Win32.Sality.3_2f53b9a583

by malwarelabrobot on November 16th, 2015 in Malware Descriptions.

Win32.Sality.3 (B) (Emsisoft), Win32.Sality.3 (AdAware), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Worm, Virus, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 2f53b9a583a24fb5f23fa43db0930a24
SHA1: 3921f44c852b186e8e814130c9aee2a23cc717d6
SHA256: b9041b819952cc3d81ddefbc953a62c95fb5bc23d8fe5b360cbd40d81c49ac6e
SSDeep: 49152:0rZhre7NHjyywxJOr1SakOTapSU/i9L12HEz5hF8FTn:SrreB4xJq17kiw
Size: 2027608 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-05-28 15:48:12
Analyzed on: WindowsXP SP3 32-bit


Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Worm's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Worm creates the following process(es):

5E9C2970-6314-4954-8027-EE832E378B1.exe:2356
%original file name%.exe:1676

The Worm injects its code into the following process(es):

setup.exe:2020
2103.exe:628
Explorer.EXE:1912

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process setup.exe:2020 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files%\Crossbrowse\Crossbrowse\Temp\source2020_8295\chrome.7z (22581 bytes)

The process %original file name%.exe:1676 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\2103.exe (14988 bytes)
%WinDir%\system.ini (72 bytes)

The Worm deletes the following file(s):

C:\156d4a (0 bytes)

The process 2103.exe:628 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\expedia.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\priceline.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winpbyvx.exe (15019 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\youtube.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\skype.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\amazon.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\search.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_finance.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\linkedin.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yandex.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\9gag.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_search.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nfl.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nba.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\chrome.packed.7z (1350297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\weather_channel.ico (5593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yelp.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\pinterest.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\msn.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\cnn.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\netflix.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bestbuy.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\5E9C2970-6314-4954-8027-EE832E378B1\5E9C2970-6314-4954-8027-EE832E378B1.exe (14988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\setup.exe (37305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_translate.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\kayak.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ted.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\prefs (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\huffingtonpost.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\icon.json (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\tripadvisor.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\walmart.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\facebook.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_plus.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (306422 bytes)
\\XP3\PIPE\srvsvc (72 bytes)
%System%\drivers\ififon.sys (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\gmail.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\espn.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\wikipedia.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nytimes.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ikea.ico (2993 bytes)
%WinDir%\Tasks\5E9C2970-6314-4954-8027-EE832E378B1.job (1380 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\agoda.ico (1921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].004 (3959285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\booking.com.ico (1601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bing.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_news.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\theguardian.ico (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\twitter.ico (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bbc.ico (1588 bytes)
C:\totalcmd\TOTALCMD.EXE (1728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\reddit.ico (1917 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mdqxyy.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].005 (3959285 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].003 (3959285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].002 (3959285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].001 (3959285 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\etsy.ico (3913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\mail_live_msn.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\groupom.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_mail.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\forbes.ico (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\tumblr.ico (1592 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\gizmodo.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\imdb.ico (2993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ebay.ico (1913 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\target.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\mail.ru.ico (1909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\hotels.com.ico (1601 bytes)

The Worm deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\2103.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winpbyvx.exe (0 bytes)
%System%\drivers\ififon.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mdqxyy.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (0 bytes)
C:\157df4 (0 bytes)

Registry activity

The process setup.exe:2020 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 A6 71 EC 25 2A 80 74 55 BA 11 4D 9E 1A 17 22"

[HKLM\SOFTWARE\Crossbrowse\Installer]
"ap" = "-stage:preconditions"
"InstallerExtraCode1" = "1"

The process 5E9C2970-6314-4954-8027-EE832E378B1.exe:2356 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C C8 0E B4 24 17 74 52 36 AB 67 6B A7 0A 0A 95"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1676 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a1_0" = "3299283285"

