8. !("Nm]@qcO_rqlrO]mf
 7./., Kj`>vbLdoujoN\esb.9.0 '.Khqq?waRcnmgmRbll.:  .'.Nlms
AxcM]nnjqP`huc.2.) ).OksrM]bDcv-1.: CC@R]@OQNELOWPLCO.RkfrrYm^ZY;legm.
hqu.y.GGEWZ;PKPBHS[[email protected]]rcWTHZgi(Qq\Z<ed`mFhrpajg]m.pcl!(
<<< skipped >>>

GET /Installer/Track?pubid=1955&distid=3075&productid=2937&subpubid=0&campaignid=0&networkid=1&reqid=398451200&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&d1=51796&d2=43&d3=-1&d4=-1&d5=-1&ds1=&hb=5&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&status=0&installedid=2937&offerscreenid=&offerorder=5&downloadduration=3281&installduration=47&issecond=0 HTTP/1.1


User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: data.getserverinfo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 06 Mar 2016 07:03:42 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8
Connection: keep-alive
..OK......


GET /Installer/TrackFinish?reqid=398451200&x=y&clickid= HTTP/1.1


User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: data.getserverinfo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 06 Mar 2016 07:03:42 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8
Connection: keep-alive
..OK..HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html
; charset=utf-8..Date: Sun, 06 Mar 2016 07:03:42 GMT..Server: Microsof
t-IIS/8.0..X-AspNet-Version: 4.0.30319..X-AspNetMvc-Version: 4.0..X-Po
wered-By: ASP.NET..Content-Length: 8..Connection: keep-alive....OK....



GET /ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Sat, 13 Feb 2016 15:26:42 GMT
Expires: Sun, 12 Feb 2017 15:26:42 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 6091
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1870619
[email protected]..~...e.#K.$.#A..=.!%J|iz...
;@Z.:...y..}..........X.H~{G...O~......-.M^[email protected]........
....!/.Ms.\\...'t.&qy..........hN.,fE..r*.V.f..O.>.."...G._.... s.W
O8f....v...dJ>O...H ..o..>..! v.o~y...gg.....#.D.,?BwgQ...&.,B.h
.%. .'.d.1...R...&.M...1..l.3.?.u..t.B.u...F....e....&q..7.bq.bv| ....
....... V..z;.j.A_.kr.I.J...e.z..A.yV0........0..5i.C.%,. .L..iY4Q.}..
.t......y..U.q.h.f..-K.....3.6...H..Y..|..u.....\d[T.........>.....
.|...Y...T.*...<..X..F.S.:.4..G.<.r`k.&?........0.p.w gEcN..=.'8
a...E......~...$OXJOy.s)...ud..\tQ.Z$$;..|.}[email protected]^...S2.gn.h......;V.
yy.!...{4..U%D>x....{...2.SV....!Y<....3..e...cMTb.5.,f...r..$Or
..%X...78.I.>[email protected].<.W 
EY.h.<.U.l2c.....V.J..T.^...owo.....(...|...Sh..~x..l..ovyY.7...M..
. ..v2.%.j....Np1_....4...M...9.~.,y.V..b.-...i.&i.q...W7......*1.QP.k
:C..^.k6..T.\.u,..LW.(S<)5.............X...ZW...#.UC*.:nT;.....\<
;._.. J.YK.:9.H}3....U.B..$..W..f$l]^[email protected].,(."
......l.%........:.A..y.'n.. ..j:.q2.]r..M...j.JSQ....i.8...J...".iZ.V
.....5..'S:.*..C..V.Y.!S.k*.:FT.tv...1.P.A.e..r.h......-..uGZ6.(.....l
..!5....z....2M!.?.G.........'....U>..-aH/ .E.D.T{J..C!...tK.!.a.v.
.~......$....5 ..xj.u...P...x.@ F{..S..R.O.<d#.E%PS.//......5fV.4..
.1..S.......mw..#..o Q. .....p_yI..ox.....UM.uP....b.v0GE.....A....X.!
pX4.......Y-o..f9.....L.p$.........;..P...Q.b........mZe..$s..].8..t..
.M...o......X...S".>..1A*.....2h......D.j8Y..wL..^.| ....1...`C
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/jquery-ui.min.js HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Tue, 16 Feb 2016 15:36:03 GMT
Expires: Wed, 15 Feb 2017 15:36:03 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 51519
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1610858
............y{.Gr8...}...#c...P>......X.e;...Cs...`H.......{.......
l.&...."..............u].......w....E....u<...._........6..urt4.7..
._,/....Z.O...R/...........k(....ka%...i.../..k.`....,.7..WW..U....H_W
[email protected].*=...2...^.....U(...J..]..e..I......5...9...e^]...&...
.....e...y...f.-..j..}V....r.._o.._W.j.oW~..4..0....htP..|9.....z...j.
......o...'[email protected].......~x.........j...../^........G._g..
...d".o..A..E.......4./.......f...m.z...N<.'.([UY..i..'P.....o.....
..*..hUm.W...?[U...p..NZ.>L..2......3K.NT_NO.TBb...;.FgQ|:8........
,.w.~..^\]o.|......G......sH>.o...S.c.NY....I....j.ER..v........H..
.T....-.W.|..&.|S......Y..^=}.....k..V.......Q.........v...[.v..`:U.wq
.^-......O....f.;....A..3..G...Z..)ndn.1j..E..).@r.........'O....O.>
;O..O.|...7.=...x .~....(.....Y..P.|....^..?....!..$|.....I...g..y..y.
.g..w?}.|2....G......H....W.....s..w/.'.>./.}.....'.........o......
..O..y..Y2.|.>.=......n8.I/......2T)....*.....~..7?C.g*....}.....&.
/..O.......O.....G.....x........?.R.....t...U|t,^?.k...._..^|.......b.
.'..?7p...l6..R....~f.(.L..........ctZ%.m._U..A. .....U4F..WY1....k.b.
h]m^....zc..:e..ubQ<xP....!q..b.'.*...]]..3`g...%..(..V...{:%..w>
;.."_-....].......z.m.b......*...:,..N..g.........zS. 6.i...m;.G...V5.
....R..;...1.c.=..[.yK.%...|...t[.z........T.v.qr.....'.h..o#.b.mc.<
;.*.!..N.........P.|W.-....u.\8...H...U...%....JLFog...... |.....n....
.-W...|...o.8..f..........M.t......;...f.v&.@..~.&6...?ok'..[.`....zE.
.b...C...H..........$(...f.Y.Q...[........=..H.z......7...j.].q|p.
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Sat, 13 Feb 2016 15:29:00 GMT
Expires: Sun, 12 Feb 2017 15:29:00 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 3457
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1870481
.PNG........IHDR.......d.....p..}...HIDATx...K..N................q..B.
...6...._.d.c.......*...V......|U.......w-...p..>Z..........`......
......`............`............`............`............`...........
.`............`.......@.....:n.K>.u.....X..V..G........l.9......j6.
x..xu..y...I... gZ.D.L...........4[OG.8.|d.....;.N[O..lz.M....{..ne.Z1
..VlO...e..k.g.........k.6.r..........be'`t#..zu39.|[..6=9....4..H."..
.-Cd.D.z.3c.g...S.,..D7.h.H=O.F6.{7.....H6G...S.......U.9.%w....`C....
.y.G^@......O..........0.l.....0.Z.4..H..[.k..Z..Z..zm].v.......J.$ZMZ
..yK.....Z.4.Z.Z.Z.Gr..M..j.b..Z^.1c.E........,....6&.9....3)....[W.vH
...a...k~....,.........1..k.R..........iWd....M.V..O)..?y.....W...._&l
t;....p.p....`............`..b.......:............:.............Xj)...
w.....-?M.bE|[...I.eki......&.U.6.........l4.[..N.F.....|...qc.Zj.7...
..;.f/..w..=......}L[...k.E.S/.x....3-...^.R....."Z.........[........:
.;...n.Z..~.....;.....%w....P7...'R^....E[?.C...X.$.^Y.Yj...}...iS.O..
...m........r%..4yy.r..I.....Io...'i..;..._....K.7.%.Q../.\......X....
3;_........[...[..ti.........._.-..Z.l;j)e.L.lyf"Dm..^4...-.|G.E VdRD.
.M....S[.{.i6G...~/7V.h....M..;^.1~.}.;......=9.]S2....y.w|Y.#s(..X..;
....:=....Y_#.\r......RkY.$.e.mk..n.E|..m|....kk...O.......'......-..n
.z..XZ}m\H.._e.....V.x9........!.../.xs......f.......5.Zl .......x....
.].?/..9r......h...]^}M....<....;..........p.p....`........}.....n.
.~....4............. ^=..kc...|j..4{u[.......H.2...Y1......R..|x.5M...
...j..4.%..x......!ij....bXcT..^[$=V.4<m^.=~..Yo.E..s..>....
<<< skipped >>>


