Trojan.Win32.Swrort.3_6a08c78a34

by malwarelabrobot on October 8th, 2016 in Malware Descriptions.

not-a-virus:RiskTool.Win32.Catalina.ajx (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Adware.Downware.9733 (DrWeb), Artemis!6A08C78A3441 (McAfee), PUA.Downloader (Symantec), Skodna.Generic_r.IX (AVG), Win32:Adware-gen [Adw] (Avast), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 6a08c78a34414725f4b65599eb073670
SHA1: 5ee6c73b9e93cc47ba7ccaee6c28cfc6ca314132
SHA256: 7cc14521a90608771de35d3f0dfb615f4d55cff88d11962a2d81fe9581fde8bf
SSDeep: 12288:6ltr6QwwE M xd9DmRzJFmbGpVMM zAaLy4jjeC2LwrmrGXLb:6D2QwwEr2DDm13mkudzJG0jJYwH
Size: 724536 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-09-23 22:36:44
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1832
CatalinaUpdate.exe:468
CatalinaUpdate.exe:260
CatalinaUpdate.exe:1388
CatalinaUpdate.exe:644
CatalinaUpdate.exe:1756
CatalinaUpdate.exe:376
citrio.exe:1140
citrio.exe:468
citrio.exe:2908
citrio.exe:1972
citrio.exe:1312
citrio.exe:2132
citrio.exe:1372
citrio.exe:2076
citrio.exe:2408
citrio.exe:1492
citrio.exe:248
citrio.exe:1656
citrio.exe:3444
citrio.exe:1648
citrio.exe:2392
citrio.exe:1360
citrio.exe:648
citrio.exe:800
citrio.exe:1660
youtube-dl.exe:3084
CatalinaCrashHandler.exe:1084
citrio_50.0.2661.273_1.exe:1336
setup.exe:1856

The Trojan injects its code into the following process(es):

citrio.exe:668
citrio.exe:1852
citrio.exe:3892
citrio.exe:2680
citrio.exe:2724
citrio.exe:3660

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1832 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (0 bytes)

The process CatalinaUpdate.exe:1756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fil.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en-GB.dll (25 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ta.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_nl.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdate.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bg.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_da.dll (26 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lv.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_iw.dll (23 bytes)

The process CatalinaUpdate.exe:376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install\{AD74F5BC-0736-40AF-997D-E8B9413B1D1A}\citrio_50.0.2661.273_1.exe (449813 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\50.0.2661.273\citrio_50.0.2661.273_1.exe (449813 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{7DBB53C4-8B69-4193-B4F7-824E88B982F4}-citrio_50.0.2661.273_1.exe (0 bytes)

The process citrio.exe:668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ru\messages.json (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\25.tmp (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lv\messages.json (699 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\18.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon48.png (803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabD.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites (5232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ar\messages.json (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon32.png (581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_16.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar11.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_4F42Y0YY41ekt4g (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_off.png (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\http_citrio.com_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing IP Blacklist_new (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000001 (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\tr\messages.json (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\vi\messages.json (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Download_new (119280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000002 (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2E.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Download Whitelist_new (4616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon256.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\id\messages.json (517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\en\messages.json (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en_GB\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\th\messages.json (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\13.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fi\messages.json (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fr\messages.json (708 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data (3478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es\messages.json (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1C.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\fil\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\id\messages.json (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\29.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\uk\messages.json (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pl\messages.json (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Extension Blacklist_new (14296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\bg\messages.json (886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon16.png (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hi\messages.json (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\et\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\share_page.crx (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\manifest.json (983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\download_all.crx (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_3 (7640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Idr4UyegXJMCono (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_1 (95160 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\7.tmp (1478 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\manifest.json (773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sk\messages.json (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_TW\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon16.png (420 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\C.tmp (293110 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (27055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\id\messages.json (617 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts-journal (532 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (6647653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es_419\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000003 (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon128.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000005 (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000004 (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000007 (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000009 (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000008 (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\en\messages.json (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing UwS List Prefix Set (1780 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ja\messages.json (778 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2B.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Csd Whitelist_new (32048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\pt_BR\messages.json (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\th\messages.json (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data (29629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nb\messages.json (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ko\messages.json (669 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\en\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000a (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\el\messages.json (875 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000c (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\16.tmp (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\da\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing UwS List_new (223414 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\cs\messages.json (663 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_16.png (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_J4lUOriDqtCmSlA (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_2 (1880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ca\messages.json (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\15.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_19.png (687 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C1F94CD5CA263ECFB1A4BAB1B832C909 (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000003.log (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_CN\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\uk\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\LOG (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\2A.tmp (28 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\26.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ru\messages.json (783 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\21.tmp (307855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (138444 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\19.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hr\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ar\messages.json (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\LOG (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\17.tmp (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\id\messages.json (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\12.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hu\messages.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\LOG (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Visited Links (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (12683 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1A.tmp (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lt\messages.json (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_1ICmPbZiBhASWDT (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\it\messages.json (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites-journal (12948 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_lp6u3KPkhd0iLzN (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_BR\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\th\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ms\messages.json (473 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000b (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\citrio_ext.crx (114298 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\media_downloader.crx (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\pt_BR\messages.json (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\28.tmp (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_goOrxcIoREiXY4E (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Bloom_new (1267517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_REWKiMzafVuOXGn (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\14.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History (29905 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\30.tmp (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\en\messages.json (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ru\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\README (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_0 (421848 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2C.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Current Session (19510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\20.tmp (341547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\31.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_PT\messages.json (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\de\messages.json (701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sr\messages.json (814 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\http_citrio.com_0.localstorage-journal (5554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\uk\messages.json (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000006 (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_nNspzgUBf4e3jw8 (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons (8470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor (5093 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2F.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data-journal (13750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabA.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History-journal (17212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\LOG (178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Bloom Prefix Set (7324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon64.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Origin Bound Certs-journal (7143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\23.tmp (57197 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\27.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\id\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ro\messages.json (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ru\messages.json (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sv\messages.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon24.png (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ms\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1D.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\fil\messages.json (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fil\messages.json (692 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16.png (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons-journal (16504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1B.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000003.log (14919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ms\messages.json (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarB.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor-journal (11985 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies-journal (14133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\pt_BR\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\uk\messages.json (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ar\messages.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\proxy.crx (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Kw05aboolRRuozj (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\1E.tmp (6 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C1F94CD5CA263ECFB1A4BAB1B832C909 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\22.tmp (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\static.png (546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\fil\messages.json (490 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_on.png (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Origin Bound Certs (841 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Inclusion Whitelist_new (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon128.png (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\TransportSecurity~RF9a665.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_off.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF95018.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF92994.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF99f22.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Secure Preferences~RF9a193.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF9c661.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon256.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\TransportSecurity~RF9596e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Secure Preferences~RF91bc9.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_13703 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\share_page.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\download_all.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_32230 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF9ed71.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF90217.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF8d7fa.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\TransportSecurity~RFa0cff.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_19.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_23938 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Local State~RFa15b9.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_18171 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RF97802.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\citrio_ext.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\media_downloader.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_13218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Preferences~RFa15aa.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_28369 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\Temp\scoped_dir_668_4414 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\31.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Local State~RF96594.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon64.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\static.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon24.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Local State~RF903dc.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\proxy.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Local State~RF9c596.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_on.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon128.png (0 bytes)

The process citrio.exe:1972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16-old.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon64.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.tw.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16.png (497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\pt_BR\messages.json (593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon128.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ms\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\en\messages.json (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.fb.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\locale.js (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.gp.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\background.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\manifest.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\id\messages.json (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\fil\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\popup.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\css\template.css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_MESSAGE_CATALOGS (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon35.png (2 bytes)

The process citrio.exe:1372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\content_dv.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\python34.dll (164484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_elementtree.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_hashlib.pyd (49912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\QtCore4.dll (152471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_lzma.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\win32wnet.pyd (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\base_library.zip (206432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\Include\pyconfig.h (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\content_stats.js (605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_notification.js (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\pyexpat.pyd (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\manifest.json (988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\msvcr100.dll (49672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\QtGui4.dll (541377 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_empty.png (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\background.html (346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_ctypes.pyd (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_dv.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_ssl.pyd (66767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\citrio_ext.dll (34392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\ssleay32.dll (18768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\msvcp100.dll (27336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\youtube-dl.exe (195990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\pywintypes34.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\unicodedata.pyd (48768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libtorrent.dll (129574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\dlnlib.dll (38624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\imageformats\qico4.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_socket.pyd (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_bz2.pyd (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libcurl.dll (22840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\win32api.pyd (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\zlib1.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\select.pyd (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libeay32.dll (76989 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_16.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_stats.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_IMAGES (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_19.png (1 bytes)

The process citrio.exe:3892 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.Ed3892 (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.AM3892 (460 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (2616 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (1988 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.Ed3892 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.AM3892 (0 bytes)

The process citrio.exe:2076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ru\messages.json (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\en\messages.json (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\background.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\background.html (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\fil\messages.json (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\uk\messages.json (415 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ms\messages.json (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\id\messages.json (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\th\messages.json (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ar\messages.json (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\pt_BR\messages.json (229 bytes)

The process citrio.exe:1492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0QUZG150\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QA0OB8OJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\debug.log (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0PEZSXMN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q7U92PQN\desktop.ini (67 bytes)

The process citrio.exe:1656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\js.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\sprite.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\background.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_MESSAGE_CATALOGS (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\popup.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\manifest.json (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\locale.js (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all-hover.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\jquery-1.11.0.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\download-all-disable.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\id\messages.json (994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\disable.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\theme.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all-active.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\open-icon.png (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_IMAGES (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\static.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\en\messages.json (981 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\download-all.png (15904 bytes)