[HKCU\Software\Aas\695404737]
"35845605" = "143"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas\695404737]
"50183847" = "7439D18CF99ADB97C70A1EA4EA1DDEB3A46AF9AF9995ACD22104A39789171EB3633818AD029260106FF7F47FE0DE6244028206B85FFFAD226E9742031F5914A424C8AAD11CCC09A683D5C288F7B6E1F47648BB6509895D8CEFEAA4FC96A6440B61FA7545CEB6A4B60F5D6273763CD021B75224603D4E837AD74FFC1C93A050D600"
"43014726" = "0400687474703A2F2F38392E3131392E36372E3135342F746573746F352F00687474703A2F2F6B756B7574727573746E65743737372E696E666F2F686F6D652E67696600687474703A2F2F6B756B7574727573746E65743838382E696E666F2F686F6D652E67696600687474703A2F2F6B756B7574727573746E65743938372E696E666F2F686F6D652E67696600"

[HKCU\Software\Aas]
"a3_0" = "17001001"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas\695404737]
"14338242" = "0"
"7169121" = "1"

"21507363" = "0"
"28676484" = "30"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 05 89 54 11 EB A2 5E 4D 7E 12 6C C3 99 82 F3"

[HKCU\Software\Aas]
"a2_0" = "9832"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_0" = "0"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Task Manager is disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = "1"

The process 2103.exe:628 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas\695404737]
"35845605" = "143"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas\695404737]
"50183847" = "7439D18CF99ADB97C70A1EA4EA1DDEB3A46AF9AF9995ACD22104A39789171EB3633818AD029260106FF7F47FE0DE6244028206B85FFFAD226E9742031F5914A424C8AAD11CCC09A683D5C288F7B6E1F47648BB6509895D8CEFEAA4FC96A6440B61FA7545CEB6A4B60F5D6273763CD021B75224603D4E837AD74FFC1C93A050D600"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "Tempo"

[HKCU\Software\Aas\695404737]
"43014726" = "0400687474703A2F2F38392E3131392E36372E3135342F746573746F352F00687474703A2F2F6B756B7574727573746E65743737372E696E666F2F686F6D652E67696600687474703A2F2F6B756B7574727573746E65743838382E696E666F2F686F6D652E67696600687474703A2F2F6B756B7574727573746E65743938372E696E666F2F686F6D652E67696600"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Aas\695404737]
"7169121" = "1"

"21507363" = "0"

"28676484" = "30"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\CrossBrowser]
"Installation" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 13 2B 25 9C 8D 27 31 47 A2 0C B6 E7 68 51 F3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3843]
"setup.exe" = "Crossbrowse Installer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"2103.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\2103.exe:*:Enabled:ipsec"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Task Manager is disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = "1"

The Worm deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SOFTWARE\Tempo]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]

The Worm deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot]
"AlternateShell"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
"(Default)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
"(Default)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
"(Default)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"(Default)"

[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
"(Default)"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Worm's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

Company Name:
Product Name:
Product Version: 106.0.0.0
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 106.0.0.0
File Description:
Comments:
Language: English (Canada)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 1402020 1402368 4.61892 dcdd6299058a61363a4d7c8043dc8ad7
.rdata 1409024 390008 390144 3.89091 3d508491e59ebc94946ac8ed199374ae
.data 1802240 77832 59904 1.9413 9f5084a85f32b370134f28614a6a5d5b
.rsrc 1884160 38128 38400 4.70907 be853f03196c79148223e487bc575344
.reloc 1925120 135168 133632 5.26658 78dba4cbf75ac59516595194f3e94aa0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://54.231.80.194/utility.gif?report=fdata&f=4&c=003078&i=310&n=install_browser_all_thread_ended_success&ibic=c19896ec7e9e03178c69df00cf794bd4&rnd=3081
hxxp://err.ewebdomrec.com/utility.gif?report=fdata&f=4&c=003078&i=310&n=install_browser_all_thread_ended_success&ibic=c19896ec7e9e03178c69df00cf794bd4&rnd=3081