POST /service/update2 HTTP/1.1
X-Old-UID: cnt=0
User-Agent: Google Update/1.3.21.165;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: tools.google.com
Content-Length: 595
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.21.165" shell_version="1.3.21.103" ismachine="1" sessionid="{8D2FA8F0-02CA-4E13-8430-E68507412DFB}" installsource="taggedmi" requestid="{E4C56404-DF02-4DDE-BD64-75F0804BA202}" dedup="cr"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" version="" nextversion="1.3.21.165" lang="en" brand="" client="" iid="{A7ADAE6F-6072-2BAF-4938-12670FB09148}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="2594"/></app></request>
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 06 Mar 2016 07:03:51 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 233
X-Daynum: 3351
X-Daystart: 83031
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
<?xml version="1.0" encoding="UTF-8"?><response protocol="3.0
" server="prod"><daystart elapsed_days="3351" elapsed_seconds="8
3031"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" statu
s="ok"><event status="ok"/></app></response>..



GET /scripts/1/adnl.min.js HTTP/1.1
Accept: */*
Referer: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:49 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 59620
Connection: keep-alive
Vary: Accept-Encoding
Content-MD5: /T8nMvFG2QmEs5mdNjYJVQ==
Last-Modified: Tue, 01 Mar 2016 14:18:31 GMT
ETag: 0x8D341DC5DDFDAAE
X-Node: cdn2
Server: NetDNA-cache/2.2
X-Cache: HIT
// CAST Delivery Agent v4.4.28 #14:18.!function(global,undefined){Arra
y.prototype.indexOf||(Array.prototype.indexOf=function(e,t){if(this===
undefined||null===this)throw new TypeError('"this" is null or not defi
ned');var n=this.length>>>0;for(t= t||0,1/0===Math.abs(t)&&(t
=0),0>t&&(t =n,0>t&&(t=0));n>t;t  )if(this[t]===e)return t;re
turn-1}),"object"!=typeof window.JSON&&(window.JSON={},window.JSON.str
ingify=function(e){if("[object Array]"===Object.prototype.toString.cal
l(e)){if(e.length>0){for(var t=e.length,n=[],a=0;t>a;  a)n.push(
this.stringify(e[a]));return"[" n.join(", ") "]"}return"[]"}if("object
"==typeof e&&null!==e){var n=[];for(a in e)n.push('"' a '": ' this.str
ingify(e[a]));return"{" n.join(", ") "}"}return"string"==typeof e?'"' 
e.replace(/"/g,'\\"') '"':e},window.JSON.parse=function(text,reviver){
function walk(e,t){var n,a,i=e[t];if(i&&"object"==typeof i)for(n in i)
Object.prototype.hasOwnProperty.call(i,n)&&(a=walk(i,n),a!==undefined?
i[n]=a:delete i[n]);return reviver.call(e,t,i)}var cx=/[\u0000\u00ad\u
0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\u
feff\ufff0-\uffff]/g,j;if(text=String(text),cx.lastIndex=0,cx.test(tex
t)&&(text=text.replace(cx,function(e){return"\\u" ("0000" e.charCodeAt
(0).toString(16)).slice(-4)})),/^[\],:{}\s]*$/.test(text.replace(/\\(?
:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|fals
e|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g,"]").replace(/(?:^|:|,)(?:\
s*\[) /g,"")))return j=eval("(" text ")"),"function"==typeof reviv
<<< skipped >>>

GET /images/4b0f3d20-4d8d-41d7-8a7a-a77178b97528.gif HTTP/1.1


Accept: */*
Referer: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Mar 2016 07:03:50 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 13670
Connection: keep-alive
Vary: Accept-Encoding
Content-MD5: eyz7D02VKQQksLklBZoVFA==
Last-Modified: Thu, 04 Dec 2014 10:01:53 GMT
ETag: 0x8D1DDC076D897EE
X-Node: cdn2
Server: NetDNA-cache/2.2
X-Cache: HIT
GIF89a,......}}}............MMMW.W...kkk|.|#.#...!!!DDD...............
.........G.G.........l.l...............5.5BBB............___E.E...dddu
uuJ.J...g.g:::......\.\......p.p...SSSr.r===...222......U.U...@@@c.c..
.....r.......;.;_._Z.Z......p.p......... . YYY..................y.y...
.................................w.wj.j.........x.w...................
.....}}....::.__....MM.h.h0.0...............t.t.......................
...................oo..................................!!.............
..........................................O.P.........................
..............@[email protected][email protected].....
[email protected]./...O.Og.h...s.t......@.@L_L...h.ht.tt.s0.0qqq
?.?...ooo.........O.PP.P...opp/.0......ppo......L`L.........OOO.......
...........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." i
d="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta
/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02    
    "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synt
ax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.ad
obe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/Re
sourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDoc
umentID="xmp.did:A4A78CC98D6BE21185BEE3BFB6FE5251" xmpMM:DocumentID="x
mp.did:22D5AAB67B9511E4968E98D80F6EFFFE" xmpMM:InstanceID="xmp.iid:22D
5AAB57B9511E4968E98D80F6EFFFE" xmp:CreatorTool="Adobe Photoshop CC 201
4 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2
<<< skipped >>>


GET /ajax/libs/jquery/1.5/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Sat, 13 Feb 2016 15:24:22 GMT
Expires: Sun, 12 Feb 2017 15:24:22 GMT
Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 29910
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1870759
...............F.&....D...1.d...*P.[.]V]oe...bRn..Ip..T...}.y.y.9.9...
..\..{.K.....-..y..o...._o...._....t.o..o.d.S......'.3..7a.3{...t..P*&
gt;.\o>n..t.x...R......O.......x.X.i..e...j.m..i......z.....6..mw.z
.xb............}.J.7.l.x...."k.vN....v..'.|K}x...._..S..:.l?e.,>..j
.x.J5...;...M.c..B....].m|~...2|......V...E.K.:.....R4..*...[#..8..f..
..1j.....h}K..8....({.q.EQ..~..e..f..{....q{.o..^J...cQ....c...:......
]..|....[.3/h..M...].^..}...FI;..|o..6...zI{.-..2?.Qe)..[.W.w8......,.
...qCQz.C.W.C....H..co...t..#Z.U.....G.0T...r.]*.(;o.}:.O..0..AO7..M$.
(.~..L.*.m.....C....,K...].n...x....o.y..G/8R.........u...m..2...}}..P
...~.f.X.#...x..1.q#..?...4G4....85...J.{Z.x.../.....&.M.S%...A.C.YT$.
..fYM.T.Q.^d..~.fj.e..P-.R..Zmz..$..M...I...fBk{....=..D..-5...T.z..b.
w.m..x...`....].f..t.....)5....".s..!....<..y..e.]...E.....0......5
..\...`9<....1....*..D..a.....Y.n...i...o.....Z.....R..`6..J.\.&._S
.z........M..G..*Z.q.f..H.4W............._7d........]....D[.ZQ^c..>
.j..u...... ..k.....f[....Frv2..=.{,....z.f......y.....Xs...34..g....A
>.F#...n..".e.34n...x...K.P.).........'..'..7YL ..t...Ih...i`...z..
....m....w:.tV....1.Dg..`...w...l$.._...........!.5....typ.E...[..wZ.d
..(:1..e4.....W.1Z.....~......\\$.....%...G.^.C..1.l.8..!jly....s5....
X..-Z...$$x.....s........hu..]. J.EE.._....4..r...a$.]......Zc.Z......
..C.N1M?..U..tB...._.N...D.......a`.E....QW..i..'4...........{...mHZ..
.6.A.E4...s...S.(..&......"JB...].E..[.....v.n.N....G{./e.4d4.f.....rw
..Aww..>..V....^..M)....$eP..]..p%M....|.e..O'.1M...0..,...nu..
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=3075&leadp=2937&countryid=262&sysbit=32&dfb=0&hb=5&isagg=0&version=4.4&external=0&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Sat, 13 Feb 2016 15:29:00 GMT
Expires: Sun, 12 Feb 2017 15:29:00 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 88
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1870481
.PNG........IHDR.......d.....G,Z`....IDAT..c.....&.....G0..ed.......w.
..........IEND.B`.HTTP/1.1 200 OK..Content-Type: image/png..Access-Con
trol-Allow-Origin: *..Timing-Allow-Origin: *..Date: Sat, 13 Feb 2016 1
5:29:00 GMT..Expires: Sun, 12 Feb 2017 15:29:00 GMT..Last-Modified: Fr
i, 27 Nov 2015 19:30:24 GMT..X-Content-Type-Options: nosniff..Server: 
sffe..Content-Length: 88..X-XSS-Protection: 1; mode=block..Cache-Contr
ol: public, max-age=31536000, stale-while-revalidate=2592000..Age: 187
0481...PNG........IHDR.......d.....G,Z`....IDAT..c.....&.....G0..ed...
....w...........IEND.B`...