The process citrio.exe:3444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libadpcm_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Blend.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarBackground.qml (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdiracsys_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\joox.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libkate_plugin.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libaudiobargraph_a_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Label.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\rockbox_fm_presets.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libatmo_plugin.dll (14960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\HueSaturation.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libtwolame_plugin.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslc300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libcaca_plugin.dll (52816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick.2\qmldir (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\popup.wrapper.bg.png (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libaudio_format_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\katsomo.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\text_renderer\libtdummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\Style.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\DirectionalBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdtstofloat32_plugin.dll (11736 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libchain_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\librecord_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_vdr_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdvdread_plugin.dll (10864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\PlaylistMenuItems.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TextFieldStyle.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Button.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\style.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_display_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\koreus.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\metachannels.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_smem_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon16.png (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libstream_filter_rar_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmkv_plugin.dll (69548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\liblibbluray_plugin.dll (130760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\jquery-2.1.4.min.js (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libremoteosd_plugin.dll (35544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\appletrailers.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmirror_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\CheckBox.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\BigPlayIcon.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatMouse.qml (813 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libasf_plugin.dll (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libhttplive_plugin.dll (37784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libmpeg_audio_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libaiff_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libvdr_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_copy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\metacafe.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ProgressBar.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\BusyIndicatorStyle.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libaes3_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\SystemPaletteSingleton.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbce700.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_rar_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarMiddle.qml (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossle600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\secondary.ttf (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\SpinBox.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\def-cover.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_avi_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianDirectionalBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\msvcr90.dll (41752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackViewTransition.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmod_plugin.dll (34392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SwitchStyle.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libclone_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_wav_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\modules\host.luac (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\MediaPlayer.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-down.png (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libscale_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libcompressor_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\zapiks.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libblend_plugin.dll (12984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libhqdn3d_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libpng_plugin.dll (20400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TableViewStyle.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\slider-handle.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\MenuBar.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libugly_resampler_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libvpx_plugin.dll (81852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libadjust_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libchain_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_langfromtelx_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_gather_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\button_down.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\icast.luac (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libdash_plugin.dll (49624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libsap_plugin.dll (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\cursor-openhand.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\no_photo_icon_blur.png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdxva2_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_shout_plugin.dll (28864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RecursiveBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libgl_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libidummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libschroedinger_plugin.dll (69254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\ssleay32.dll (20400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsmf_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvobsub_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmosaic_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\vimeo.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\mpora.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuContentScroller.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libfreeze_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\liba52tospdif_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\FocusFrame.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\del-icon.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaddonsvorepository_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\playlist_youtube.lua (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Menu.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libcaf_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaudioscrobbler_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libuleaddvaudio_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_livehttp_plugin.dll (34872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libimage_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmotiondetect_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_dirac_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgaussianblur_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\header.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libnormvol_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\StackView.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libvlc.dll (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_realrtsp_plugin.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\dragger.png (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libxml_plugin.dll (68161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\WebChimera.dll (883728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\RadioButton.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmpgv_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\telnet.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VideoLayer.qml (291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ModalPopupBehavior.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libtcp_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_dummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuContentItem.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_tcp_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libjpeg_plugin.dll (17616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\player_logo_small_h.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Calendar.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_stats_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libfaad_plugin.dll (22904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ColorOverlay.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libalphamask_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libadummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsubsdelay_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\BrightnessContrast.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Functions.qml (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\modules\httprequests.luac (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_delay_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ScrollBar.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuHeader.qml (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\pluzz.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liblogo_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_IMAGES (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblibmpeg2_plugin.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawaud_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libty_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\MediaPlayer.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirectdraw_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_rtp_plugin.dll (40608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaddonsfsstorage_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu_base.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\GammaAdjust.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libwingdi_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\tab.png (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgradfun_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdirac_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\jamendo.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libstereo_widen_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubsusf_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatScale.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_udp_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\close_but.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\02_frenchtv.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianInnerShadow.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcc_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_udp_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\d3dcompiler_43.dll (130008 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libps_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_bridge_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\liblogger_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\BusyIndicator.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ProgressBar.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastInnerShadow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuContent.qml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Desaturate.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Hotkeys.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\03_lastfm.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\reader\filename.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libftp_plugin.dll (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\dkjson.luac (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\anevia_xml.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\icecast.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ColumnMenuContent.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libdeinterlace_plugin.dll (10864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libblendbench_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\FastGlow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ApplicationWindow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon32.png (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpanoramix_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libgain_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libspeex_plugin.dll (10216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libscte27_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Menu.qml (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libh264_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpostproc_plugin.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libextract_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi420_yuy2_mmx_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osble700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_mmx_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\soundcloud.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossc600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\librss_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarRight.qml (124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\extensions\VLSub.luac (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Layouts\plugins.qmltypes (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuClose.qml (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblibass_plugin.dll (82923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\mediaplayer.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TimeBubble.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ToolBar.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TabViewStyle.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastMaskedBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblpcm_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\http.luac (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libx265_plugin.dll (129336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\SourceProxy.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ToolMenuButton.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawvid_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\text_renderer\libfreetype_plugin.dll (49624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\simplexml.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libyuy2_i422_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdrawable_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubstx3g_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libaudiobargraph_v_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\liblive555_plugin.dll (46368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\bbc_co_uk.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmarq_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpuzzle_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libogg_plugin.dll (21968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmpc_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\default.ttf (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-up.png (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ts_plugin.dll (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarTimeLength.qml (365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TableView.qml (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libreal_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\MaskedBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_large.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libscene_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_i420_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\anevia_streams.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libavcodec_plugin.dll (859104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libxa_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\qmldir (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libspeex_resampler_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\openfolder.ttf (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libwav_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\main.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libvdummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liba52_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvoc_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libpva_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarBorder.qml (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\00_musicbrainz.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\ui.core.js (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libddummy_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\youtube.luac (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\CalendarUtils.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libyuy2_i420_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_file_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libswscale_plugin.dll (45152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SubtitleMenuItems.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osle400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libspatializer_plugin.dll (8472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libyuvp_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StatusBar.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdvdnav_plugin.dll (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libequalizer_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon64.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbl700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmotionblur_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon24.png (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcanvas_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\StatusBarStyle.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\leftanglearrow.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libripple_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SliderStyle.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\FastBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextHandle.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdmo_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libt140_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\CalendarHeaderModel.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\canalplus.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ContentItem.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\def-fon.png (63982 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\noise.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Switch.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\dumpmeta.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libfingerprinter_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossce600.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\cli.luac (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TextArea.qml (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_http_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon128.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\cue.luac (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmp4_plugin.dll (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libspudec_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libglwin32_plugin.dll (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\StackViewSlideDelegate.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TopRightText.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_mms_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon256.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextInputWithHandles.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Displace.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirect3d_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libquicktime_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\webchimera_logo_small.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libantiflicker_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_hevc_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu_ios.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osc400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libgme_plugin.dll (26544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi420_yuy2_sse2_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemux_cdg_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TableViewColumn.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libzip_plugin.dll (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MouseSurface.qml (346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_medium.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\slider-groove.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osl400.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianGlow.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libavi_plugin.dll (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\librotate_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\liveleak.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossl600.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\DropShadow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ConicalGradient.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ContextMenu.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Glow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libplaylist_plugin.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libupnp_plugin.dll (43768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\pinkbike.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\qmldir (913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Slider.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\meta_engine\libfolder_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsmb_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsftp_plugin.dll (47264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libinvert_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnuv_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libbluray-j2se-0.7.0.jar (40608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\common.luac (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\COPYING.txt (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsharpen_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\BasicButton.qml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_bd_plugin.dll (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\sandbox.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\styles.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libzvbi_plugin.dll (84591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libx264_plugin.dll (68691 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\FocusFrameStyle.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libes_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_ftp_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\LevelAdjust.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastGlow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\dummy.luac (819 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\OpacityMask.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslle300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libgnutls_plugin.dll (73247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libflac_plugin.dll (29424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ZoomBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Buttons.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osce400.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\01_googleimage.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\UIsettings.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmjpeg_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libparam_eq_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libwasapi_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\france2.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libudp_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_vc1_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TabBar.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libexport_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_standard_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi422_yuy2_mmx_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackView.qml (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbc700.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdvbsub_plugin.dll (8472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ArtworkLayer.qml (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemux_stl_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libqsv_plugin.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuScroll.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi422_yuy2_sse2_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libtheora_plugin.dll (22840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_mpjpeg_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdts_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libwall_plugin.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RectangularGlow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libopus_plugin.dll (23160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdtv_plugin.dll (17616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\player_logo_small.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\InnerShadow.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\liba52tofloat32_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\librar_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-transient.png (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\librtp_plugin.dll (34392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_asf_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libhevc_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_description_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemuxdump_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libimem_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuItemSubControls.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\qmldir (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubsdec_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libmpgatofixed32_plugin.dll (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libwaveout_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libsmooth_plugin.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Settings.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_imem_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextSingleton.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_autodel_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\googlevideo.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Layouts\qmldir (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\temp.bg.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RadialBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\plugins.qmltypes (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\MenuBarStyle.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_raop_plugin.dll (36408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libvcd_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libvmem_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libtimecode_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libau_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libmono_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\CustomButton.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Colorize.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\focusframe.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeat.qml (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libvhs_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\sprite.png (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libvod_rtsp_plugin.dll (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\webchimera.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Toolbar.qml (517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\librawvideo_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick.2\plugins.qmltypes (14960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libstats_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libkaraoke_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcvdsub_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\youtube_homepage.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\CalendarStyle.qml (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatColors.qml (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_smb_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\metachannels.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libyuv_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TabView.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon48.png (830 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libscaletempo_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpsychedelic_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianMaskedBlur.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ToolBarStyle.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvc1_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libhttp_plugin.dll (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\fmc.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslce300.woff2 (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png (939 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\meta_engine\libtaglib_plugin.dll (84027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirect2d_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\MenuStyle.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libamem_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libts_plugin.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libsamplerate_plugin.dll (80307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TopCenterText.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\storage.core.js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Fonts.qml (962 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_es_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libfilesystem_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsdp_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\GaussianBlur.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libwindrive_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnsv_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\app.core.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\webchimera_logo.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsepia_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\editbox.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\break.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libstl_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ogg_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\SplitView.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_chromaprint_plugin.dll (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcrystalhd_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_sse2_plugin.dll (8472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi420_rgb_mmx_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ScrollViewHelper.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libremap_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\librv32_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libg711_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\check.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\rightanglearrow.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\groupbox.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmagnify_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SubtitleText.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ScrollView.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-right.png (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\luac.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Tab.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libanaglyph_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ps_plugin.dll (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_mixer\libinteger_mixer_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackViewDelegate.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_small.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TextField.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_setid_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\jamendo.luac (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libtta_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libmmdevice_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_dummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_flac_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liboldmovie_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcroppadd_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\tab_selected.png (498 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\lelombrik.luac (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\glyphicons.ttf (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TitleBar.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libdirectsound_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\HoverButton.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi420_rgb_sse2_plugin.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ButtonStyle.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\AbstractCheckable.qml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RadialGradient.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ComboBox.qml (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\button.extraction.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ToolButton.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\dailymotion.luac (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsvcdsub_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-left.png (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\control\libdummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libchorus_flanger_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ThresholdMask.qml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\vlc.exe (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcolorthres_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TableViewSelection.qml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsubtitle_plugin.dll (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_dummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\RadioButtonStyle.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatGraphics.qml (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\lua\liblua_plugin.dll (21968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgrain_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libflacsys_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libswscale_plugin.dll (25104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawdv_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TextAreaStyle.qml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_duplicate_plugin.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsid_plugin.dll (61240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_http_plugin.dll (8472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libattachment_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\black.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarLeft.qml (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\fetcher\tvrage.luac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_transcode_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libgrey_yuv_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_mp4_plugin.dll (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\qmldir (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libball_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\extreme.luac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_mixer\libfloat_mixer_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libeay32.dll (68422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_attachment_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libpodcast_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcdg_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgradient_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libvlccore.dll (154931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libcdda_plugin.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liberase_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libbluescreen_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ToolButtonStyle.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\GroupBox.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libshm_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdtstospdif_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libsimple_channel_mixer_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libtransform_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\BigPauseIcon.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdolby_surround_decoder_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mlp_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libmft_plugin.dll (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libmediadirs_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\Control.qml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_h264_plugin.dll (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libafile_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdshow_plugin.dll (36408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SplashScreen.qml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarButton.qml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\LinearGradient.qml (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libposterize_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\SourceProxy.qml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\dots.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libscreen_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_record_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libedummy_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libwave_plugin.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnsc_plugin.dll (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon_16.png (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libaraw_plugin.dll (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osll300.woff2 (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libvorbis_plugin.dll (48104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\fonts.css (4 bytes)

The process citrio.exe:648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ru\messages.json (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ar\messages.json (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\locale.js (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\manifest.json (774 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\id\messages.json (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\th\messages.json (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.interface.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.ui.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\button.logo.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\en\messages.json (489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\button.logo.inactive.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\pt_BR\messages.json (525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon128.png (60000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ms\messages.json (503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon.close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\css\template.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\uk\messages.json (862 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\fil\messages.json (520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_MESSAGE_CATALOGS (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.popup.js (59 bytes)

The process citrio.exe:800 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gs.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fo.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gw.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sh.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ly.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\settings.png (871 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tw.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tl.png (569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\si.png (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\eg.png (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\sandbox.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\settings-act.png (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\az.png (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\li.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\es.png (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\doT.min.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\popup.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mr.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gq.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\np.png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gt.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cy.png (456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tg.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\br.png (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kh.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\km.png (561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tj.png (436 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cv.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mc.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\na.png (717 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\list-img.png (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mg.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ps.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\uy.png (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mn.png (546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gm.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.route.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\model.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bs.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\ui.js (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\popup.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ma.png (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ga.png (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ci.png (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\id.png (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\st.png (568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kz.png (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cc.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vc.png (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bz.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\do.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mu.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\my.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mz.png (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ec.png (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\la.png (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\is.png (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cn.png (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\co.png (387 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\af.png (534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.local.js (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ck.png (630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lb.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ve.png (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cg.png (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gh.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ru.png (350 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\py.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fr.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\by.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\au.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sj.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\aq.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mv.png (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mw.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hn.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ht.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\logging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tm.png (553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tv.png (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lc.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\mochi.js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ng.png (441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vg.png (618 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vi.png (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ru\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ch.png (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\manifest.json (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nl.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\no.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gi.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\base64.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mp.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lr.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\aw.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ar.png (439 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kw.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\background.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\us.png (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\za.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hk.png (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bl.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\om.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\yt.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_IMAGES (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tn.png (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\eh.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dj.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\new.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\td.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lu.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lt.png (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ye.png (362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_MESSAGE_CATALOGS (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\va.png (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pk.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sc.png (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ws.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ag.png (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bo.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sv.png (450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bb.png (573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\en\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gl.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\so.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\close.png (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fi.png (405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dm.png (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\it.png (440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\sandbox.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gu.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ee.png (380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\styles\style.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sa.png (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cl.png (424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sz.png (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pm.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\an.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mk.png (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ro.png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\rw.png (437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dk.png (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kg.png (525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sm.png (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mt.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\styles\mochi.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tr.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_mono_off.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sb.png (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ir.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ne.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hm.png (614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ms.png (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\iq.png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ao.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bg.png (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\speed.png (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ke.png (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\um.png (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cx.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dz.png (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\et.png (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ax.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kr.png (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nz.png (623 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\jquery.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vu.png (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\io.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nc.png (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ba.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ua.png (399 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sr.png (470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ca.png (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gr.png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ls.png (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pl.png (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\list-img-ac.png (620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nr.png (465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\tmpl.js (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\re.png (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\th\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\il.png (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\im.png (543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cm.png (502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bm.png (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\profile_list.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ge.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mh.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tt.png (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gn.png (453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mf.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tz.png (655 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nu.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mq.png (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pe.png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jp.png (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\qa.png (458 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fj.png (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\zm.png (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bw.png (425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gb.png (707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pt.png (591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\md.png (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gg.png (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\agent.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\al.png (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cd.png (621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ky.png (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ni.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bf.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fm.png (565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\uk\messages.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\uz.png (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gy.png (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\wf.png (518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kp.png (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ph.png (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sn.png (512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hr.png (553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ki.png (679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pw.png (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\profile_detail.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bj.png (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jo.png (521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gd.png (683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bn.png (654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lk.png (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\rs.png (542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\be.png (452 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mo.png (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pf.png (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sl.png (377 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cz.png (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lv.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\as.png (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pn.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hu.png (369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cr.png (364 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bt.png (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\id\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bd.png (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bi.png (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bh.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pr.png (498 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sy.png (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ml.png (463 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mm.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\at.png (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gp.png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\sl_arrow.png (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pa.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_128.png (16664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\se.png (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bv.png (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tc.png (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\in.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vn.png (520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\me.png (555 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ie.png (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ar\messages.json (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ai.png (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\zw.png (591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pg.png (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\je.png (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sk.png (495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mx.png (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sg.png (409 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sd.png (498 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cu.png (513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jm.png (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\to.png (427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\de.png (391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ad.png (540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ae.png (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\th.png (356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kn.png (662 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cf.png (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\am.png (414 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\er.png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\ic16_gear.png (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ug.png (536 bytes)