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /utility.gif?report=fdata&f=4&c=003078&i=310&n=install_browser_all_thread_ended_success&ibic=c19896ec7e9e03178c69df00cf794bd4&rnd=3081 HTTP/1.1
Accept: */*
Host: err.ewebdomrec.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: tMHUO9Cp5i5mDdWmdY6fe7vK7fSduQQ1Un7JqK80 q8Nk3HCaHWowNMaanLsU2NtvqPonGRvvlM=
x-amz-request-id: 9EAE0A300A8C60F6
Date: Sun, 15 Nov 2015 04:10:28 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Sun, 03 May 2015 14:28:48 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;..

The Worm connects to the servers at the folowing location(s):

2103.exe_628:

.text
.rdata
.data
.rsrc
@.reloc
.EKSWU
Montgomery Multiplication for x86, CRYPTOGAMS by <[email protected]>
SHA1 block transform for x86, CRYPTOGAMS by <[email protected]>
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
DlSHA512 block transform for x86, CRYPTOGAMS by <[email protected]>
FtPS
6-9'6-9'
$6.:$6.:
*?#1*?#1
>8$4,8$4,
AES for x86, CRYPTOGAMS by <[email protected]>
f;F.sA
f;H.sA
L$8f;P.sF3
.6.78.9:;
B.CDEFFG
j.Yf;
_tcPVj@
.PjRW
inflate 1.2.7 Copyright 1995-2012 Mark Adler
NRSA part of OpenSSL 1.0.0k 5 Feb 2013
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
RSA PUBLIC KEY
passed a null parameter
DSO support routines
x509 certificate routines
error:lX:%s:%s:%s
unsupported type
unsupported recpientinfo type
unsupported recipient type
unsupported kek algorithm
unsupported content type
unsupported compression algorithm
signer certificate not found
private key does not match certificate
no public key
no private key
no msgsigdigest
no key or cert
no key
not supported for this key type
not key transport
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest error
invalid key length
invalid encrypted key length
error setting key
error getting public key
certificate verify error
certificate has no keyid
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add0_recipient_key
CMS_add0_cert
unsupported requestorname type
no certificates in chain
error parsing url
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_cert_id_new
unimplemented public key method
invalid cmd number
invalid cmd name
failed loading public key
failed loading private key
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
unsupported version
unsupported md algorithm
invalid signer certificate purpose
ess signing certificate error
ess add signing cert error
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
functionality not supported
WIN32_JOINER
unsupported pkcs12 mode
key gen error
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_add_localkeyid
unsupported option
unable to get issuer keyid
policy syntax not currently supported
operation not defined
no proxy cert policy language defined
no issuer certificate
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
unsupported cipher type
unable to find certificate
signing not supported for this key type
operation not supported on this type
no recipient matches key
no recipient matches certificate
encryption not supported for this key type
decrypted key is wrong length
PKCS7_add_certificate
unsupported method
no port specified
no port defined
no accept port specified
broken pipe
BIO_get_port
ECDH_compute_key
data too large for key size
unsupported field
passed null parameter
not a supported NIST prime
missing private key
keys not set
invalid private key
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
o2i_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
EC_KEY_print_fp
EC_KEY_print
EC_KEY_new
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
d2i_ECPrivateKey
zlib not supported
wrong public key type
unsupported public key type
unsupported encryption algorithm
unsupported cipher
unsupported any defined by type