GET /portal/redirect.php?id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&d=ez-download.com&p=Google Chrome&pid=3 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.postdownload.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Date: Sun, 06 Mar 2016 07:03:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d020726d235273a8a5cb93ae62013c11f1457247828; expires=Mon, 06-Mar-17 07:03:48 GMT; path=/; domain=.postdownload.net; HttpOnly
X-Powered-By: PHP/5.4.9-4ubuntu2
Set-Cookie: PHPSESSID=5vsjqop7sovfc2kqoa806s1nu5; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
location: hXXp://thankyou.postdownload.net/thankyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChrome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4omho0-5a57feaac538ca4039488dadb464f739&c=0
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 27f3f32d42912756-FRA
0..HTTP/1.1 302 Found..Date: Sun, 06 Mar 2016 07:03:48 GMT..Content-Ty
pe: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Set
-Cookie: __cfduid=d020726d235273a8a5cb93ae62013c11f1457247828; expires
=Mon, 06-Mar-17 07:03:48 GMT; path=/; domain=.postdownload.net; HttpOn
ly..X-Powered-By: PHP/5.4.9-4ubuntu2..Set-Cookie: PHPSESSID=5vsjqop7so
vfc2kqoa806s1nu5; path=/..Expires: Sat, 26 Jul 1997 05:00:00 GMT..Cach
e-Control: no-store, no-cache, must-revalidate, post-check=0, pre-chec
k=0..Pragma: no-cache..location: hXXp://thankyou.postdownload.net/than
kyou1.php?pd=1&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=GoogleChr
ome&ts=1457248225&id=t3k9n9hc2r9ot48ft9t7cq6m3q9s860ajm5car29ro97hu4om
ho0-5a57feaac538ca4039488dadb464f739&c=0..Vary: Accept-Encoding..Serve
r: cloudflare-nginx..CF-RAY: 27f3f32d42912756-FRA..0..
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1156:

.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe /PID=1955 /SUBPID=0 /NETWORKID=1 /DISTID=3075 /CID=0 /PRODUCT_ID=2937 /SERVER_URL=`omn7).`ar\&b^rp_qrepdfah,`il /CLICKID= /D1=51796 /D2=43 /D3=-1 /D4=-1 /D5=-1 /PRODUCT_PRIVACY= /PRODUCT_EULA= /PRODUCT_NAME= /EXE_URL= /EXE_CMDLINE= /HOST_BROWSER=5 /THANKYOU_URL=`omn7).swu)hjlraivjlm\\)gcq)okrr\d*kcacqacr)hci=f^<p3i4f4aa/l8kt23^o2r4]p2m1l1n14-[ii5a\j-2pl36du2jech.*/`17d`Y\\302b]4..1/16a[c^44/^2,7#^<az _grgjl[c*cmh
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\instructionsalgk4.exe->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\instructionsalgk4.exe
1.2.2
Extract: %f
%u byte%c
(%u byte%c)
%d.%d%d Ë%c
inflate 1.2.2 Copyright 1995-2004 Mark Adler
GetProcessHeap
nsisunz.dll
operator
GetProcessWindowStation
portuguese-brazilian
Gg.uz
DSQl
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.zip
tionsalgk4.dat
rd.zip
NSTRU~1.DAT
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp2.tmp
c:\%original file name%.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nse1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp2.tmp
/PID=1955 /SUBPID=0 /NETWORKID=1 /DISTID=3075 /CID=0 /PRODUCT_ID=2937 /SERVER_URL=`omn7).`ar\&b^rp_qrepdfah,`il /CLICKID= /D1=51796 /D2=43 /D3=-1 /D4=-1 /D5=-1 /PRODUCT_PRIVACY= /PRODUCT_EULA= /PRODUCT_NAME= /EXE_URL= /EXE_CMDLINE= /HOST_BROWSER=5 /THANKYOU_URL=`omn7).swu)hjlraivjlm\\)gcq)okrr\d*kcacqacr)hci=f^<p3i4f4aa/l8kt23^o2r4]p2m1l1n14-[ii5a\j-2pl36du2jech.*/`17d`Y\\302b]4..1/16a[c^44/^2,7#^<az _grgjl[c*cmh
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
WUSER32.DLL
Googlechrome

rd.exe_580:

.text
`.rdata
@.data
.rsrc
@.reloc
SSh,bJ
.CGy,
SShT&J
<9%u3
FTPj
YPSSSh
,4,56,789
xSSSh
FTPjKS
FtPj;S
C.PjRV
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
%d/%d/%d %d:%d:%d
X:X:X:X:X:X
large file support is disabled
unknown operation
SQL logic error or missing database
foreign_keys
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_log
sqlite_source_id
sqlite_version
sqlite_attach
sqlite_detach
sqlite_stat1
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_table
GetProcessHeap
RowKey
3.7.16.2
SQLite format 3
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
922337203685477580
SQLITE_
?API call with %s database connection pointer
OsError 0x%x (%u)
os_win.c:%d: (%d) %s(%s) - %s
delayed %dms for lock/sharing conflict
%s\etilqs_
%s\%s
cannot limit WAL size: %s
2nd reference to page %d
invalid page number %d
%s(%d)
keyinfo(%d
%r %s BY term out of range - should be between 1 and %d
Expression tree is too large (maximum depth %d)
too many SQL variables
variable number must be between ?1 and ?%d
too many columns in %s
%s OR name=%Q
type='trigger' AND (%s)
table %s may not be altered
sqlite_
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
duplicate column name: %s
too many columns on %s
DELETE FROM %Q.%s WHERE %s=%Q
sqlite_stat%d
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
foreign key on %s should reference only one column of table %T
a JOIN clause is required before %s
cannot modify %s because it is a view
table %s may not be modified
Cforeign key mismatch - "%w" referencing "%w"
error during initialization: %s
no entry point [%s] in shared library [%s]
unable to open shared library [%s]
sqlite3_extension_init
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
%s:%d
no such index: %s
SCAN TABLE %s %s%s(~%d rows)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
sqlite_master
sqlite_temp_master
vtable constructor did not declare schema: %s
vtable constructor failed: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
%s (~%lld rows)
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid<?)
%s (rowid>?)
%s (rowid>? AND rowid<?)
%s (rowid=?)
%s USING INTEGER PRIMARY KEY
%s USING %s%sINDEX%s%s%s
%s AS %s
%s TABLE %s
%s SUBQUERY %d
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
foreign key constraint failed
unable to use function %s in the requested context
zeroblob(%d)
CREATE TABLE %Q.%s(%s)
%s %T cannot reference objects in database %s
default value of column [%s] is not constant
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
no such collation sequence: %s
%s - %s
malformed database schema (%s)
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
a NATURAL join may not have an ON or USING clause
%s.%s
%s-shm
bind on a busy prepared statement: [%s]
%s: %s
%s: %s.%s
%s: %s.%s.%s
misuse of aliased aggregate %s
not authorized to use function: %s
too many terms in %s BY clause
EXECUTE %s%s SUBQUERY %d
%.*s"%w"%s
%s%.*s"%w"
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
Cannot add a PRIMARY KEY column
invalid name: "%s"
automatic extension loading failed: %s
d-d-d d:d:d
d:d:d
d-d-d
M@d
SELECTs to the left and right of %s do not have the same number of result columns
LIMIT clause should come after %s not before
ORDER BY clause should come after %s not before
BmTindexed columns are not unique
Recovered %d frames from WAL file %s
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
freelist leaf count too big on page %d
Fragmentation of %d bytes reported as %d on page %d
Multiple uses for byte %d of page %d
Corruption detected in cell %d on page %d
On page %d at right child:
On tree page %d cell %d:
btreeInitPage() returns error code %d
unable to get the page. error code=%d
Page %d:
Outstanding page count goes from %d to %d during this analysis
Pointer map page %d is referenced
Page %d is never used
sqlite3_get_table() called with two or more incompatible queries
no such vfs: %s
%s mode not allowed: %s
no such %s mode: %s
MJ delete: %s
-mjX9X
MJ collide: %s
%s-mjXXXXXX9XXz
database %s is locked
cannot detach database %s
no such database: %s
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
unknown database: %s
unknown database %s
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
PRIMARY KEY must be unique
constraint %s failed
%s.%s may not be NULL
database schema is locked: %s
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
cannot VACUUM - SQL statements in progress
misuse of aggregate: %s()
constraint failed at %d in [%s]
abort at %d in [%s]: %s
database table is locked: %s
cannot change %s wal mode from within a transaction
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot commit transaction - SQL statements in progress
cannot release savepoint - SQL statements in progress
no such savepoint: %s
cannot open savepoint - SQL statements in progress
statement aborts at %d: [%s] %s
cannot use index: %s
at most %d tables in a join
cannot open value of type %s
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
unsupported file format
no such trigger: %S
unable to open database: %s
database %s is already in use
too many attached databases - max %d
sqlite_sequence
there is already an index named %s
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
no such index: %S
unable to identify the object to be reindexed
no such table: %s
%s.%s.%s
too many references to "%s": max 65535
sqlite_subquery_%p_
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
cannot open %s column for writing
no such column: "%s"
indexed
foreign key
cannot open view: %s
cannot open virtual table: %s
sqlite_altertab_%s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
table %s has no column named %s
sqlite_autoindex_%s_%d
index %s already exists
there is already a table named %s
virtual tables may not be indexed
views may not be indexed
table %s may not be indexed
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table "%s" has more than one primary key
CREATE TABLE %Q.sqlite_sequence(name,seq)
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
view %s is circularly defined
table %S has no column named %s
%d values for %d columns
table %S has %d columns but %d values were supplied
*** in database %s ***
unsupported encoding: %s
foreign_key_check
foreign_key_list
no such column: %s
there is already another table or index with this name: %s
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
-- TRIGGER %s
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
table %s may not be dropped
sqlite_stat
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
Error %d has occurred.
Error %u in WinHttpReadData.
Error %u in WinHttpQueryDataAvailable.
F%D,3
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WINHTTP.dll
PSAPI.DLL
KERNEL32.dll
EnumChildWindows
CreateDialogIndirectParamW
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
URLDownloadToFileW
urlmon.dll
IPHLPAPI.DLL
GetCPInfo
.?AV?$CAtlExeModuleT@VCSmartInstallerModule@@@ATL@@
.?AVCWebPage@@
zcÁ
{A0386B19-B7E7-4BE7-B567-ABF77CBB6E60} = s `ATLExeServer'
`ATLExeServer.EXE'
val AppID = s {A0386B19-B7E7-4BE7-B567-ABF77CBB6E60}
ForceRemove {FA20B59B-21AA-44FC-8A68-450979B7CC90} = s 'CBrowserExternals Class'
val ServerExecutable = s '%MODULE_RAW%'
TypeLib = s '{03771AEF-400D-4A13-B712-25878EC4A3F5}'
ForceRemove {622D38AD-B4A9-4170-8192-5B865C6A5DCE} = s 'CBrowserExternalImp Class'
ForceRemove {6D4506CE-F855-4657-AA38-DB6B1F733982} = s 'CBrowserExternal Class'
stdole2.tlbWWW
~cmdWd
OpenUrlW
urlWd
method OpenUrl
Created by MIDL version 7.00.0555 at Wed Jul 09 20:02:58 2014
llo%srt
<BUTTON onclick='window.external.OnClick(theBody, "red");'>Red</BUTTON>
<BUTTON onclick='window.external.OnClick(theBody, "green");'>Green</BUTTON>
<BUTTON onclick='window.external.OnClick(theBody, "blue");'>Blue</BUTTON>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
5~6!7$8*8
6m6
7'8 8/83878;8?8
9&989`9~9
4 4D4[4
: :':,:::
=6=[=~= >
296@6,737
5 5$5(54585
4 4$4(4,40444
5 5$5(5,5054585<5@5
3 3$3(3,3034383
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
THANKYOU_URL
EXE_CMDLINE
EXE_URL
SERVER_URL
execmdline
exeurl
\Microsoft\Windows\Cookies
cookies.sqlite
sqlite
\Mozilla\Firefox\Profiles
Found cookie in Chrome!
SELECT value,last_access_utc FROM cookies WHERE host_key LIKE '%
\..\Local Settings\Application Data\Google\Chrome\User Data\Default\
\..\Local\Google\Chrome\User Data\Default\
Chrome_WidgetWin_1
Exception opening/reading chrome cookies
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
OLEACC.DLL
SELECT url FROM moz_places WHERE url LIKE '%
places.sqlite
\PreExe_ID_
\default.html
Safari.exe
Opera.exe
firefox
chrome
http\shell\open\command
Opera.HTML
IE.AssocFile.HTM
FirefoxHTML
ChromeHTML
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Software\Mozilla\Mozilla FireFox
SOFTWARE\Mozilla\Mozilla FireFox
SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}
virtualoffercmd
\PostCheck.exe
opera
&chromev=
CHROMEVERSION
@@exeurl
AntivirusesRegKeys
RegKey64
RegKey32
PostExe
PreExe
ReportName
RegKey
ExeURL2
ExeURL
OfferURL
I{A33DE4AA-9646-4E33-9E44-E472C6312E2F}
OLEAUT32.DLL
Mscoree.dll
888816666554443
6666554443
!6666554443
virtualoffercmd:
/REPORTURL=
_2nd.exe
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KKERNEL32.DLL
WUSER32.DLL
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rd.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}

iexplore.exe_1944:

%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

chrome.exe_2824:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
Ht.Hu:
j.Yf;
_tcPVj@
.PjRW
user32.dll
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\b\build\slave\win\build\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s:%d: %s
CHROME_CRASHPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\content\app\crashpad_win.cc
hXXps://clients2.google.com/cr/report
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
--annotation requires KEY=VALUE
duplicate key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
--handshake-handle or --pipe-name is required
--handshake-handle and --pipe-name are incompatible
SetProcessShutdownParameters
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
PrepareNewCrashReport failed
FinishedWritingCrashReport failed
CHROME_MAIN_TICKS
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
CreateNamedPipeW
NtOpenKeyEx
MetricsReportingEnabled
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
CreatePipe
--handshake-handle=0x%x
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
WaitNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe: expected
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s; %s
0.8.0
%s.%s,%s,%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
POWRPROF.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
<failed to retrieve error message (0x%x)>
(0xx)
0x%llx   0x%llx (%s)
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
Windows NT
0123456789
.syzygy
.thunks
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
ShellExecuteExW
chrome.exe
ClearCrashKeyValueImpl
GetUploadedReportsImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
RPCRT4.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
WINHTTP.dll
VERSION.dll
WINMM.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
DisconnectNamedPipe
WaitNamedPipeW
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
zcÁ
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="49.0.2623.75" version="49.0.2623.75" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
6&6*6/666
2 2$2(2,202
<&</<6<{<
2(20262<2
(030=0?2
> >,>;>`>
=(=,=0=\=|=
3 3$3(3,3034383<3
chrome_watcher.dll
crashpad_handler.exe
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
chrome.dll
chrome_child.dll
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
F-chrome
-chromeframe
WebAccessible
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
yntdll.dll
Cntdll.dll
wow_helper.exe"
Dkernel32.dll
gdi32.dll
xntdll.dll
SOFTWARE\Policies\Google\Chrome
reports
settings.dat
winhttp.dll
shell32.dll
script.log
resources.pak
chrome
pepflashplayer.dll
Software\Google\Chrome\BrowserCrashDumpAttempts
Software\Google\Chrome\BrowserCrashDumpAttemptsSxS
Software\Google\Chrome\BrowserExitCodes
${windows}
Fmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.exe
USER32.DLL
portuguese-brazilian
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Program Files%\Google\Chrome\Application\chrome.exe
49.0.2623.75
chrome_exe