The process citrio.exe:1660 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_16.png (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\de\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ko\messages.json (763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\craw_background.js (12376 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\it\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fr\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es\messages.json (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\craw_window.js (14960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\et\messages.json (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\da\messages.json (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\id\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ca\messages.json (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_MESSAGE_CATALOGS (27 bytes)

The process citrio_50.0.2661.273_1.exe:1336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\SETUP.EX_ (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\setup.exe (20838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\CITRIO.PACKED.7Z (443233 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\CITRIO.PACKED.7Z (0 bytes)

The process setup.exe:1856 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\citrio.7z (1358422 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\th.pak (1798 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\widevinecdmadapter.dll (186 bytes)
%Documents and Settings%\%current user%\Desktop\Facebook.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_elf.dll (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\en-GB.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hr.pak (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\PepperFlash\version.json (2 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_material_100_percent.pak (2 bytes)
%Documents and Settings%\%current user%\Desktop\YouTube.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\tr.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ms.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\cs.pak (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\share_page.crx (65 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_material_200_percent.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl_irt_x86_64.nexe (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pl.pak (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\da.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\id.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio.dll (259439 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ca.pak (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\VisualElements\logo.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_200_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\te.pak (1870 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\zh-CN.pak (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\delegate_execute.exe (3802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\VisualElements\smalllogo.png (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pt-PT.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fi.pak (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\media_downloader.crx (1670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\50.0.2661.273.manifest (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\nb.pak (238 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\lv.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ko.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\citrio.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ta.pak (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sk.pak (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\chrome.VisualElementsManifest.xml (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\download_all.crx (1766 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\Installer\setup.exe (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\metro_driver.dll (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\es-419.pak (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fil.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_watcher.dll (1661 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sw.pak (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\es.pak (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\citrio_ext.crx (110258 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sv.pak (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\et.pak (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\zh-TW.pak (219 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\mr.pak (1812 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\gu.pak (1805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sr.pak (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\secondarytile.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libglesv2.dll (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_100_percent.pak (6303 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\vi.pak (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\uk.pak (1698 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\en-US.pak (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\proxy.crx (1676 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ru.pak (1688 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\natives_blob.bin (1711 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\snapshot_blob.bin (1802 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ml.pak (3743 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\he.pak (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_child.dll (321430 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hi.pak (1820 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hu.pak (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\external_extensions.json (1 bytes)
%Documents and Settings%\%current user%\Desktop\Citrio.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl_irt_x86_32.nexe (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\lt.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\bg.pak (1714 bytes)
%Documents and Settings%\%current user%\Desktop\Chrome Web Store.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ja.pak (318 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\bn.pak (1839 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libexif.dll (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\PepperFlash\pepflashplayer.dll (124061 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ro.pak (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\el.pak (1752 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ar.pak (1641 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fa.pak (1654 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libegl.dll (78 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\wow_helper.exe (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\icudtl.dat (75554 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\am.pak (1647 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\de.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pt-BR.pak (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\kn.pak (3680 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sl.pak (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\it.pak (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fr.pak (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\nl.pak (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\resources.pak (150724 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\citrio.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\wow_helper.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin (0 bytes)

Registry activity

The process %original file name%.exe:1832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 95 DE 84 59 EB EB 2D 46 D6 C5 81 12 7F 01 E3"

The process CatalinaUpdate.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 3F 7D 7B E0 B9 03 B6 E9 56 98 59 00 70 4A E2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "05 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "05 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"

The process CatalinaUpdate.exe:260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 45 92 CE 92 63 7E AF 41 2F 26 D0 61 67 73 DB"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "IE"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "03 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "03 00 00 00 00 00 00 00"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"

The process CatalinaUpdate.exe:1388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 0F 35 ED 49 7D 00 CA 7E 12 3B C8 D1 55 18 9A"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "IE"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "02 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "02 00 00 00 00 00 00 00"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"

The process CatalinaUpdate.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"CLSID" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"

[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
"(Default)" = "ICatalinaUpdate3WebSecurity"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser]
"(Default)" = "Update3COMClass"

[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}]
"(Default)" = "IAppBundle"

[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\NumMethods]
"(Default)" = "39"

[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"ThreadingModel" = "Both"

[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe"

[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\NumMethods]
"(Default)" = "8"

[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser"

[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser"

[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\NumMethods]
"(Default)" = "13"

[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}]
"(Default)" = "ICredentialDialog"

[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
"(Default)" = "ICatalinaUpdate"

[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\NumMethods]
"(Default)" = "10"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}]
"(Default)" = "Update3COMClass"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"

[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"

[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}]
"(Default)" = "Google Update Legacy On Demand"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"

[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\NumMethods]
"(Default)" = "10"

[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"

[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}]
"(Default)" = "IAppVersionWeb"

[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"

[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}]
"(Default)" = "IOneClickProcessLauncher"

[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}]
"(Default)" = "ICoCreateAsync"

[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}]
"(Default)" = "ICurrentState"

[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"

[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}]
"(Default)" = "IAppBundleWeb"

[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}]
"(Default)" = "IApp"

[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\NumMethods]
"(Default)" = "5"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"

[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 06 9A FF 81 0F 91 A1 C1 F1 42 2F 0B 3A B8 39"

[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\NumMethods]
"(Default)" = "44"

[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\NumMethods]
"(Default)" = "10"

[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\NumMethods]
"(Default)" = "9"

[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\NumMethods]
"(Default)" = "6"

[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"Policy" = "3"

[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\NumMethods]
"(Default)" = "14"

[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"

[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
"(Default)" = "ICatalinaUpdateCore"

[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\NumMethods]
"(Default)" = "10"

[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe"

[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"

[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"

[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"

[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe"

[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\NumMethods]
"(Default)" = "10"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
"(Default)" = "ICatalinaUpdate3"

[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}]
"(Default)" = "IJobObserver"

[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}]
"(Default)" = "IAppVersion"

[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCU\Software\Classes\CLSID\{77F1C034-4E73-49AD-A4F2-24C1239534E9}\InprocHandler32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll"

[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
"(Default)" = "ICatalinaUpdate3Web"

[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\NumMethods]
"(Default)" = "8"

[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser"

[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"

[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}]
"(Default)" = "IBrowserHttpRequest2"

[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
"(Default)" = "Update3COMClass"

[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\NumMethods]
"(Default)" = "24"

[HKCU\Software\Classes\CLSID\{7361571B-9D2C-44A5-899C-518E49BEE522}\InProcServer32]
"ThreadingModel" = "Both"

[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}]
"(Default)" = "IPackage"

[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\NumMethods]
"(Default)" = "4"

[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe"

[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\ProxyStubClsid32]
"(Default)" = "{7361571B-9D2C-44A5-899C-518E49BEE522}"

[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"

[HKCU\Software\Classes\CLSID\{7361571B-9D2C-44A5-899C-518E49BEE522}\InProcServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"

[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}]
"(Default)" = "IAppWeb"

[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser]
"(Default)" = "GoogleUpdate Update3Web"

[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"

[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\NumMethods]
"(Default)" = "24"

[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"

[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}]
"(Default)" = "IProcessLauncher"

[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"

[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"

[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"

[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"

[HKCU\Software\Classes\CLSID\{7361571B-9D2C-44A5-899C-518E49BEE522}]
"(Default)" = "PSFactoryBuffer"

[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}]
"(Default)" = "IProgressWndEvents"

[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
"(Default)" = "Google Update Legacy On Demand"

[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"

[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}]
"(Default)" = "IRegistrationUpdateHook"

[HKCU\Software\Classes\CLSID\{77F1C034-4E73-49AD-A4F2-24C1239534E9}\InprocHandler32]
"ThreadingModel" = "Both"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}]
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
[HKCU\Software\Classes\CLSID\{77F1C034-4E73-49AD-A4F2-24C1239534E9}]
[HKCU\Software\Classes\CLSID\{77F1C034-4E73-49AD-A4F2-24C1239534E9}\InprocHandler32]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"

The process CatalinaUpdate.exe:1756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"vendor" = "Catalina Group Ltd."

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"opt_in_uid_generated" = "01 00 00 00 00 00 00 00"
"setup_should_install_total" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_install_google_update_total_ms" = "01 00 00 00 00 00 00 00 AA 03 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"ProductName" = "CatalinaGroup Update"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"iid" = "{71B2FDF3-48CA-49CA-9B7D-C76AED72032A}"

[HKCU\Software\CatalinaGroup\Update]
"UID" = "{BA302A1B-F962-45B0-AFD4-CE882163B490}"

[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
"CLSID" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9\CLSID]
"(Default)" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"

[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"(Default)" = "CatalinaGroup Update Plugin"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
"CLSID" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_phase2_ms" = "01 00 00 00 00 00 00 00 53 02 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppName" = "CatalinaUpdate.exe"

[HKCU\Software\CatalinaGroup\Update]
"Version" = "1.3.25.224"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Description" = "CatalinaGroup Update"

[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"Name" = "Catalina Update"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"InstallTime" = "1475807066"

[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3]
"(Default)" = "CatalinaGroup Update Plugin"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update]
"CatalinaUpdate.exe" = "CatalinaGroup Update"

[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
"(Default)" = "CatalinaGroup.OneClickCtrl.9"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_do_self_install_total" = "01 00 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll"

[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_lock_acquire_ms" = "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Description" = "CatalinaGroup Update"
"ProductName" = "CatalinaGroup Update"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"vendor" = "Catalina Group Ltd."