unknown public key type
unable to decode rsa private key
unable to decode rsa key
streaming not supported
private key header missing
digest and key type not supported
bad password read
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PrivateKey
d2i_AutoPrivateKey
unsupported algorithm
unknown key type
unable to get certs public key
public key encode error
public key decode error
no cert set for us to verify
method not supported
loading cert dir
key values mismatch
key type mismatch
cert already in hash table
cant check dh key
X509_verify_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_check_private_key
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
unsupported key components
unsupported encryption
read key
public key no rsa
problems getting password
keyblob too short
keyblob header parse error
expecting public key blob
expecting private key blob
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
unsupported salt type
unsupported private key algorithm
unsupported prf
unsupported key size
unsupported key derivation function
unsupported keylength
unsuported number of rounds
public key not rsa
private key encode error
private key decode error
operaton not initialized
operation not supported for this keytype
no operation set
no key set
keygen failure
invalid operation
expecting a ec key
expecting a ecdsa key
expecting a dsa key
expecting a dh key
expecting an rsa key
different key types
ctrl operation not implemented
command not supported
camellia key setup failed
bn pubkey error
bad key length
aes key setup failed
PKEY_SET_TYPE
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
GENERATE_KEY
COMPUTE_KEY
rsa operations not supported
key size too small
invalid keybits
illegal or unsupported padding mode
digest too big for rsa key
data too small for key size
RSA_generate_key
RSA_check_key
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
Big Number part of OpenSSL 1.0.0k 5 Feb 2013
ssl_sess_cert
ssl_cert
evp_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
pubkey
PEM part of OpenSSL 1.0.0k 5 Feb 2013
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
TRUSTED CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
enc_key
key_enc_algor
cert
d.encrypted
d.digest
d.signed_and_enveloped
d.enveloped
d.sign
d.data
d.other
NETSCAPE_CERT_SEQUENCE
certs
.\crypto\pem\pem_pkey.c
X509_PUBKEY
public_key
.\crypto\asn1\x_pubkey.c
DSA part of OpenSSL 1.0.0k 5 Feb 2013
priv_key
pub_key
.\crypto\ec\ec_key.c
EC_PRIVATEKEY
publicKey
privateKey
value.implicitlyCA
value.parameters
value.named_curve
p.char_two
p.prime
p.ppBasis
p.tpBasis
p.onBasis
p.other
lhash part of OpenSSL 1.0.0k 5 Feb 2013
Stack part of OpenSSL 1.0.0k 5 Feb 2013
RAND part of OpenSSL 1.0.0k 5 Feb 2013
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
value.single
value.set
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
EVP part of OpenSSL 1.0.0k 5 Feb 2013
?456789:;<=
!"#$%&'()* ,-./0123
supportedAlgorithms
crossCertificatePair
certificateRevocationList
cACertificate
userCertificate
userPassword
supportedApplicationContext
Microsoft Local Key set
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
certificateIssuer
certicom-arc
Proxy Certificate Information
proxyCertInfo
Microsoft Smartcardlogin
msSmartcardLogin
joint-iso-itu-t
JOINT-ISO-ITU-T
set-rootKeyThumb
setAttr-Cert
setCext-cCertRequired
setCext-certType
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertResData
setct-CertReqTBS
setct-CertReqData
setct-PCertResTBS
setct-PCertReqData
setct-AcqCardCodeMsg
certificate extensions
set-certExt
set-msgExt
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-mod-msg-v3
sdsiCertificate
x509Certificate
localKeyID
certBag
pkcs8ShroudedKeyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
extendedKeyUsage
X509v3 Authority Key Identifier