chrome.exe_3068:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
Ht.Hu:
j.Yf;
_tcPVj@
.PjRW
user32.dll
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\b\build\slave\win\build\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s:%d: %s
CHROME_CRASHPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\content\app\crashpad_win.cc
hXXps://clients2.google.com/cr/report
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
--annotation requires KEY=VALUE
duplicate key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
--handshake-handle or --pipe-name is required
--handshake-handle and --pipe-name are incompatible
SetProcessShutdownParameters
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
PrepareNewCrashReport failed
FinishedWritingCrashReport failed
CHROME_MAIN_TICKS
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
CreateNamedPipeW
NtOpenKeyEx
MetricsReportingEnabled
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
CreatePipe
--handshake-handle=0x%x
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
WaitNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe: expected
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s; %s
0.8.0
%s.%s,%s,%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
POWRPROF.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
<failed to retrieve error message (0x%x)>
(0xx)
0x%llx   0x%llx (%s)
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
Windows NT
0123456789
.syzygy
.thunks
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
ShellExecuteExW
chrome.exe
ClearCrashKeyValueImpl
GetUploadedReportsImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
RPCRT4.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
WINHTTP.dll
VERSION.dll
WINMM.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
DisconnectNamedPipe
WaitNamedPipeW
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
zcÁ
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="49.0.2623.75" version="49.0.2623.75" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
6&6*6/666
2 2$2(2,202
<&</<6<{<
2(20262<2
(030=0?2
> >,>;>`>
=(=,=0=\=|=
3 3$3(3,3034383<3
chrome_watcher.dll
crashpad_handler.exe
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
chrome.dll
chrome_child.dll
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
F-chrome
-chromeframe
WebAccessible
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
yntdll.dll
Cntdll.dll
wow_helper.exe"
Dkernel32.dll
gdi32.dll
xntdll.dll
SOFTWARE\Policies\Google\Chrome
reports
settings.dat
winhttp.dll
shell32.dll
script.log
resources.pak
chrome
pepflashplayer.dll
Software\Google\Chrome\BrowserCrashDumpAttempts
Software\Google\Chrome\BrowserCrashDumpAttemptsSxS
Software\Google\Chrome\BrowserExitCodes
${windows}
Fmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.exe
USER32.DLL
portuguese-brazilian
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Program Files%\Google\Chrome\Application\chrome.exe
49.0.2623.75
chrome_exe

chrome.exe_3068_rwx_0500A000_00038000:

Cht%X

chrome.exe_3536:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
Ht.Hu:
j.Yf;
_tcPVj@
.PjRW
user32.dll
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\b\build\slave\win\build\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s:%d: %s
CHROME_CRASHPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\content\app\crashpad_win.cc
hXXps://clients2.google.com/cr/report
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
--annotation requires KEY=VALUE
duplicate key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
--handshake-handle or --pipe-name is required
--handshake-handle and --pipe-name are incompatible
SetProcessShutdownParameters
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
PrepareNewCrashReport failed
FinishedWritingCrashReport failed
CHROME_MAIN_TICKS
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
CreateNamedPipeW
NtOpenKeyEx
MetricsReportingEnabled
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
CreatePipe
--handshake-handle=0x%x
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
WaitNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe: expected
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s; %s
0.8.0
%s.%s,%s,%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
POWRPROF.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
<failed to retrieve error message (0x%x)>
(0xx)
0x%llx   0x%llx (%s)
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
Windows NT
0123456789
.syzygy
.thunks
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
ShellExecuteExW
chrome.exe
ClearCrashKeyValueImpl
GetUploadedReportsImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
RPCRT4.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
WINHTTP.dll
VERSION.dll
WINMM.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
DisconnectNamedPipe
WaitNamedPipeW
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
zcÁ
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="49.0.2623.75" version="49.0.2623.75" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
6&6*6/666
2 2$2(2,202
<&</<6<{<
2(20262<2
(030=0?2
> >,>;>`>
=(=,=0=\=|=
3 3$3(3,3034383<3
chrome_watcher.dll
crashpad_handler.exe
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
chrome.dll
chrome_child.dll
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
F-chrome
-chromeframe
WebAccessible
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
yntdll.dll
Cntdll.dll
wow_helper.exe"
Dkernel32.dll
gdi32.dll
xntdll.dll
SOFTWARE\Policies\Google\Chrome
reports
settings.dat
winhttp.dll
shell32.dll
script.log
resources.pak
chrome
pepflashplayer.dll
Software\Google\Chrome\BrowserCrashDumpAttempts
Software\Google\Chrome\BrowserCrashDumpAttemptsSxS
Software\Google\Chrome\BrowserExitCodes
${windows}
Fmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.exe
USER32.DLL
portuguese-brazilian
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Program Files%\Google\Chrome\Application\chrome.exe
49.0.2623.75
chrome_exe

chrome.exe_3536_rwx_0580A000_00038000:

Cht%X

chrome.exe_3564:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
Ht.Hu:
j.Yf;
_tcPVj@
.PjRW
user32.dll
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\b\build\slave\win\build\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s:%d: %s
CHROME_CRASHPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\content\app\crashpad_win.cc
hXXps://clients2.google.com/cr/report
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
--annotation requires KEY=VALUE
duplicate key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
--handshake-handle or --pipe-name is required
--handshake-handle and --pipe-name are incompatible
SetProcessShutdownParameters
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
PrepareNewCrashReport failed
FinishedWritingCrashReport failed
CHROME_MAIN_TICKS
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
CreateNamedPipeW
NtOpenKeyEx
MetricsReportingEnabled
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
CreatePipe
--handshake-handle=0x%x
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
WaitNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe: expected
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s; %s
0.8.0
%s.%s,%s,%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
POWRPROF.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
<failed to retrieve error message (0x%x)>
(0xx)
0x%llx   0x%llx (%s)
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
Windows NT
0123456789
.syzygy
.thunks
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
ShellExecuteExW
chrome.exe
ClearCrashKeyValueImpl
GetUploadedReportsImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
RPCRT4.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
WINHTTP.dll
VERSION.dll
WINMM.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
DisconnectNamedPipe
WaitNamedPipeW
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
zcÁ
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="49.0.2623.75" version="49.0.2623.75" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
6&6*6/666
2 2$2(2,202
<&</<6<{<
2(20262<2
(030=0?2
> >,>;>`>
=(=,=0=\=|=
3 3$3(3,3034383<3
chrome_watcher.dll
crashpad_handler.exe
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
chrome.dll
chrome_child.dll
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
F-chrome
-chromeframe
WebAccessible
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
yntdll.dll
Cntdll.dll
wow_helper.exe"
Dkernel32.dll
gdi32.dll
xntdll.dll
SOFTWARE\Policies\Google\Chrome
reports
settings.dat
winhttp.dll
shell32.dll
script.log
resources.pak
chrome
pepflashplayer.dll
Software\Google\Chrome\BrowserCrashDumpAttempts
Software\Google\Chrome\BrowserCrashDumpAttemptsSxS
Software\Google\Chrome\BrowserExitCodes
${windows}
Fmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.exe
USER32.DLL
portuguese-brazilian
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Program Files%\Google\Chrome\Application\chrome.exe
49.0.2623.75
chrome_exe

chrome.exe_3712:

.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
Ht.Hu:
j.Yf;
_tcPVj@
.PjRW
user32.dll
c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc
c:\b\build\slave\win\build\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\b\build\slave\win\build\src\components\browser_watcher\watcher_client_win.cc
%s-%x
%s:%d: %s
CHROME_CRASHPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\crash\content\app\crashpad_win.cc
hXXps://clients2.google.com/cr/report
--annotation=KEY=VALUE set a process annotation in each crash report
--database=PATH store the crash report database at PATH
create a new pipe and send its name via HANDLE
--pipe-name=PIPE communicate with the client over PIPE
--url=URL send crash reports to this Breakpad server URL,
pipe-name
--annotation requires KEY=VALUE
duplicate key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\handler_main.cc
--handshake-handle or --pipe-name is required
--handshake-handle and --pipe-name are incompatible
SetProcessShutdownParameters
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc
reserved key
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc
PrepareNewCrashReport failed
FinishedWritingCrashReport failed
CHROME_MAIN_TICKS
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc
iexplore.exe
googlechrome
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\b\build\slave\win\build\src\sandbox\win\src\sandbox_policy_base.cc
NtOpenKey
NtCreateKey
CreateNamedPipeW
NtOpenKeyEx
MetricsReportingEnabled
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crashpad_client_win.cc
CreatePipe
--handshake-handle=0x%x
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\settings.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h
PruneCrashReportDatabase: Failed to get pending reports
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc
PruneCrashReportDatabase: Failed to get completed reports
Database Pruning: Failed to remove report
%s: option `%s' is ambiguous (could be `--%s' or `--%s')
%s: invalid option -- `-%c'
%s: argument required for option `
--%s'
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
x-x-x-xx-xxxxxx
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc
::GetNamedPipeClientProcessId
\\.\pipe\crashpad_%d_
ImpersonateNamedPipeClient
ConnectNamedPipe
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc
%%x
--%s%sContent-Disposition: form-data; name="%s"
; filename="%s"%s
Content-Type: %s%s
multipart/form-data; boundary=%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc
WinHttpCloseHandle
Crashpad/0.8.0
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
HTTP status %d
WinHttpReadData
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc
WaitNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe: expected
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\net\http_body.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc
%s; %s
0.8.0
%s.%s,%s,%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc
%s %d.%d.%d.%s%s
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc
%ls (%s) %s
hXXps://crashpad.chromium.org/
hXXps://crashpad.chromium.org/bug/new
Report %ls bugs to
%s home page: <%s>
%ls: %s
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
POWRPROF.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\process_info.cc
Reading x64 process from x86 process not supported
<failed to retrieve error message (0x%x)>
(0xx)
0x%llx   0x%llx (%s)
c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\win\module_version.cc
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
Windows NT
0123456789
.syzygy
.thunks
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
ShellExecuteExW
chrome.exe
ClearCrashKeyValueImpl
GetUploadedReportsImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
RPCRT4.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
WINHTTP.dll
VERSION.dll
WINMM.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
DisconnectNamedPipe
WaitNamedPipeW
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
zcÁ
a.IDATx
%F?????????3 
ÿFFFFFFFFFFFFFFF?B%
:1----16
Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
:BBBBBBBBBB>>-.jdddcccca
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="49.0.2623.75" version="49.0.2623.75" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
6&6*6/666
2 2$2(2,202
<&</<6<{<
2(20262<2
(030=0?2
> >,>;>`>
=(=,=0=\=|=
3 3$3(3,3034383<3
chrome_watcher.dll
crashpad_handler.exe
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
chrome.dll
chrome_child.dll
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
AGoogle Chrome Canary
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
F-chrome
-chromeframe
WebAccessible
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
yntdll.dll
Cntdll.dll
wow_helper.exe"
Dkernel32.dll
gdi32.dll
xntdll.dll
SOFTWARE\Policies\Google\Chrome
reports
settings.dat
winhttp.dll
shell32.dll
script.log
resources.pak
chrome
pepflashplayer.dll
Software\Google\Chrome\BrowserCrashDumpAttempts
Software\Google\Chrome\BrowserCrashDumpAttemptsSxS
Software\Google\Chrome\BrowserExitCodes
${windows}
Fmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.exe
USER32.DLL
portuguese-brazilian
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Program Files%\Google\Chrome\Application\chrome.exe
49.0.2623.75
chrome_exe

chrome.exe_3564_rwx_0520A000_00038000:

Cht%X

chrome.exe_3564_rwx_06C0A000_000F5000:

WebK
=.DOU
=.DOUu
=WWW.

chrome.exe_3712_rwx_0560A000_00038000:

Cht%X

chrome.exe_3712_rwx_06F0A000_000F5000:

j"h%U
A@õ


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    GoogleUpdate.exe:1836
    GoogleUpdate.exe:612
    GoogleUpdate.exe:2832
    GoogleUpdate.exe:388
    GoogleUpdate.exe:372
    GoogleUpdate.exe:172
    GoogleUpdate.exe:492
    wmic.exe:972
    chrome.exe:2656
    chrome.exe:2768
    chrome.exe:3160
    chrome.exe:3092
    chrome.exe:1816
    chrome.exe:3212
    chrome.exe:3120
    chrome.exe:2328
    chrome.exe:3180
    chrome.exe:3084
    chrome.exe:3600
    chrome.exe:2420
    chrome.exe:2760
    chrome.exe:1136
    chrome.exe:2856
    chrome.exe:3076
    chrome.exe:3132
    chrome.exe:3544
    chrome.exe:3228
    chrome.exe:928
    49.0.2623.75_chrome_installer.exe:2572
    chrmstp.exe:4052
    setup.exe:2596
    %original file name%.exe:1156
    Setup_product_2937.exe:728