[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_files_total" = "01 00 00 00 00 00 00 00"
"goopdate_main" = "06 00 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9]
"Version" = "9"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.224"

[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3\CLSID]
"(Default)" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppName" = "CatalinaUpdateOnDemand.exe"

[HKCU\Software\CatalinaGroup\Update]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "06 00 00 00 00 00 00 00"
"setup_do_self_install_succeeded" = "01 00 00 00 00 00 00 00"
"setup_install_succeeded" = "01 00 00 00 00 00 00 00"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Version" = "3"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 0A E1 03 A0 B9 38 E8 95 4E 37 FB F6 FA DA 8A"

[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.224"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_should_install_true_fresh_install" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
"(Default)" = "CatalinaGroup.Update3WebControl.3"

[HKCU\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9]
"(Default)" = "CatalinaGroup Update Plugin"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_files_ms" = "01 00 00 00 00 00 00 00 53 01 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"setup_install_total" = "01 00 00 00 00 00 00 00"
"setup_files_verification_succeeded" = "01 00 00 00 00 00 00 00"
"setup_install_task_succeeded" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"(Default)" = "CatalinaGroup Update Plugin"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"brand" = "GGLS"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Timings]
"setup_install_task_ms" = "01 00 00 00 00 00 00 00 A4 00 00 00 00 00 00 00"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update]
"ui"

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"

[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"UpdateAvailableSince"

[HKCU\Software\CatalinaGroup\Update\network\secure]
"c"

[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"UpdateAvailableCount"

[HKCU\Software\CatalinaGroup\Update]
"LastChecked"

The process CatalinaUpdate.exe:376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"pv" = "50.0.2661.273"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_package_cache_put_succeeded" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"brand" = "GGLS"
"LastInstallerError" = "0"
"LastInstallerResult" = "0"
"referral" = "0:default_landing"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_download_total" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "IE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"worker_package_cache_put_total" = "01 00 00 00 00 00 00 00"
"worker_download_succeeded" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerError" = "0"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"
"lang" = "en"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "04 00 00 00 00 00 00 00"
"worker_install_execute_total" = "01 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"bt" = "1"
"LastCheckSuccess" = "1475807165"

[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "04 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update]
"CatalinaUpdate.exe" = "CatalinaGroup Update"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF DC 55 E6 BE E2 F9 95 2E C2 B2 39 B1 85 B9 A5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallTime" = "1475807134"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerResult" = "0"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"iid" = "{71B2FDF3-48CA-49CA-9B7D-C76AED72032A}"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"browser"
"LastInstallerError"
"LastInstallerResultUIString"
"eulaaccepted"
"UpdateAvailableSince"
"tttoken"

[HKCU\Software\CatalinaGroup\Update\network\secure]
"c"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"experiment_labels"
"InstallerResult"
"LastInstallerExtraCode1"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerError"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerError"
"LastInstallerResult"
"UpdateAvailableCount"
"InstallerSuccessLaunchCmdLine"
"ap"

[HKCU\Software\CatalinaGroup\Update]
"LastInstallerResultUIString"
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"iid"

The process citrio.exe:1140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 75 1F D6 D4 9D 94 DE 4B 93 AF 7E 76 31 D0 17"

The process citrio.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 91 BA 09 CB C1 FD 3C A9 87 D5 D8 DB 4B D6 9F"

The process citrio.exe:668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\.ra]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.rv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.3g2]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Classes\.WAV]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Classes\.mov]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.TTA]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.flv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 6F 7E 74 A3"

[HKCU\Software\Classes\.MP3]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.AAC]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.mka]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Classes\.m4v]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"dr" = "1"

[HKCU\Software\Classes\.mkv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"Version" = "50.0.2661.273"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\Classes\.OGG]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.m2v]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Citrio\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKCU\Software\Classes\.ram]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.xa]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"State" = "1"

[HKCU\Software\Classes\.avi]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.tac]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.rm]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKCU\Software\Classes\.DTS]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCU\Software\CatalinaGroup\Citrio]
"AssociationsRegistry" = "3"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"lastrun" = "13120280775834250"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCU\Software\Classes\.FLAC]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastWasDefault" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Classes\.ogv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.wmv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"_NumSignedIn" = "0"

[HKCU\Software\Classes\.AU]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.mpg]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.ogm]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.A52]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKCU\Software\CatalinaGroup\Citrio\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 6D 00 C0 25"

[HKCU\Software\Classes\.3gp]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 59 05 17 64 E2 F1 6B DE 94 43 5E AB 4B 11 81"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 A8 23 B4 A2"

[HKCU\Software\Classes\.mp4]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Classes\.webm]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.MP2]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKCU\Software\Classes\.WMA]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.nsv]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"_NumAccounts" = "1"

[HKCU\Software\Classes\.asf]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan deletes the following registry key(s):

[HKCU\Software\CatalinaGroup\Citrio\BLFinchList]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"B1BC968BD4F49D622AA89A81F2150152A41D829C"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"FirstNotDefault"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F"

The process citrio.exe:2908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 18 C1 F2 71 52 32 7B 48 3B 43 86 1A A2 D1 6F"

The process citrio.exe:1972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 1B 21 41 48 00 09 EE E3 C5 35 C9 A7 45 45 64"

The process citrio.exe:1312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 4B FE 50 80 F4 98 68 B8 EC 29 9D 60 0E 9B 7E"

The process citrio.exe:2132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 3B 5C 87 4F 6B BC D3 9B E2 F0 AC C0 8F 5B 2F"

The process citrio.exe:1852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 7D 32 61 2B F5 C4 E7 45 8F A8 48 11 26 5C 60"

The process citrio.exe:1372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 6F 43 97 5D 38 A2 75 71 B3 7A 96 A4 D8 08 31"

The process citrio.exe:3892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 F5 18 2F C1 3F 68 DB 79 2F 5F 72 14 79 11 50"

[HKCU\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.39_0\binaries\win\imageformats]
"qico4.dll" = "40806, 0, Windows msvc release full-config, 2016-03-31T12:19:48"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

The process citrio.exe:2680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 67 61 6E 45 CA 40 55 47 6B B3 C0 7F 4F 17 A4"

The process citrio.exe:2076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 74 A3 9B 80 31 08 76 06 BC BE 6B CF 6D B3 E7"

The process citrio.exe:2408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 1A 85 30 34 98 F8 93 F7 8A 82 5E E7 99 B4 75"

The process citrio.exe:2724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE CE 50 F6 FD 0E EF 3D 47 7E DB 08 E6 E8 EE 76"

The process citrio.exe:3660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 CC 21 24 F7 84 A1 95 8A CC 01 46 B0 75 5B 1B"

The process citrio.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF EA 57 EE E1 CF 0F AE 2E BC 3E E1 21 18 29 97"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process citrio.exe:248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 52 E0 94 0C 7D 4C AB 71 C9 AC D1 DF 98 7E CF"

The process citrio.exe:1656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB C6 DD B6 8C F7 D2 67 D0 2E A0 D4 15 AC 18 28"

The process citrio.exe:3444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 48 A1 D8 AC B1 2E E7 CD 31 42 C8 54 2E 18 7B"

The process citrio.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 28 3F A2 F4 D7 32 51 5B 10 D7 3F DA 15 06 A2"

The process citrio.exe:2392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 20 1A AB 7A BA DF DB 05 0E A3 EA 4D AA 8C 95"

The process citrio.exe:1360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B A0 97 9F C1 A3 4A 2B EA A3 70 7E BD E7 50 B6"

The process citrio.exe:648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 86 B8 F4 5A 04 13 55 56 47 E0 E5 EC 2F BF B7"

The process citrio.exe:800 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F DD 10 1A FD 3E 17 E6 AE A4 24 B8 0F 61 1A 83"

The process citrio.exe:1660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F A2 4E 09 E8 44 15 2A 8E F7 B3 4D 8E 92 24 91"

The process youtube-dl.exe:3084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 90 33 3C D4 CC BC CE 0E 65 25 F5 8A 08 5A 1A"

The process CatalinaCrashHandler.exe:1084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 23 EA D0 DE 74 E2 61 62 37 CA D2 DC 04 E4 10"

The process citrio_50.0.2661.273_1.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 5B 7B 8D E4 D0 C0 CF CB C1 DF 9F 7E 46 E6 4F"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap" = "-full"

The process setup.exe:1856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".avi" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".webp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".AAC" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\magnet\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio,"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"HideIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --hide-icons"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"NoRepair" = "1"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKCR\.xht\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\delegate_execute.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationName" = "Citrio"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mov" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".xhtml" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xa" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"nntp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".flv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".torrent" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"https" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"Publisher" = "© Catalinagroup Ltd."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"lang" = "en"

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".shtml" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"pv" = "50.0.2661.273"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"IconsVisible" = "1"
"ReinstallCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --make-default-browser"

[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"pv" = "50.0.2661.273"

[HKCU\Software\Classes\.xht]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".m4v" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".au" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".xht" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\citrio.exe]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application"

[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}]
"(Default)" = "CommandExecuteImpl Class"

[HKCU\Software\Classes\.html]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"bt" = "1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCR\.htm\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerError" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ShowIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe --show-icons"

[HKCR\.webp\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayVersion" = "50.0.2661.273"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastWasDefault" = "Type: REG_QWORD, Length: 8"
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\Installer\setup.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mpg" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".nsv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"news" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".asf" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Citrio]
"AssociationsRegistry" = "1"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"

[HKCU\Software\Classes\Magnet\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"Version" = "50.0.2661.273"

[HKCU\Software\Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\LocalServer32]
"ServerExecutable" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\delegate_execute.exe"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"tel" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 A9 D1 E0 49 38 FF A2 95 DA B4 3D 69 B0 71 32"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".wma" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".FLAC" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap" = "-stage:preconditions-full"
"InstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".MP3" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".MP2" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".pdf" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayName" = "Citrio"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".mp4" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\Magnet]
"URL Protocol" = ""

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}\Commands\on-os-upgrade]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\Installer\setup.exe --on-os-upgrade --verbose-logging"

[HKCU\Software\Classes\.pdf]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"oopcrashes" = "1"

[HKLM\SOFTWARE\RegisteredApplications]
"Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = "Software\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".TTA" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationDescription" = "Citrio is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Citrio."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".3gp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".webm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".tac" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".dts" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".mkv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"NoModify" = "1"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"ftp" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\Startmenu]
"StartMenuInternet" = "Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".wmv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".mka" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"smsto" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ram" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"

[HKCU\Software\Classes\.shtml]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mailto" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ogv" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"webcal" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"lang" = "en"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"magnet" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".3g2" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\.htm]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallArguments" = " --uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\.xhtml\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Classes\Magnet\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}]
"Name" = "Citrio App Launcher"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\Installer\setup.exe --uninstall"

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"sms" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
"mms" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe,0"

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"InstallerResult" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".html" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Citrio Document"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\.shtml\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"urn" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\.html\OpenWithProgids]
"CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"VersionMajor" = "2661"
"VersionMinor" = "273"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".ra" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Classes\.torrent]
"(Default)" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".a52" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".rm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".RV" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".htm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\Magnet\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"irc" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"bt" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\citrio.exe]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"http" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".m2v" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio]
"InstallDate" = "20161007"

[HKCU\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}]
"Name" = "Citrio"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".OGG" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".WAV" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"
".ogm" = "CitrioDOC.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Citrio.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Citrio"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application]
"citrio.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe:*:Enabled:Citrio"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"ap"
"FirstNotDefault"
"InstallerExtraCode1"