authorityKeyIdentifier
X509v3 Certificate Policies
certificatePolicies
X509v3 Private Key Usage Period
privateKeyUsagePeriod
X509v3 Key Usage
keyUsage
X509v3 Subject Key Identifier
subjectKeyIdentifier
Netscape Certificate Sequence
nsCertSequence
Netscape CA Policy Url
nsCaPolicyUrl
Netscape Renewal Url
nsRenewalUrl
Netscape CA Revocation Url
nsCaRevocationUrl
Netscape Revocation Url
nsRevocationUrl
Netscape Base Url
nsBaseUrl
Netscape Cert Type
nsCertType
Netscape Certificate Extension
nsCertExt
extendedCertificateAttributes
challengePassword
dhKeyAgreement
name.relativename
name.fullname
certificateHold
Certificate Hold
cessationOfOperation
Cessation Of Operation
keyCompromise
Key Compromise
%*s%s:
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
ASN.1 part of OpenSSL 1.0.0k 5 Feb 2013
d.registeredID
d.iPAddress
d.uniformResourceIdentifier
d.ediPartyName
d.directoryName
d.dNSName
d.rfc822Name
d.otherName
AUTHORITY_KEYID
keyid
cert_info
Diffie-Hellman part of OpenSSL 1.0.0k 5 Feb 2013
PKCS8_PRIV_KEY_INFO
pkey
pkeyalg
.\crypto\evp\evp_pkey.c
EC part of OpenSSL 1.0.0k 5 Feb 2013
USER32.DLL
NETAPI32.DLL
KERNEL32.DLL
ADVAPI32.DLL
\X
MD5 part of OpenSSL 1.0.0k 5 Feb 2013
%s: (%d bit)
Public-Key
Private-Key
recommended-private-length: %d bits
public-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
Public-Key: (%d bit)
Private-Key: (%d bit)
ddddddZ
ddddddZ
%d.%d.%d.%d
<unsupported>
IP Address:%d.%d.%d.%d
URI:%s
DNS:%s
email:%s
EdiPartyName:<unsupported>
X400Name:<unsupported>
othername:<unsupported>
SHA1 part of OpenSSL 1.0.0k 5 Feb 2013
SHA-256 part of OpenSSL 1.0.0k 5 Feb 2013
SHA-512 part of OpenSSL 1.0.0k 5 Feb 2013
%d.%d.%d.%d/%d.%d.%d.%d
X509_CERT_PAIR
X509_CERT_AUX
X.509 part of OpenSSL 1.0.0k 5 Feb 2013
x%s
%s - d:d:d%.*s %d%s
.\crypto\dh\dh_key.c
'() ,-./:=?
%lu:%s:%s:%d:%s
Verifying - %s
ECDSA part of OpenSSL 1.0.0k 5 Feb 2013
Basis Type: %s
Field Type: %s
ASN1 OID: %s
%s %s%lu (%s0x%lx)
keylen <= sizeof key
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
%*sPolicy Text: %s
%*scrlUrl:
EXTENDED_KEY_USAGE
%*sZone: %s, User:
.\crypto\x509v3\v3_akey.c
d.usernotice
d.cpsuri
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sNumber%s:
%*sOrganization: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
keyCertSign
Certificate Sign
keyAgreement
Key Agreement
keyEncipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
CONF part of OpenSSL 1.0.0k 5 Feb 2013
PROXY_CERT_INFO_EXTENSION
hexkey
rsa_keygen_pubexp
rsa_keygen_bits
keylength
keyfunc
d.receiptList
d.allOrFirstTier
d.compressedData
d.authenticatedData
d.encryptedData
d.digestedData
d.envelopedData
d.signedData
d.ori
d.pwri
d.kekri
d.kari
d.ktri
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyIdentifier
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
keyAttr
keyAttrId
CMS_KeyTransRecipientInfo
encryptedKey
keyEncryptionAlgorithm
certificates
d.crl
d.subjectKeyIdentifier
d.issuerAndSerialNumber
CMS_CertificateChoices
d.v2AttrCert
d.v1AttrCert
d.extendedCertificate
d.certificate
CMS_OtherCertificateFormat
otherCert
otherCertFormat
len>=0 && len<=(int)sizeof(ctx->key)
j <= (int)sizeof(ctx->key)
.\crypto\pkcs12\p12_key.c
crlUrl
certStatus
certId
OCSP_CERTSTATUS
value.unknown
value.revoked
value.good
value.byKey
value.byName
reqCert
OCSP_CERTID
issuerKeyHash
CONF_def part of OpenSSL 1.0.0k 5 Feb 2013
[[%s]]
[%s] %s=%s
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
ECDH part of OpenSSL 1.0.0k 5 Feb 2013
value.bag
value.safes
value.shkeybag
value.keybag
value.sdsicert
value.x509cert
value.other
%s.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
Visual C   CRT: Not enough memory to complete call to strerror.
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.8.8.2
CREATE TEMP TABLE sqlite_temp_master(