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Program Files%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\49.0.2623.75\49.0.2623.75_chrome_installer.exe (341308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9F606F64-2231-43AB-8573-7F1703BDB3F2}-49.0.2623.75_chrome_installer.exe (3464826 bytes)
    %WinDir%\Temp\gui6.tmp (53 bytes)
    %Program Files%\Google\Update\Install\{5DB6DAF7-E302-417C-94FD-8C3B51E11250}\49.0.2623.75_chrome_installer.exe (341308 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_te.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_en-GB.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_iw.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_en.dll (6841 bytes)
    %Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_et.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\psuser.dll (673 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_nl.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_de.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_pl.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_id.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleUpdateBroker.exe (59 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ar.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_gu.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_hu.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_sr.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_lv.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\npGoogleUpdate3.dll (4185 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ro.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ru.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ms.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_fil.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_am.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (1425 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_bn.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_uk.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdate.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_sl.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_zh-CN.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_mr.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_pt-BR.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_it.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_zh-TW.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_sw.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleCrashHandler.exe (1281 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_lt.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ja.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_sk.dll (6841 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_fi.dll (6841 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
    %Program Files%\Google\Update\1.3.21.165\psmachine.dll (673 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_fr.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ml.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_cs.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (59 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ur.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ko.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_es-419.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_kn.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_is.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\GoogleUpdateSetup.exe (5873 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_no.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_bg.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_vi.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ta.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_sv.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_fa.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_es.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_el.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_tr.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_pt-PT.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_hr.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_hi.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_ca.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_da.dll (6841 bytes)
    %Program Files%\Google\Update\1.3.21.165\goopdateres_th.dll (6841 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\91457247656.txt (238 bytes)
    %Program Files%\Google\Chrome\Application\debug.log (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_TW\messages.json (187 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\page_embed_script.js (175 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ur\messages.json (375 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\id\messages.json (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\mn\messages.json (451 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\da\messages.json (133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\si\messages.json (334 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\cs\messages.json (134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_metadata\verified_contents.json (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hr\messages.json (169 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\no\messages.json (150 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ro\messages.json (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sk\messages.json (170 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hy\messages.json (665 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lt\messages.json (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es_419\messages.json (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\am\messages.json (357 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_MESSAGE_CATALOGS (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\kn\messages.json (494 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\eventpage_bin_prod.js (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ja\messages.json (349 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\de\messages.json (154 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fi\messages.json (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sw\messages.json (153 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sr\messages.json (501 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sl\messages.json (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zu\messages.json (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_BR\messages.json (148 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\nl\messages.json (134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ru\messages.json (574 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hu\messages.json (171 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ta\messages.json (512 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr_CA\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_GB\messages.json (135 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ko\messages.json (273 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\el\messages.json (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\hi\messages.json (473 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\uk\messages.json (550 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\gl\messages.json (172 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pl\messages.json (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_HK\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\pt_PT\messages.json (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\th\messages.json (433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ca\messages.json (176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ne\messages.json (523 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fr\messages.json (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\it\messages.json (139 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\az\messages.json (167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\gu\messages.json (411 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\eu\messages.json (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\vi\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\es\messages.json (169 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lv\messages.json (163 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\en_US\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bn\messages.json (501 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fil\messages.json (156 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ka\messages.json (357 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\et\messages.json (191 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\tr\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\af\messages.json (132 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\km\messages.json (607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\fa\messages.json (480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\sv\messages.json (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\is\messages.json (178 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ml\messages.json (614 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\bg\messages.json (545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ms\messages.json (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\lo\messages.json (450 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\zh_CN\messages.json (199 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\te\messages.json (396 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\iw\messages.json (362 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\mr\messages.json (440 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\CRX_INSTALL\_locales\ar\messages.json (426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fil\messages.json (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\id\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\et\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\cs\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ms\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\el\messages.json (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sk\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_US\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\uk\messages.json (333 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\no\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\128.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\bg\messages.json (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sv\messages.json (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ro\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fi\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_PT\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ar\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sr\messages.json (267 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\th\messages.json (336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ca\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\he\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\en_GB\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_TW\messages.json (247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ko\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\vi\messages.json (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ru\messages.json (318 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\es_419\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\da\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\de\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pl\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\zh_CN\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\tr\messages.json (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hr\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\nl\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\fr\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lt\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hi\messages.json (326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\hu\messages.json (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\pt_BR\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\sl\messages.json (248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\ja\messages.json (273 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\DECODED_MESSAGE_CATALOGS (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\CRX_INSTALL\_locales\it\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sk\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\it\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\vi\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2D.tmp (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\he\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lt\messages.json (686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fr\messages.json (708 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ar\messages.json (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\nl\messages.json (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\manifest.json (755 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\manifest.json (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (21006 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\vi\messages.json (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (2020 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sv\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_PT\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\el\messages.json (283 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_30799 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\es\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lt\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_29172\12.tmp (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ko\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\11.tmp (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fil\messages.json (692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\manifest.json (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\bg\messages.json (319 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_US\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sv\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\es\messages.json (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fi\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\vi\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ko\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\de\messages.json (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sk\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\22.tmp (840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\th\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es_419\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_16.png (157 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\bg\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\th\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sv\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fil\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 (55 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000004 (98 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000001 (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000003 (69 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (172 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ar\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\he\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_GB\messages.json (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sk\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\da\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ko\messages.json (669 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\it\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\en_US\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\th\messages.json (324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (2650 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\14.tmp (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ar\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fil\messages.json (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal (5550 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\bg\messages.json (267 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fr\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\da\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sk\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\it\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fr\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hu\messages.json (710 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fr\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\vi\messages.json (279 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\et\messages.json (609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sl\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\et\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ja\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies (1043 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCOPED_DIR_2824_29172 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\cs\messages.json (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\es\messages.json (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ru\messages.json (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ro\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (32990 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\en\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es\messages.json (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hu\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pl\messages.json (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ro\messages.json (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\th\messages.json (324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\drive.crx (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sr\messages.json (248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pl\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ru\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_BR\messages.json (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ja\messages.json (293 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\lv\messages.json (699 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\da\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\23.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\es_419\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\tr\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\cs\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\17.tmp (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\el\messages.json (875 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en_GB\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sl\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\id\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_metadata\verified_contents.json (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (13248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (15080 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (64488 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (308664 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (5308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ca\messages.json (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2C.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1B.tmp (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000003.log (1569 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_CN\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2F.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\en\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lv\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites (5232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\19.tmp (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\icon_16.png (143 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_TW\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nb\messages.json (644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\es\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\id\messages.json (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hr\messages.json (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_9PUrhYQWbukd7vA (744 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hu\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (172 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sk\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\de\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\id\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\gmail.crx (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\34.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\el\messages.json (332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\de\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\he\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\el\messages.json (329 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (5375 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\es_419\messages.json (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_BR\messages.json (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_PT\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\et\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2A.tmp (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\manifest.json (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_CN\messages.json (273 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\128.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\da\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\15.tmp (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_TW\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\16.tmp (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ro\messages.json (668 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\da\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ca\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (5093 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\he\messages.json (278 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\_metadata\computed_hashes.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ms\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_QWGNuAeFQb8VM5q (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hi\messages.json (289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\el\messages.json (332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\id\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (11985 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (8470 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pl\messages.json (666 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1F.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\da\messages.json (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\cs\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\33.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (30289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es_419\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fil\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\nl\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lt\messages.json (285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ca\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vW30HKY8vY1NoSd (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\uk\messages.json (270 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data (3478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\128.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_CvWdaIjVMc0ANQ1 (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\id\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_8eWiGUmjn2Se8nO (744 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fi\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\tr\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\18.tmp (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sk\messages.json (274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\en_GB\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\pt_PT\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\th\messages.json (356 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_CN\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2E.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hr\messages.json (633 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sv\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ro\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\manifest.json (745 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\First Run (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ar\messages.json (278 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (3436 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\lv\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sv\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ms\messages.json (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ar\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\28.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1E.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (18376 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (16484 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sr\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ru\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ko\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (1173760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fr\messages.json (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\nl\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\uk\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\el\messages.json (304 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\de\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\de\messages.json (701 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sl\messages.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\bg\messages.json (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_1DDgbw5aZziAFUj (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_CN\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hu\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\el\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (27106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_US\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ja\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\de\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sl\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\el\messages.json (274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\tr\messages.json (270 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lv\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_PT\messages.json (661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\el\messages.json (332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\it\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ro\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\en_GB\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\it\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\vi\messages.json (720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_16.png (143 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hi\messages.json (279 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_TW\messages.json (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_BR\messages.json (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\30.tmp (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_PT\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hi\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fi\messages.json (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\E.tmp (22579 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ca\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\C.tmp (849 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal (7143 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\uk\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\it\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ms\messages.json (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences (55 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\en\messages.json (227 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\cs\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\id\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ja\messages.json (778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\icon_16.png (556 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hu\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lv\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\youtube.crx (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (836 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sv\messages.json (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\computed_hashes.json (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\th\messages.json (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fil\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\th\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pl\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\id\messages.json (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ro\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sk\messages.json (671 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sl\messages.json (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\de\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\id\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\sr\messages.json (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\zh_CN\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fr\messages.