Dropped PE files

MD5 File path
a74ae4c060fc2d8d3ca8d8cb99bb97a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaCrashHandler.exe
a74ae4c060fc2d8d3ca8d8cb99bb97a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdate.exe
65ae1c0ebd434f736cc55cff43be3b9b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateBroker.exe
3aeb9c80a570797faaa162189a54e091 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe
b071da7f0159fef250e35a880c59dff5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdate.dll
629e29c7d669a1d281683688de4ede77 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_am.dll
8206b694882d57396fb8df35672512fb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ar.dll
bb1670000d7523d751b86533e6de7dab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bg.dll
6561da3744dfa44af916fa92663a051a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bn.dll
4b263bcf797e817fc42d7305a89b828f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ca.dll
4064c70f88757f5b80613d0cf656898b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_cs.dll
f3069af2e52c86b104361aa30aadf6f9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_da.dll
69f8ed0292876e742c8c30222925a7f5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_de.dll
f3d9a8628dc9779152517c457b4cb905 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_el.dll
81dd5689173e2802f974dc534aaa4e79 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en-GB.dll
014d4dbcbc508edd4f5ac1d2c8a14424 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en.dll
54f1e1fe139a3f136b6c894b46b5c057 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es-419.dll
81b37374e50852e83779b93cc1d4ffa1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es.dll
46fa3506c927010e38e2996e117a6829 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_et.dll
b29cb693019bdd3823b162f03efd0114 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fa.dll
c58c6c0271fd64638b5e4690cd846207 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fi.dll
68b08a905d564be369f0e209f4360edf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fil.dll
a146e9e82a2d7500ff32884828506c8a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fr.dll
15d3d4c60c5a08b11fe33a70a53c9f4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_gu.dll
c09832aefe7d77de2f2f639a57929e19 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hi.dll
bf431d4ee2492096ff973ac53a87f07a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hr.dll
684debab899d25c5e41562302e1bfdb8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hu.dll
2c3d3532bfc6cd69f24eef4d7c7f7724 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_id.dll
1643ff78cc111bc1097a82d9a89f0fd7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_is.dll
43ac2c923c27b8138e1abfc09e09a1da c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_it.dll
aa8fa8ad20e4059e6fd297ecd6fa3fbc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_iw.dll
f8ab593d23c0538b4cbe7185626079e4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ja.dll
8cd480bfe3fbb163ca29a027096b266e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_kn.dll
d111fbcf1a265aee3eaa3875d488fd08 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ko.dll
578a6a0ebc4fc949287568252f7e374c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lt.dll
c6845f88b4c44d9222577e6ad8c105c5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lv.dll
1f9789f498bb06a286db4936ff5948d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ml.dll
e2d99aea8bacf38c7bd1ae1b269f9a3b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_mr.dll
2f11d755a6b5b6bda38e53bced020bdf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ms.dll
f73c5b51c3ac6294e35dfc88ee0bb80f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_nl.dll
2eed9001cb88e17a95a15cac81fc44a3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_no.dll
8216ced7fe8f88354dad265374815a29 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pl.dll
8500c5450360249a16e77b48a952075e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-BR.dll
05a1876a5c12fe5d7acf0a174c3b92d9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-PT.dll
ed35794546fe3e883e591466a9d45946 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ro.dll
25c790e19afd77124974cc7d8c3c8f8e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ru.dll
4936a0e31c3d2064c17fd04b581eeae2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sk.dll
aa3f3dfda85cb55279bd9e4e3377a7cf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sl.dll
8d19d949c436f1a4ba4117e6ca9bd1a0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sr.dll
ed12f4c6e84ba29e45bbd612b33fb30d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sv.dll
fafed09184ce9e997512fa4c6651f44c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sw.dll
3d1a4a543afa4df9c035264eef830670 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ta.dll
d0b4c1e8819dbed6e06d7a01fc759448 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_te.dll
cd5f95bb0dc3c485fb2d7c512b180d59 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_th.dll
77058400a45d67cf8d12c026ca5400d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_tr.dll
19d3cefee1f384b4bbb6387a174e3129 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_uk.dll
2c7fbf0e7fbd9efaf0a762ff19b6499f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ur.dll
084794522171e4ed7822ce21999f94db c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_vi.dll
9276508edc7ebde9ead1302fa427192e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-CN.dll
6ab1b516dcd34f8dffd2dbbc7f5f02bb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-TW.dll
d6ceb564de09fc2c465109ee954301d8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll
0a641b609c2d73fe7064c76695289ba9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psmachine.dll
8a18dbdb8148977af450dda81f90de8c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll
a74ae4c060fc2d8d3ca8d8cb99bb97a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe
a74ae4c060fc2d8d3ca8d8cb99bb97a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe
a74ae4c060fc2d8d3ca8d8cb99bb97a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe
65ae1c0ebd434f736cc55cff43be3b9b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe
3aeb9c80a570797faaa162189a54e091 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe
b071da7f0159fef250e35a880c59dff5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdate.dll
629e29c7d669a1d281683688de4ede77 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll
8206b694882d57396fb8df35672512fb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll
bb1670000d7523d751b86533e6de7dab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll
6561da3744dfa44af916fa92663a051a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll
4b263bcf797e817fc42d7305a89b828f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll
4064c70f88757f5b80613d0cf656898b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll
f3069af2e52c86b104361aa30aadf6f9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll
69f8ed0292876e742c8c30222925a7f5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll
f3d9a8628dc9779152517c457b4cb905 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll
81dd5689173e2802f974dc534aaa4e79 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll
014d4dbcbc508edd4f5ac1d2c8a14424 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll
54f1e1fe139a3f136b6c894b46b5c057 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll
81b37374e50852e83779b93cc1d4ffa1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll
46fa3506c927010e38e2996e117a6829 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll
b29cb693019bdd3823b162f03efd0114 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll
c58c6c0271fd64638b5e4690cd846207 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll
68b08a905d564be369f0e209f4360edf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll
a146e9e82a2d7500ff32884828506c8a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll
15d3d4c60c5a08b11fe33a70a53c9f4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll
c09832aefe7d77de2f2f639a57929e19 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll
bf431d4ee2492096ff973ac53a87f07a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll
684debab899d25c5e41562302e1bfdb8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll
2c3d3532bfc6cd69f24eef4d7c7f7724 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll
1643ff78cc111bc1097a82d9a89f0fd7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll
43ac2c923c27b8138e1abfc09e09a1da c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll
aa8fa8ad20e4059e6fd297ecd6fa3fbc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll
f8ab593d23c0538b4cbe7185626079e4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll
8cd480bfe3fbb163ca29a027096b266e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll
d111fbcf1a265aee3eaa3875d488fd08 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll
578a6a0ebc4fc949287568252f7e374c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll
c6845f88b4c44d9222577e6ad8c105c5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll
1f9789f498bb06a286db4936ff5948d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll
e2d99aea8bacf38c7bd1ae1b269f9a3b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll
2f11d755a6b5b6bda38e53bced020bdf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll
f73c5b51c3ac6294e35dfc88ee0bb80f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll
2eed9001cb88e17a95a15cac81fc44a3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll
8216ced7fe8f88354dad265374815a29 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll
8500c5450360249a16e77b48a952075e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll
05a1876a5c12fe5d7acf0a174c3b92d9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll
ed35794546fe3e883e591466a9d45946 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll
25c790e19afd77124974cc7d8c3c8f8e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll
4936a0e31c3d2064c17fd04b581eeae2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll
aa3f3dfda85cb55279bd9e4e3377a7cf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll
8d19d949c436f1a4ba4117e6ca9bd1a0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll
ed12f4c6e84ba29e45bbd612b33fb30d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll
fafed09184ce9e997512fa4c6651f44c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll
3d1a4a543afa4df9c035264eef830670 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll
d0b4c1e8819dbed6e06d7a01fc759448 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll
cd5f95bb0dc3c485fb2d7c512b180d59 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll
77058400a45d67cf8d12c026ca5400d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll
19d3cefee1f384b4bbb6387a174e3129 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll
2c7fbf0e7fbd9efaf0a762ff19b6499f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll
084794522171e4ed7822ce21999f94db c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll
9276508edc7ebde9ead1302fa427192e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll
6ab1b516dcd34f8dffd2dbbc7f5f02bb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll
d6ceb564de09fc2c465109ee954301d8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll
0a641b609c2d73fe7064c76695289ba9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psmachine.dll
8a18dbdb8148977af450dda81f90de8c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psuser.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Catalina Group Ltd.
Product Name: CatalinaGroup Update
Product Version: 1.3.25.224
Legal Copyright: Copyright 2013 Catalina Group Ltd.
Legal Trademarks:
Original Filename: CatalinaUpdateSetup.exe
Internal Name: CatalinaGroup Update Setup
File Version: 1.3.25.224
File Description: CatalinaGroup Update Setup
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 47535 47616 4.63635 2752a1441fa592610b94de20c1f02a58
.rdata 53248 10788 11264 3.70591 08a549e7e24200a65fe64f13d9d48bcd
.data 65536 6460 3584 1.72368 8e425fbedc6927dfabb8fdfaaf8e8d97
.rsrc 73728 651496 651776 5.29836 6ad3616be95fba15a3000a3c1987713f
.reloc 729088 5598 5632 2.64966 17957bd86fff892742280f82a0bf537a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 89
3c2f29dbac5842ca1a35747628ac2ed0
492b9073f23618a0f756bc7d5f1a961a
42df143b0c9256db0806f6082a879aa5
6c386979e0f3920030523a16ad7f1a96
2b690e05bdabb71175033882d49df613
cbccc1c0fffdcbef80e6a37e76840b5c
002b2a29dd3915bfdc96f8df636c1a66
dde8586a146e7713c7d5d46e1df890d6
08b6f76532753381f91293666cc0f68d
40ab20fcec1676377f267e2cc98cca07
0f7c1ad0394bd5f62d0c1e3108c98f36
0cd334a1f46724d62173322d6f160fd6
f4803e596ea0c7d8e35075cc2050de7c
e3ad1b46b7e6b3b5ffbc678f8ed7427c
9ba67ec1b2bd6ea96f1ba5c1b4ec4b3c
f4e51f313f37bdfc823931262420e6bb
38065901c91d9cc6b05d78853f52cb7c
238a9e4343bab8932b423d842d9a51cd
cb1ddf005a5d1533bc859a11c7d8c76f
c80d89c50163d5e0f1cf96d7e7c65753
5e16792655b351942493816e91848b41
622a55597af7e151ffa41d50c1d596e1
e2d763b2bcc56b800c228ef6209bba6b
302350fdd85223fb6880c643c54ba192
12099f636e00b9eb507a113aa1095680

URLs

URL IP
hxxp://catalinahub.net/update/ping
hxxp://catalinahub.net/update/check
hxxp://gs1.wpc.v2cdn.net/80A164/ch-cdn/download/citrio_50.0.2661.273_1.exe


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

POST /update/ping HTTP/1.1
User-Agent: Google Update/1.3.25.224;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: catalinahub.net
Content-Length: 613
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.25.224" ismachine="0" sessionid="{125B4542-303A-4113-B7F4-4F035B4F166F}" userid="{BA302A1B-F962-45B0-AFD4-CE882163B490}" installsource="taggedmi" testsource="auto" requestid="{B3D39511-F895-42E3-8234-EBC42DC4FED9}"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{6C598730-F715-407B-A7AE-A8F10D0F8FA7}" version="" nextversion="1.3.25.224" buildtype="" lang="en" brand="" client="" iid="{71B2FDF3-48CA-49CA-9B7D-C76AED72032A}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0"/></app></request>
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2016 02:24:19 GMT
Server: Apache-Coyote/1.1
X-Citrio-Timestamp: R/k2k1R Rt8N1MGhSprmhDQ0WYE=
Content-Type: application/xml;charset=UTF-8
Cache-Control: max-age=0, public
Expires: Fri, 07 Oct 2016 02:24:20 GMT
Connection: close
Transfer-Encoding: chunked
e5..<?xml version="1.0" encoding="UTF-8" standalone="yes"?><r
esponse protocol="3.0" server="dist"><dayStart elapsed_seconds="
8660"/><app appid="{6C598730-F715-407B-A7AE-A8F10D0F8FA7}" statu
s="ok"><event status="ok"/></app></response>..0..



HEAD /80A164/ch-cdn/download/citrio_50.0.2661.273_1.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: wpc.A164.taucdn.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, public
Content-Type: application/octet-stream;charset=UTF-8
Date: Fri, 07 Oct 2016 02:24:22 GMT
Etag: W/"59173264-1474962908000"
Expires: Fri, 07 Oct 2016 02:24:23 GMT
Last-Modified: Tue, 27 Sep 2016 07:55:08 GMT
Server: Apache-Coyote/1.1
X-Cache: HIT
Content-Length: 59173264
HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=0, publi
c..Content-Type: application/octet-stream;charset=UTF-8..Date: Fri, 07
 Oct 2016 02:24:22 GMT..Etag: W/"59173264-1474962908000"..Expires: Fri
, 07 Oct 2016 02:24:23 GMT..Last-Modified: Tue, 27 Sep 2016 07:55:08 G
MT..Server: Apache-Coyote/1.1..X-Cache: HIT..Content-Length: 59173264.
.....


GET /80A164/ch-cdn/download/citrio_50.0.2661.273_1.exe HTTP/1.1


Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: wpc.A164.taucdn.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, public
Content-Type: application/octet-stream;charset=UTF-8
Date: Fri, 07 Oct 2016 02:24:22 GMT
Etag: W/"59173264-1474962908000"
Expires: Fri, 07 Oct 2016 02:24:25 GMT
Last-Modified: Tue, 27 Sep 2016 07:55:08 GMT
Server: Apache-Coyote/1.1
X-Cache: HIT
Content-Length: 59173264
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........W...6...6..
.6..d.?..6...6...6...O...6...d/..6...6c..6...O*..6..Rich.6............
..............PE..L...8..W.................&..........:#.......@....@.
......................... .......U....................................
...P..P....`..................................8.......................
.....................P...............................text...'%.......&
.................. ..`.data........@[email protected]..
.....P.......*..............@[email protected]........`.......0..............@.
[email protected][email protected]............................
......................................................................
......................................................................
......................................................................
......................................................................
................................................8..W........m... ... .
......8..W....................{.9.2.F.8.A.2.1.9.-.E.7.4.0.-.4.9.D.5.-.
B.7.8.5.-.B.9.6.2.A.D.8.1.9.7.2.4.}.....{.E.9.F.2.4.A.7.C.-.1.3.C.A.-.
4.2.F.B.-.A.4.D.9.-.7.9.C.3.C.9.D.2.1.B.2.8.}.....{.D.E.2.8.A.2.E.A.-.
7.7.F.A.-.4.F.2.B.-.8.2.5.2.-.C.3.B.5.8.4.4.F.6.4.5.5.}.....{.F.0.B.5.
0.D.5.A.-.4.B.B.A.-.4.5.1.4.-.A.D.2.C.-.E.B.A.5.0.C.2.9.C.4.6.0.}.....
..@.-.-.c.h.r.o.m.e.-.s.x.s.....-.-.c.h.r.o.m.e.....-.-.c.h.r.o.m.e.-.
f.r.a.m.e.....-.-.m.u.l.t.i.-.i.n.s.t.a.l.l...-.-.s.y.s.t.e.m.-.l.
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

CatalinaCrashHandler.exe_1084:

.text
`.data
.text/DE
@.rsrc
@.reloc
SHELL32.dll
USER32.dll
SHLWAPI.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
CatalinaUpdate_unsigned.pdb
RegOpenKeyExW
ADVAPI32.dll
KERNEL32.dll
ole32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
<requestedExecutionLevel level="asInvoker" />
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!--This Id value indicates the application supports Windows 8 functionality-->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!--This Id value indicates the application supports Windows 8.1 functionality-->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!--This Id value indicates the application supports Windows 10.0 functionality-->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
###7777_{
###____777
###````87{
2 2$2(2,20242~2
4 4$4(4,4
?$?(?,?4?
> >@>\>`>
? ?@?\?`?
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaCrashHandler.exe
KERNEL32.DLL
mscoree.dll
goopdate.dll
CatalinaUpdate.exe
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
1.3.25.224
2007-2010
2007-2010

citrio.exe_668:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_1852:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_1852_rwx_04A0A000_00038000:

PPP;
PP;
PPPP;
PPPPPP;
PPPPP;
VW;

citrio.exe_1852_rwx_0750A000_000F5000:

VW;
PPPPP;
PP;
Ph%X7
PPP;
PPPP;
PPPPPPP;
PPPPPPPP;
PPPPPPPPPPP;
PPPPPP;
PPPPPPPPPP;
webk
PPPPPPPPPPPPPP;
PPPPPPPPPPPP;
PPPPPPPPP;
PPPPPPPPPPPPP;
=.DOU
=.DOUu
=WWW.

citrio.exe_2680:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_2724:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_2680_rwx_06E0A000_000F5000:

XVWSSShH

citrio.exe_3660:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_2724_rwx_0780A000_000F5000:

Phø
j.hYv
webk
=.DOU
=.DOUu
Qj.hu
=.ya.
=.ya.u

citrio.exe_2724_rwx_0810A000_000F5000:

.facu
webv
=.FAC
=.FACu
=HTTP

citrio.exe_3660_rwx_0580A000_00038000:

VW;
PPP;
PP;
PPPP;
PPPPPP;
PPPPP;

citrio.exe_3660_rwx_06E0A000_000F5000:

PP;
VW;
PPPPP;
PPP;
PPPP;
PPPPPPP;
PPPPPPPP;
PPPPPPPPPPP;
PPPPPP;
PPPPPPPPP;

citrio.exe_3892:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe

citrio.exe_2524:

.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\chrome_exe_main_win.cc
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\app\main_dll_loader_win.cc
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\browser_watcher\watcher_client_win.cc
%s-%x
CHROME_MAIN_TICKS
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
CHROME_PROBED_PROGRAM_FILES_PATH
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\module_util_win.cc
No valid Chrome version found
chrome-sxs
googlechrome
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\channel_info.cc
iexplore.exe
googlechromeframe
Cannot initialize AppCommands from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
c:\jenkins\workspace\citrio-dev-clone\browser\src\chrome\installer\util\app_command.cc
kernel32.dll
c:\jenkins\workspace\citrio-dev-clone\browser\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
widevinecdmadapter.dll
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
user_experience_metrics.reporting_enabled
CITRIO_BREAKPAD_PIPE_NAME
c:\jenkins\workspace\citrio-dev-clone\browser\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
SHELL32.dll
ole32.dll
OLEAUT32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
.thunks
.syzygy
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
full-memory-crash-report
c:\jenkins\workspace\Citrio-Dev-Clone\browser\src\out\Release\initialexe\citrio.exe.pdb
citrio.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
citrio_elf.dll
VERSION.dll
WINMM.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
SetProcessShutdownParameters
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
444.44...4
4.4....4.
..44.44@4
4@444@4.
.4@4@@4.
}.GnO
 Ôjo
k.SZ[
j.oii
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="50.0.2661.273" version="50.0.2661.273" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
00J0
4O4
>">'>,>9>
=&=/=6=>=!>
8!8)8/888
8 8$8(8,8
< <$<(<,<0<4<8<<<
4 4(40484
4 4$4(4,40444
7 7$7(7,7
5(545@5`5
citrio_watcher.dll
citrio.dll
citrio_child.dll
metro_driver.dll
{E9F24A7C-13CA-42FB-A4D9-79C3C9D21B28}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{3599E25E-6314-4BE9-AE14-E51877342426}
{675046A3-9F4F-4805-A81C-CBF753FE3428}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio
-chrome
-chromeframe
WebAccessible
{92F8A219-E740-49D5-B785-B962AD819724}
{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}
hXXp://VVV.citrio.com/goodbye.html?intl=$1&survey_id=%ls
%d.%d.%d
{DE28A2EA-77FA-4F2B-8252-C3B5844F6455}
DGoogle Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{F0B50D5A-4BBA-4514-AD2C-EBA50C29C460}
Google Chrome binaries
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Ckernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
gdi32.dll
xntdll.dll
wow_helper.exe"
shell32.dll
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
version.json
NPSWF32.dll
${windows}
\\.\pipe\CatalinaGroupCrashServices\
\\.\pipe\CitrioCrashServices
error %u
chrome.exe
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Ndebug.log
\StringFileInfo\xx\%ls
Chrome_MessageWindow
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe
IDR_X006_CITRIO_CHROMESTORE
50.0.2661.273
citrio_exe


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1832
    CatalinaUpdate.exe:468
    CatalinaUpdate.exe:260
    CatalinaUpdate.exe:1388
    CatalinaUpdate.exe:644
    CatalinaUpdate.exe:1756
    CatalinaUpdate.exe:376
    citrio.exe:1140
    citrio.exe:468
    citrio.exe:2908
    citrio.exe:1972
    citrio.exe:1312
    citrio.exe:2132
    citrio.exe:1372
    citrio.exe:2076
    citrio.exe:2408
    citrio.exe:1492
    citrio.exe:248
    citrio.exe:1656
    citrio.exe:3444
    citrio.exe:1648
    citrio.exe:2392
    citrio.exe:1360
    citrio.exe:648
    citrio.exe:800
    citrio.exe:1660
    youtube-dl.exe:3084
    CatalinaCrashHandler.exe:1084
    citrio_50.0.2661.273_1.exe:1336
    setup.exe:1856