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\tr\messages.json (650 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\bg\messages.json (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\de\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\da\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\sl\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000002 (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0ELK5tmOfy3uoq2 (1648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\bg\messages.json (303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Inclusion Whitelist_new (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_GB\messages.json (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\zh_TW\messages.json (640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal (10522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\manifest.json (728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\en_US\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ru\messages.json (783 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\manifest.json (649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\ca\messages.json (686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\E.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\sr\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sr\messages.json (814 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pt_PT\messages.json (208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\uk\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ca\messages.json (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\20.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ar\messages.json (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\zh_TW\messages.json (267 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\th\messages.json (324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fr\messages.json (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ca\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\fil\messages.json (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ja\messages.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hi\messages.json (297 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pl\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\et\messages.json (214 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\hi\messages.json (291 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db (1017 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ro\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\es\messages.json (705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\et\messages.json (251 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\cs\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\ja\messages.json (271 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (736 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\es\messages.json (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\24.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\lv\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\hr\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\pt_PT\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\vi\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\cs\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\bg\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log (6590 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\27.tmp (63 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\docs.crx (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (13416 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\id\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\de\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\fil\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\pt_BR\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ru\messages.json (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ko\messages.json (281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\hu\messages.json (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\uk\messages.json (789 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\manifest.json (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\nl\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\da\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set (2548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\pl\messages.json (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\cs\messages.json (663 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\hr\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\1D.tmp (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\en\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\icon_16.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sk\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\fi\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\nl\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG (172 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\17.tmp (964 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_IClFxux1hjpq3Jz (406 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\tr\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\it\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\ja\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\zh_TW\messages.json (209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\no\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (2845 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_3H0AKWIayNTm6Jt (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\fr\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1C.tmp (644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\hi\messages.json (282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\tr\messages.json (225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\hu\messages.json (226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\id\messages.json (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\fi\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\ro\messages.json (281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\39.tmp (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\21.tmp (62 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\bg\messages.json (886 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lv\messages.json (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\vi\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\fi\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal (5308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\he\messages.json (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\it\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Ybp05t5EkW4u7DM (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pt_BR\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\lv\messages.json (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\hi\messages.json (345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\uk\messages.json (304 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (12948 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\pt_BR\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\nl\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\zh_CN\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es\messages.json (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (96544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\lt\messages.json (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\sr\messages.json (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\fi\messages.json (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\ru\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\38.tmp (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing UwS List_new (318003 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ms\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\de\messages.json (239 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\tr\messages.json (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\pl\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\ja\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\sl\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\it\messages.json (622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\36.tmp (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\uk\messages.json (270 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\37.tmp (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\se\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WqmgWvlHxzj6ccd (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\da\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\fi\messages.json (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\en\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\zh_CN\messages.json (258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\he\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ru\messages.json (272 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\es\messages.json (223 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (32048 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\fil\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_30799\13.tmp (50 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\manifest.json (726 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\it\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\th\messages.json (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2B.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\nl\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hTcqUuyzUZGSt0W (201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\da\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\sv\messages.json (649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\pt_BR\messages.json (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\cs\messages.json (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\128.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\ko\messages.json (230 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\hr\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ca\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\1A.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\ko\messages.json (254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\pl\messages.json (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\31.tmp (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\manifest.json (981 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\lt\messages.json (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ru\messages.json (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\35.tmp (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\sl\messages.json (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\es_419\messages.json (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\ar\messages.json (312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\B.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_locales\hi\messages.json (941 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\tr\messages.json (221 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\vi\messages.json (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\sr\messages.json (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\el\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\en\messages.json (179 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\lt\messages.json (235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\sr\messages.json (287 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\pt_PT\messages.json (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\ko\messages.json (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\zh_TW\messages.json (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\lt\messages.json (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\32.tmp (89 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\uk\messages.json (353 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_2824_19109\CRX_INSTALL\_locales\zh_TW\messages.json (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\zh_CN\messages.json (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\128.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\main.js (79 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_MESSAGE_CATALOGS (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_10011\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_locales\no\messages.json (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_MESSAGE_CATALOGS (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_31516\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\se\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\CRX_INSTALL\_locales\no\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_6750\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\main.js (95 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\CRX_INSTALL\_locales\no\messages.json (203 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9853\DECODED_MESSAGE_CATALOGS (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\main.js (95 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_locales\no\messages.json (191 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_16936\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_28926\CRX_INSTALL\_locales\no\messages.json (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\craw_window.js (14776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_MESSAGE_CATALOGS (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\craw_background.js (12376 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11869\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\no\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_locales\se\messages.json (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_11722\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_locales\no\messages.json (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\main.html (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_9409\CRX_INSTALL\main.js (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_MESSAGE_CATALOGS (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\no\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\CRX_INSTALL\_locales\eu\messages.json (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2824_15161\DECODED_IMAGES (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\SETUP.EX_ (1653 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\setup.exe (17312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_6ACE1.tmp\CHROME.PACKED.7Z (336276 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1453 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_child.dll (328359 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_100_percent.pak (3878 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\d3dcompiler_47.dll (23407 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\VisualElements\smalllogo.png (27 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hi.pak (3702 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\it.pak (299 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\he.pak (1637 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\icudtl.dat (75554 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\es-419.pak (305 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\kn.pak (3774 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\nb.pak (277 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\el.pak (1832 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ja.pak (1648 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ml.pak (3863 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hr.pak (288 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\es.pak (311 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\PepperFlash\manifest.json (2 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ar.pak (1697 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\nl.pak (295 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ms.pak (233 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\bg.pak (1787 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ta.pak (3803 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\PepperFlash\pepflashplayer.dll (124061 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\am.pak (1706 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\snapshot_blob.bin (1767 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\uk.pak (1764 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\VisualElements\logo.png (27 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\da.pak (279 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\tr.pak (303 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sv.pak (280 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pt-PT.pak (302 bytes)
    %Program Files%\Google\Chrome\Application\master_preferences (53 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\vi.pak (1629 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\xinput1_3.dll (81 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl_irt_x86_64.nexe (22433 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl64.exe (12289 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\chrome.exe (6315 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_elf.dll (127 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\de.pak (266 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\gmail.crx (24 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\chrome.VisualElementsManifest.xml (340 bytes)
    %Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\drive.crx (25 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fi.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\external_extensions.json (1 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\resources.pak (138244 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_watcher.dll (1659 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\lv.pak (312 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\hu.pak (323 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\49.0.2623.75.manifest (250 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\te.pak (3752 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_200_percent.pak (7386 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\widevinecdmadapter.dll (193 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\th.pak (3685 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ro.pak (312 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\id.pak (275 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\zh-TW.pak (251 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Extensions\external_extensions.json (99 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\gu.pak (3683 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\en-GB.pak (254 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\youtube.crx (23 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pt-BR.pak (298 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\lt.pak (309 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\chrome.7z (1252932 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\delegate_execute.exe (3822 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sl.pak (287 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\mr.pak (3694 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ru.pak (1764 bytes)
    %Documents and Settings%\All Users\Desktop\Google Chrome.lnk (1 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\wow_helper.exe (77 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ko.pak (309 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sk.pak (320 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sw.pak (259 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome.dll (267750 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libglesv2.dll (9606 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\sr.pak (1748 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\default_apps\docs.crx (4 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\ca.pak (307 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libegl.dll (86 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\cs.pak (311 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\zh-CN.pak (250 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fa.pak (1718 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fr.pak (1609 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\nacl_irt_x86_32.nexe (20507 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\secondarytile.png (637 bytes)
    %Program Files%\Google\Chrome\Application\49.0.2623.75\Installer\setup.exe (7433 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\et.pak (269 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_material_200_percent.pak (2 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\bn.pak (3724 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\en-US.pak (254 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\fil.pak (312 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\natives_blob.bin (1693 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\libexif.dll (315 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\Locales\pl.pak (306 bytes)
    %Program Files%\Google\Chrome\Temp\source2596_1549\Chrome-bin\49.0.2623.75\chrome_material_100_percent.pak (1 bytes)
    %Program Files%\Google\Chrome\Application\chrome.exe (6841 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\instructionsalgk4.exe (398737 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\rd.zip (57028 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp\nsisunz.dll (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp\Convert.dll (4597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\instructionsalgk4.dat (8368 bytes)
    %Program Files%\GUM3.tmp\goopdateres_bg.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleUpdateOnDemand.exe (59 bytes)
    %Program Files%\GUM3.tmp\goopdateres_sw.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_en-GB.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_am.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleUpdateBroker.exe (59 bytes)
    %Program Files%\GUM3.tmp\goopdateres_es-419.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_th.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_sk.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_hu.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ko.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_sl.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ml.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleCrashHandler.exe (237 bytes)
    %Program Files%\GUM3.tmp\psuser.dll (163 bytes)
    %Program Files%\GUM3.tmp\goopdateres_de.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_el.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleUpdate.exe (116 bytes)
    %Program Files%\GUM3.tmp\GoogleCrashHandler64.exe (550 bytes)
    %Program Files%\GUM3.tmp\goopdateres_fa.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_hi.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_pl.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ru.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ro.dll (1990 bytes)
    %Program Files%\GUT4.tmp (378095 bytes)
    %Program Files%\GUM3.tmp\goopdateres_te.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_sr.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_da.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_pt-PT.dll (1990 bytes)
    %Program Files%\GUM3.tmp\npGoogleUpdate3.dll (1126 bytes)
    %Program Files%\GUM3.tmp\goopdateres_en.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_et.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_cs.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ar.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_vi.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_nl.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdate.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_fil.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ta.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_is.dll (1990 bytes)
    %Program Files%\GUM3.tmp\psmachine.dll (163 bytes)
    %Program Files%\GUM3.tmp\goopdateres_id.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_tr.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_bn.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_uk.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleUpdateHelper.msi (26 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ca.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_lt.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_no.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_pt-BR.dll (1990 bytes)
    %Program Files%\GUM3.tmp\GoogleUpdateSetup.exe (5873 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ms.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ja.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_ur.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_gu.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_zh-TW.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_iw.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_kn.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_mr.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_fi.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_lv.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_sv.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_fr.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_zh-CN.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_hr.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_it.dll (1990 bytes)
    %Program Files%\GUM3.tmp\goopdateres_es.dll (1990 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (458 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\914572476560\Setup_product_2937.exe (92963 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Setup_product_2937[1].exe (156566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DynamicOfferScreen[1].htm (850 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui-bg_inset-hard_100_fcfdfd_1x100[1].png (88 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-ui[1].css (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-ui.min[1].js (14884 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bodyImg[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\dc[1].js (3154 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui-bg_gloss-wave_75_2191c0_500x100[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-ui-1.8.19.custom[1].css (5521 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\button_over[1].png (921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[1].htm (1140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (6707 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now