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_id.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hi.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fr.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fil.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lt.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sv.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_el.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_cs.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en-GB.dll (25 bytes)
    %WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_no.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bn.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sw.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_tr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_mr.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ms.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_th.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_et.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateHelper.msi (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_en.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_gu.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ja.dll (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_te.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_kn.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ca.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ml.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sk.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hu.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdate.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_sl.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-BR.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ur.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ta.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pl.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fi.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es-419.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_am.dll (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\npCatalinaUpdate3.dll (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateOnDemand.exe (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_nl.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psmachine.dll (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_pt-PT.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ko.dll (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_de.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_is.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_vi.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdate.dll (5873 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaUpdateBroker.exe (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_bg.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_da.dll (26 bytes)
    %WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-TW.dll (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_es.dll (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ru.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_hr.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ar.dll (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_it.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_zh-CN.dll (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\psuser.dll (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_fa.dll (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_lv.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\CatalinaCrashHandler.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_uk.dll (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_ro.dll (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.224\goopdateres_iw.dll (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install\{AD74F5BC-0736-40AF-997D-E8B9413B1D1A}\citrio_50.0.2661.273_1.exe (449813 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\50.0.2661.273\citrio_50.0.2661.273_1.exe (449813 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ru\messages.json (538 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\25.tmp (5873 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lv\messages.json (699 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\18.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon48.png (803 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CabD.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites (5232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ar\messages.json (523 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon32.png (581 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_16.png (556 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar11.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_4F42Y0YY41ekt4g (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_off.png (734 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\http_citrio.com_0.localstorage (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing IP Blacklist_new (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000001 (105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\tr\messages.json (650 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\vi\messages.json (720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Download_new (119280 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TarE.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000002 (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2E.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Download Whitelist_new (4616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon256.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\id\messages.json (517 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\en\messages.json (459 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en_GB\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\th\messages.json (700 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\13.tmp (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fi\messages.json (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fr\messages.json (708 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data (3478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es\messages.json (696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1C.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\fil\messages.json (566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\id\messages.json (932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\29.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\uk\messages.json (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pl\messages.json (666 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Extension Blacklist_new (14296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\bg\messages.json (886 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon16.png (317 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\icon_128.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hi\messages.json (941 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\et\messages.json (609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ar\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\share_page.crx (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\manifest.json (983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\download_all.crx (3073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_3 (7640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Idr4UyegXJMCono (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_1 (95160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\7.tmp (1478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\manifest.json (773 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sk\messages.json (671 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_TW\messages.json (640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon16.png (420 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (220 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\C.tmp (293110 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (27055 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\id\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (51 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Shortcuts-journal (532 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\C.tmp (6647653 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab10.tmp (51 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\es_419\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000003 (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon128.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000005 (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000004 (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000007 (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\First Run (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000009 (106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000008 (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\en\messages.json (492 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing UwS List Prefix Set (1780 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ja\messages.json (778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2B.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Cookies-journal (5308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Csd Whitelist_new (32048 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\pt_BR\messages.json (961 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\th\messages.json (589 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data (29629 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nb\messages.json (644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ko\messages.json (669 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\en\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000a (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\el\messages.json (875 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000c (106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\6.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\16.tmp (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\da\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing UwS List_new (223414 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\cs\messages.json (663 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sl\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_16.png (478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_J4lUOriDqtCmSlA (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\pt_BR\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_2 (1880 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ca\messages.json (705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\15.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_19.png (687 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C1F94CD5CA263ECFB1A4BAB1B832C909 (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000003.log (511 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\zh_CN\messages.json (595 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\uk\messages.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\LOG (191 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Login Data-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\2A.tmp (28 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\26.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ru\messages.json (783 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\21.tmp (307855 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (138444 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\19.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hr\messages.json (633 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ar\messages.json (630 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\fil\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\LOG (178 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\17.tmp (644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\id\messages.json (451 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\12.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\hu\messages.json (710 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_128.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\LOG (178 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Visited Links (560 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\24.tmp (12683 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1A.tmp (60 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\8.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\lt\messages.json (686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_1ICmPbZiBhASWDT (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\it\messages.json (622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Top Sites-journal (12948 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_lp6u3KPkhd0iLzN (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_BR\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\th\messages.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\ms\messages.json (473 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_00000b (104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\citrio_ext.crx (114298 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\media_downloader.crx (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\pt_BR\messages.json (547 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\28.tmp (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_goOrxcIoREiXY4E (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Bloom_new (1267517 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_REWKiMzafVuOXGn (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\14.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History (29905 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\30.tmp (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\en\messages.json (919 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ru\messages.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\README (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\data_0 (421848 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2C.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\en\messages.json (617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\icon.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Current Session (19510 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\20.tmp (341547 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\31.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ms\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\pt_PT\messages.json (661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\de\messages.json (701 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sr\messages.json (814 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Storage\http_citrio.com_0.localstorage-journal (5554 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\uk\messages.json (615 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cache\f_000006 (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_nNspzgUBf4e3jw8 (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons (8470 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\nl\messages.json (642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor (5093 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\2F.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Web Data-journal (13750 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CabA.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\History-journal (17212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\LOG (178 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\5.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Bloom Prefix Set (7324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon64.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Origin Bound Certs-journal (7143 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\23.tmp (57197 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\27.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\id\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\ro\messages.json (668 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ru\messages.json (627 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\sv\messages.json (649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon24.png (440 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\_locales\ms\messages.json (526 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1D.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\fil\messages.json (992 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\fil\messages.json (692 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16.png (511 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Favicons-journal (16504 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Session Storage\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\1B.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000003.log (14919 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ms\messages.json (948 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies (3073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TarB.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Network Action Predictor-journal (11985 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Cookies-journal (14133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\pt_BR\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_locales\uk\messages.json (789 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\_locales\ar\messages.json (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\proxy.crx (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Kw05aboolRRuozj (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\1E.tmp (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C1F94CD5CA263ECFB1A4BAB1B832C909 (180 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\22.tmp (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\static.png (546 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\_locales\fil\messages.json (490 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\icon_mono_on.png (752 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\User Data\Safe Browsing Inclusion Whitelist_new (136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon128.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\16-old.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\logo.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon64.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.tw.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.fb.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon16.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\locale.js (271 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon.gp.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\background.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon48.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\js\popup.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\css\template.css (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\popup.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\DECODED_MESSAGE_CATALOGS (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_27233\CRX_INSTALL\images\icon35.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\content_dv.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\python34.dll (164484 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_elementtree.pyd (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_hashlib.pyd (49912 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\QtCore4.dll (152471 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_lzma.pyd (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\win32wnet.pyd (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\base_library.zip (206432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\Include\pyconfig.h (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\content_stats.js (605 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_notification.js (694 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\pyexpat.pyd (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\msvcr100.dll (49672 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\QtGui4.dll (541377 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\icon_empty.png (158 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\background.html (346 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_ctypes.pyd (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_dv.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_ssl.pyd (66767 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\citrio_ext.dll (34392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\ssleay32.dll (18768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\msvcp100.dll (27336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\youtube-dl.exe (195990 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\pywintypes34.dll (7784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\unicodedata.pyd (48768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libtorrent.dll (129574 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\dlnlib.dll (38624 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\imageformats\qico4.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_socket.pyd (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\_bz2.pyd (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libcurl.dll (22840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\win32api.pyd (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\zlib1.dll (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\select.pyd (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\binaries\win\libeay32.dll (76989 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\CRX_INSTALL\scripts\background_stats.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_15747\DECODED_IMAGES (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.Ed3892 (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qt_temp.AM3892 (460 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (2616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ru\messages.json (391 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\en\messages.json (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\background.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\background.html (174 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\fil\messages.json (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\uk\messages.json (415 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ms\messages.json (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\id\messages.json (211 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\th\messages.json (460 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\ar\messages.json (374 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_23456\CRX_INSTALL\_locales\pt_BR\messages.json (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0QUZG150\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QA0OB8OJ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\debug.log (129 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0PEZSXMN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q7U92PQN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\js.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\style.css (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\sprite.png (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\background.js (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_MESSAGE_CATALOGS (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\popup.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\active.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\locale.js (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all-hover.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\jquery-1.11.0.min.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\download-all-disable.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\disable.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\theme.css (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\select-all-active.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\open-icon.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\DECODED_IMAGES (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_4716\CRX_INSTALL\skin\icons\download-all.png (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libadpcm_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Blend.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarBackground.qml (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdiracsys_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\joox.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libkate_plugin.dll (7784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libaudiobargraph_a_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Label.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\rockbox_fm_presets.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libatmo_plugin.dll (14960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\HueSaturation.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libtwolame_plugin.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslc300.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libcaca_plugin.dll (52816 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick.2\qmldir (111 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\popup.wrapper.bg.png (932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libaudio_format_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\katsomo.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\text_renderer\libtdummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\Style.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\DirectionalBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdtstofloat32_plugin.dll (11736 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libchain_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\librecord_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_vdr_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdvdread_plugin.dll (10864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\PlaylistMenuItems.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TextFieldStyle.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Button.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\style.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_display_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\koreus.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\metachannels.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_smem_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libstream_filter_rar_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmkv_plugin.dll (69548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\liblibbluray_plugin.dll (130760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\jquery-2.1.4.min.js (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libremoteosd_plugin.dll (35544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\appletrailers.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmirror_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\CheckBox.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\BigPlayIcon.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatMouse.qml (813 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libasf_plugin.dll (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libhttplive_plugin.dll (37784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libmpeg_audio_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libaiff_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libvdr_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_copy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\metacafe.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ProgressBar.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\BusyIndicatorStyle.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libaes3_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\SystemPaletteSingleton.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbce700.woff2 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_rar_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarMiddle.qml (412 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossle600.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\secondary.ttf (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\SpinBox.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\def-cover.png (60000 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_avi_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianDirectionalBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\msvcr90.dll (41752 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackViewTransition.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmod_plugin.dll (34392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SwitchStyle.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libclone_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_wav_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\modules\host.luac (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\MediaPlayer.js (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-down.png (184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libscale_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libcompressor_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\zapiks.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libblend_plugin.dll (12984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libhqdn3d_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libpng_plugin.dll (20400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TableViewStyle.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\slider-handle.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\MenuBar.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libugly_resampler_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libvpx_plugin.dll (81852 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libadjust_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libchain_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_langfromtelx_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_gather_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\button_down.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\icast.luac (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libdash_plugin.dll (49624 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libsap_plugin.dll (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\cursor-openhand.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\no_photo_icon_blur.png (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdxva2_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_shout_plugin.dll (28864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RecursiveBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libgl_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libidummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libschroedinger_plugin.dll (69254 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\ssleay32.dll (20400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsmf_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvobsub_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmosaic_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\vimeo.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\mpora.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuContentScroller.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libfreeze_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\liba52tospdif_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\FocusFrame.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\del-icon.png (60000 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaddonsvorepository_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\playlist_youtube.lua (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Menu.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libcaf_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaudioscrobbler_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libuleaddvaudio_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_livehttp_plugin.dll (34872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libimage_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmotiondetect_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_dirac_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgaussianblur_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\header.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libnormvol_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\StackView.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libvlc.dll (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_realrtsp_plugin.dll (7784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\dragger.png (104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libxml_plugin.dll (68161 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\WebChimera.dll (883728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\RadioButton.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmpgv_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\telnet.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VideoLayer.qml (291 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ModalPopupBehavior.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libtcp_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_dummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuContentItem.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_tcp_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libjpeg_plugin.dll (17616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\player_logo_small_h.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Calendar.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_stats_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libfaad_plugin.dll (22904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ColorOverlay.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libalphamask_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libadummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsubsdelay_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\BrightnessContrast.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Functions.qml (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\modules\httprequests.luac (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_delay_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ScrollBar.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuHeader.qml (612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\pluzz.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liblogo_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_IMAGES (1642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblibmpeg2_plugin.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawaud_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libty_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\MediaPlayer.html (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirectdraw_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_rtp_plugin.dll (40608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libaddonsfsstorage_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu_base.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\GammaAdjust.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libwingdi_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\tab.png (460 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgradfun_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdirac_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\jamendo.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libstereo_widen_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubsusf_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatScale.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_udp_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\close_but.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\02_frenchtv.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianInnerShadow.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcc_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_udp_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\d3dcompiler_43.dll (130008 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libps_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_bridge_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\liblogger_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\BusyIndicator.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ProgressBar.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastInnerShadow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuContent.qml (106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Desaturate.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Hotkeys.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\03_lastfm.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\reader\filename.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libftp_plugin.dll (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\dkjson.luac (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\anevia_xml.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\icecast.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ColumnMenuContent.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libdeinterlace_plugin.dll (10864 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libblendbench_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\FastGlow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ApplicationWindow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpanoramix_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libgain_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libspeex_plugin.dll (10216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libscte27_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Menu.qml (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libh264_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpostproc_plugin.dll (7784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libextract_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi420_yuy2_mmx_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osble700.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_mmx_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\soundcloud.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossc600.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\librss_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarRight.qml (124 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\extensions\VLSub.luac (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Layouts\plugins.qmltypes (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuClose.qml (588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblibass_plugin.dll (82923 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\mediaplayer.css (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TimeBubble.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ToolBar.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TabViewStyle.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastMaskedBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liblpcm_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\http.luac (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libx265_plugin.dll (129336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\SourceProxy.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ToolMenuButton.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawvid_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\text_renderer\libfreetype_plugin.dll (49624 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\simplexml.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libyuy2_i422_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdrawable_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubstx3g_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libaudiobargraph_v_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\liblive555_plugin.dll (46368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\bbc_co_uk.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmarq_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpuzzle_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libogg_plugin.dll (21968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmpc_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\default.ttf (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-up.png (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ts_plugin.dll (9352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarTimeLength.qml (365 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TableView.qml (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libreal_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\MaskedBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_large.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\background.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libscene_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_i420_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\anevia_streams.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libavcodec_plugin.dll (859104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libxa_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\qmldir (852 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libspeex_resampler_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\openfolder.ttf (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libwav_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\main.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libvdummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\liba52_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvoc_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libpva_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarBorder.qml (96 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\00_musicbrainz.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\ui.core.js (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libddummy_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\youtube.luac (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\CalendarUtils.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libyuy2_i420_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_file_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libswscale_plugin.dll (45152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SubtitleMenuItems.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osle400.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libspatializer_plugin.dll (8472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libyuvp_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StatusBar.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdvdnav_plugin.dll (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libequalizer_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbl700.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmotionblur_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcanvas_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\StatusBarStyle.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\leftanglearrow.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libripple_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\SliderStyle.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\FastBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextHandle.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdmo_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libt140_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\CalendarHeaderModel.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\canalplus.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ContentItem.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\def-fon.png (63982 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\noise.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Switch.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\dumpmeta.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libfingerprinter_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossce600.woff2 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\cli.luac (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TextArea.qml (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_http_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\cue.luac (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmp4_plugin.dll (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libspudec_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libglwin32_plugin.dll (7288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\StackViewSlideDelegate.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TopRightText.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_mms_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextInputWithHandles.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Displace.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirect3d_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libquicktime_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\webchimera_logo_small.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libantiflicker_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_hevc_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\EditMenu_ios.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osc400.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libgme_plugin.dll (26544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi420_yuy2_sse2_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemux_cdg_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TableViewColumn.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libzip_plugin.dll (9352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MouseSurface.qml (346 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_medium.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\slider-groove.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osl400.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianGlow.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libavi_plugin.dll (7288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\librotate_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\liveleak.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\ossl600.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\DropShadow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ConicalGradient.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (148 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ContextMenu.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Glow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libplaylist_plugin.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libupnp_plugin.dll (43768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\pinkbike.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\qmldir (913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Slider.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\meta_engine\libfolder_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsmb_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsftp_plugin.dll (47264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libinvert_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnuv_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libbluray-j2se-0.7.0.jar (40608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\common.luac (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\COPYING.txt (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsharpen_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\BasicButton.qml (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_bd_plugin.dll (7784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\modules\sandbox.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\styles.css (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libzvbi_plugin.dll (84591 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libx264_plugin.dll (68691 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\FocusFrameStyle.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libes_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_ftp_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\LevelAdjust.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\FastGlow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\dummy.luac (819 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\OpacityMask.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslle300.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libgnutls_plugin.dll (73247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libflac_plugin.dll (29424 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ZoomBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Buttons.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osce400.woff2 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\art\01_googleimage.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\UIsettings.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libmjpeg_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libparam_eq_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libwasapi_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\france2.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libudp_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_vc1_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TabBar.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libexport_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_standard_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi422_yuy2_mmx_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackView.qml (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osbc700.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdvbsub_plugin.dll (8472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ArtworkLayer.qml (232 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemux_stl_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libqsv_plugin.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\MenuScroll.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi422_yuy2_sse2_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libtheora_plugin.dll (22840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_mpjpeg_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libdts_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libwall_plugin.dll (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RectangularGlow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libopus_plugin.dll (23160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdtv_plugin.dll (17616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\player_logo_small.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\InnerShadow.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\liba52tofloat32_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\librar_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-transient.png (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\librtp_plugin.dll (34392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_asf_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libhevc_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_description_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libdemuxdump_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libimem_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\MenuItemSubControls.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\qmldir (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsubsdec_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libmpgatofixed32_plugin.dll (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libwaveout_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_filter\libsmooth_plugin.dll (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\core\Settings.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_imem_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TextSingleton.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_autodel_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\googlevideo.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Layouts\qmldir (130 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\temp.bg.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RadialBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\plugins.qmltypes (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\MenuBarStyle.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_raop_plugin.dll (36408 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libvcd_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libvmem_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libtimecode_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libau_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libmono_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\CustomButton.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\Colorize.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\focusframe.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeat.qml (493 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libvhs_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\sprite.png (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi422_yuy2_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libvod_rtsp_plugin.dll (7288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\webchimera.js (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Toolbar.qml (517 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\librawvideo_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick.2\plugins.qmltypes (14960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\misc\libstats_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libkaraoke_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcvdsub_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\youtube_homepage.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\CalendarStyle.qml (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatColors.qml (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_smb_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\metachannels.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libyuv_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TabView.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libscaletempo_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libpsychedelic_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\GaussianMaskedBlur.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ToolBarStyle.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libvc1_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libhttp_plugin.dll (9352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\fmc.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\oslce300.woff2 (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png (939 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\meta_engine\libtaglib_plugin.dll (84027 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_output\libdirect2d_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\MenuStyle.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libamem_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libts_plugin.dll (11704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libsamplerate_plugin.dll (80307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TopCenterText.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\storage.core.js (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\Fonts.qml (962 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_es_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libfilesystem_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libsdp_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\GaussianBlur.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libwindrive_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnsv_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\js\app.core.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\webchimera_logo.png (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libsepia_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\editbox.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\break.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libstl_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ogg_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\SplitView.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_chromaprint_plugin.dll (60000 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcrystalhd_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libi420_rgb_sse2_plugin.dll (8472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mmx\libi420_rgb_mmx_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\ScrollViewHelper.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libremap_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\librv32_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libg711_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\check.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\rightanglearrow.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\[email protected] (139 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\groupbox.png (485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libmagnify_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SubtitleText.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ScrollView.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-right.png (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\intf\luac.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Tab.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libanaglyph_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_ps_plugin.dll (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_mixer\libinteger_mixer_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\StackViewDelegate.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\spinner_small.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\TextField.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_setid_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\sd\jamendo.luac (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libtta_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libmmdevice_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access_output\libaccess_output_dummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_flac_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liboldmovie_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcroppadd_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\tab_selected.png (498 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\lelombrik.luac (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\fonts\glyphicons.ttf (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\TitleBar.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libdirectsound_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\HoverButton.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\sse2\libi420_rgb_sse2_plugin.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ButtonStyle.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\AbstractCheckable.qml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\RadialGradient.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ComboBox.qml (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\button.extraction.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\ToolButton.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\dailymotion.luac (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libsvcdsub_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\arrow-left.png (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\control\libdummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libchorus_flanger_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\ThresholdMask.qml (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\vlc.exe (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libcolorthres_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\TableViewSelection.qml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsubtitle_plugin.dll (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_dummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\RadioButtonStyle.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\VolumeHeatGraphics.qml (812 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\lua\liblua_plugin.dll (21968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgrain_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libflacsys_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libswscale_plugin.dll (25104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\librawdv_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\TextAreaStyle.qml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_duplicate_plugin.dll (3656 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libsid_plugin.dll (61240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_http_plugin.dll (8472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libattachment_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\black.png (16664 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarLeft.qml (96 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\meta\fetcher\tvrage.luac (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_transcode_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_chroma\libgrey_yuv_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\mux\libmux_mp4_plugin.dll (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\qmldir (134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libball_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\lua\playlist\extreme.luac (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_mixer\libfloat_mixer_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libeay32.dll (68422 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libaccess_attachment_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libpodcast_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libcdg_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libgradient_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\libvlccore.dll (154931 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libcdda_plugin.dll (11704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\liberase_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libbluescreen_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\ToolButtonStyle.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\GroupBox.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libshm_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdtstospdif_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libsimple_channel_mixer_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libtransform_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\BigPauseIcon.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_filter\libdolby_surround_decoder_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_mlp_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libmft_plugin.dll (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\services_discovery\libmediadirs_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Private\Control.qml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\packetizer\libpacketizer_h264_plugin.dll (6872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\audio_output\libafile_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libdshow_plugin.dll (36408 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtQuick\Controls\Styles\Base\images\button.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\SplashScreen.qml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\themes\sleek\components\ToolbarButton.qml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\LinearGradient.qml (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libposterize_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\qml\QtGraphicalEffects\private\SourceProxy.qml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\player\images\dots.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\access\libscreen_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\stream_out\libstream_out_record_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libedummy_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\video_filter\libwave_plugin.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\demux\libnsc_plugin.dll (3808 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\images\icon_16.png (353 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libaraw_plugin.dll (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\font\osll300.woff2 (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\binaries\win\plugins\codec\libvorbis_plugin.dll (48104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_7428\CRX_INSTALL\css\fonts.css (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\lib\jquery.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\search.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\locale.js (684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.interface.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.ui.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\button.logo.png (60000 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\background.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\button.logo.inactive.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\icon.close.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\css\template.css (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\images\logo.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\DECODED_MESSAGE_CATALOGS (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_10331\CRX_INSTALL\js\DTA.popup.js (59 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gs.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fo.png (462 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gw.png (465 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sh.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ly.png (383 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\settings.png (871 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tw.png (461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tl.png (569 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\si.png (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\eg.png (408 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\sandbox.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\settings-act.png (883 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\az.png (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\li.png (462 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\es.png (493 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\doT.min.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\popup.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mr.png (567 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gq.png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\np.png (634 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gt.png (549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cy.png (456 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tg.png (494 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\br.png (687 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kh.png (535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\km.png (561 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tj.png (436 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cv.png (492 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mc.png (333 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\na.png (717 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\list-img.png (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mg.png (380 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ps.png (516 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\uy.png (479 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mn.png (546 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gm.png (398 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.route.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\model.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tk.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bs.png (494 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\ui.js (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\popup.html (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tf.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ma.png (479 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ga.png (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ci.png (428 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\id.png (333 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\st.png (568 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kz.png (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cc.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vc.png (610 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bz.png (615 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\do.png (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mu.png (416 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\my.png (509 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mz.png (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ec.png (564 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\la.png (530 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\is.png (494 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cn.png (469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\co.png (387 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\af.png (534 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.local.js (619 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ck.png (630 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lb.png (491 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ve.png (464 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cg.png (674 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gh.png (453 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ru.png (350 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\py.png (442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fr.png (446 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\by.png (441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\au.png (614 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sj.png (485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\aq.png (586 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mv.png (537 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mw.png (485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hn.png (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ht.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\logging.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tm.png (553 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tv.png (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lc.png (631 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\mochi.js (363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ng.png (441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vg.png (618 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vi.png (612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ch.png (434 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nl.png (367 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\no.png (485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gi.png (516 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\base64.js (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mp.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lr.png (457 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\aw.png (453 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ar.png (439 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kw.png (476 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\background.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\us.png (488 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\za.png (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hk.png (611 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bl.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\om.png (446 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\yt.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\spine.js (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_IMAGES (68 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tn.png (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\eh.png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dj.png (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\new.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\td.png (461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_mono_on.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lu.png (367 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lt.png (395 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ye.png (362 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\DECODED_MESSAGE_CATALOGS (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\va.png (483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pk.png (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sc.png (677 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ws.png (492 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ag.png (622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bo.png (461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sv.png (450 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bb.png (573 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gl.png (521 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\so.png (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\close.png (552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fi.png (405 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dm.png (668 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\it.png (440 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\sandbox.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gu.png (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ee.png (380 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\styles\style.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sa.png (560 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cl.png (424 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nf.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sz.png (594 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pm.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\an.png (477 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mk.png (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ro.png (461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\rw.png (437 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dk.png (416 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kg.png (525 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sm.png (552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mt.png (410 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\styles\mochi.css (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tr.png (575 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_mono_off.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sb.png (649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ir.png (471 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ne.png (442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hm.png (614 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ms.png (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gf.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\iq.png (475 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ao.png (535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bg.png (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\speed.png (885 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ke.png (631 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\um.png (488 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cx.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\dz.png (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\et.png (566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ax.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kr.png (658 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nz.png (623 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\jquery.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vu.png (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\io.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nc.png (608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ba.png (627 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ua.png (399 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sr.png (470 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ca.png (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gr.png (433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ls.png (639 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pl.png (316 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\list-img-ac.png (620 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nr.png (465 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\tmpl.js (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\re.png (488 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\il.png (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\im.png (543 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cm.png (502 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bm.png (606 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\profile_list.js (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ge.png (509 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mh.png (698 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tt.png (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gn.png (453 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mf.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tz.png (655 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\nu.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mq.png (604 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pe.png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jp.png (471 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\qa.png (458 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fk.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fj.png (575 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\zm.png (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bw.png (425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gb.png (707 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pt.png (591 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\md.png (548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gg.png (501 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\agent.js (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\al.png (535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cd.png (621 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ky.png (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ni.png (431 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bf.png (445 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\fm.png (565 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\uz.png (462 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gy.png (686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\wf.png (518 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kp.png (480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ph.png (516 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sn.png (512 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hr.png (553 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ki.png (679 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pw.png (610 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\scripts\profile_detail.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bj.png (422 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jo.png (521 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gd.png (683 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bn.png (654 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lk.png (586 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\rs.png (542 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\be.png (452 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mo.png (647 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pf.png (476 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sl.png (377 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cz.png (492 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\lv.png (367 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\as.png (661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pn.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\hu.png (369 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cr.png (364 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bt.png (607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bd.png (577 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bi.png (740 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bh.png (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pr.png (498 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sy.png (422 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ml.png (463 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mm.png (451 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\at.png (363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\gp.png (509 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\sl_arrow.png (616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pa.png (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\icon_128.png (16664 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\se.png (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\bv.png (485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\image\ic16_gear.png (402 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\tc.png (604 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\in.png (431 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\vn.png (520 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\me.png (555 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ie.png (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ai.png (609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\zw.png (591 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\pg.png (629 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\je.png (632 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sk.png (495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\mx.png (526 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sg.png (409 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\sd.png (498 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cu.png (513 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\jm.png (711 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\to.png (427 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\de.png (391 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ad.png (540 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ae.png (446 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\th.png (356 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\kn.png (662 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\cf.png (514 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\am.png (414 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\er.png (645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\ic16_gear.png (402 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_6705\CRX_INSTALL\image\flags\ug.png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\craw_background.js (12376 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\craw_window.js (14960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_668_1444\DECODED_MESSAGE_CATALOGS (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\SETUP.EX_ (1731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\setup.exe (20838 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CR_88310.tmp\CITRIO.PACKED.7Z (443233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\citrio.7z (1358422 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\th.pak (1798 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\widevinecdmadapter.dll (186 bytes)
    %Documents and Settings%\%current user%\Desktop\Facebook.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_elf.dll (117 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\en-GB.pak (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hr.pak (251 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\PepperFlash\version.json (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_material_100_percent.pak (2 bytes)
    %Documents and Settings%\%current user%\Desktop\YouTube.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\tr.pak (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ms.pak (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\cs.pak (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\share_page.crx (65 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Citrio.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_material_200_percent.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl_irt_x86_64.nexe (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pl.pak (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\da.pak (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\id.pak (234 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio.dll (259439 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ca.pak (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\VisualElements\logo.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_200_percent.pak (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\te.pak (1870 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\zh-CN.pak (216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\delegate_execute.exe (3802 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\VisualElements\smalllogo.png (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pt-PT.pak (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fi.pak (247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\media_downloader.crx (1670 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\50.0.2661.273.manifest (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\nb.pak (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\lv.pak (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ko.pak (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\citrio.exe (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ta.pak (3691 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sk.pak (274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\chrome.VisualElementsManifest.xml (342 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\download_all.crx (1766 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\50.0.2661.273\Installer\setup.exe (9098 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\metro_driver.dll (1796 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\es-419.pak (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fil.pak (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_watcher.dll (1661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sw.pak (241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\es.pak (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\citrio_ext.crx (110258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sv.pak (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\et.pak (233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\zh-TW.pak (219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\mr.pak (1812 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\gu.pak (1805 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sr.pak (1681 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\secondarytile.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libglesv2.dll (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_100_percent.pak (6303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\vi.pak (293 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\uk.pak (1698 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\en-US.pak (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\proxy.crx (1676 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ru.pak (1688 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\natives_blob.bin (1711 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\snapshot_blob.bin (1802 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ml.pak (3743 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\he.pak (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\citrio_child.dll (321430 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hi.pak (1820 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\hu.pak (277 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Extensions\external_extensions.json (1 bytes)
    %Documents and Settings%\%current user%\Desktop\Citrio.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl_irt_x86_32.nexe (20507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\lt.pak (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\bg.pak (1714 bytes)
    %Documents and Settings%\%current user%\Desktop\Chrome Web Store.lnk (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ja.pak (318 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\bn.pak (1839 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libexif.dll (307 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\PepperFlash\pepflashplayer.dll (124061 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\nacl64.exe (12289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ro.pak (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\el.pak (1752 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\ar.pak (1641 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fa.pak (1654 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\libegl.dll (78 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\wow_helper.exe (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\icudtl.dat (75554 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\am.pak (1647 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\d3dcompiler_47.dll (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Application\citrio.exe (7433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\de.pak (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\pt-BR.pak (256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\kn.pak (3680 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\sl.pak (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\it.pak (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\fr.pak (284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\Locales\nl.pak (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Citrio\Temp\source1856_10276\Citrio-bin\50.0.2661.273\resources.pak (150724 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now