ShellExecuteExW
RegOpenKeyTransactedW
1.2.1
Invalid HTTP(S) status code
InternetCrackUrlW
HttpQueryInfoW
InternetCrackUrl Failed
port
HttpOpenRequest Failed
HttpSendRequest Failed with:
HttpQueryInfo Failed
HttpQueryInfoA
httpCode
SHFileOperation
SQLITE_
d-d-d d:d:d
d:d:d
d-d-d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
RowKey
GetProcessHeap
os_win.c:%d: (%lu) %s(%s) - %s
delayed %dms for lock/sharing conflict
%s-shm
%s%c%s
recovered %d pages from %s
recovered %d frames from WAL file %s
cannot limit WAL size: %s
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
unknown database %s
%s(%d)
%s-mjXXXXXX9XXz
MJ delete: %s
MJ collide: %s
-mjX9X
FOREIGN KEY constraint failed
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
zeroblob(%d)
FOREIGN KEY
abort at %d in [%s]: %s
%s constraint failed: %s
%s constraint failed
cannot open savepoint - SQL statements in progress
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
cannot change %s wal mode from within a transaction
database table is locked: %s
statement aborts at %d: [%s] %s
cannot open value of type %s
cannot open virtual table: %s
cannot open table without rowid: %s
cannot open view: %s
no such column: "%s"
foreign key
indexed
cannot open %s column for writing
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
%s prohibited in partial index WHERE clauses
%s prohibited in CHECK constraints
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
EXECUTE %s%s SUBQUERY %d
hex literal too big: %s
misuse of aggregate: %s()
%.*s"%w"%s
%s%.*s"%w"
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_parent
%s OR name=%Q
type='trigger' AND (%s)
sqlite_
table %s may not be altered
there is already another table or index with this name: %s
view %s may not be altered
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_stat1
sqlite_stat3
sqlite_stat4
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE %s=%Q
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
%s cannot use variables
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
PRIMARY KEY missing on table %s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
sqlite_stat%d
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
cannot create a TEMP index on non-TEMP table "%s"
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_%s_%d
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
%s.%s
%s.rowid
unable to identify the object to be reindexed
duplicate WITH table name: %s
no such collation sequence: %s
table %s may not be modified
cannot modify %s because it is a view
sqlite_version
sqlite_source_id
sqlite_log
sqlite_compileoption_used
sqlite_compileoption_get
foreign key mismatch - "%w" referencing "%w"
table %S has no column named %s
table %S has %d columns but %d values were supplied
%d values for %d columns
sqlite3_extension_init
unable to open shared library [%s]
sqlite3_
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
defer_foreign_keys
foreign_key_check
foreign_key_list
foreign_keys
*** in database %s ***
NULL value in %s.%s
unsupported encoding: %s
malformed database schema (%s)
%s - %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
column%d
%s:%d
SELECTs to the left and right of %s do not have the same number of result columns
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
no such index: %s
multiple references to recursive table: %s
circular reference: %s
table %s has %d values for %d columns
multiple recursive references: %s
recursive reference in a subquery: %s
sqlite_sq_%p
too many references to "%s": max 65535
%s.%s.%s
no such table: %s
SCAN TABLE %s%s%s
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
automatic index on %s(%s)
table %s: xBestIndex returned an invalid plan
ANY(%s)
SUBQUERY %d
TABLE %s
AS %s
PRIMARY KEY
COVERING INDEX %s
INDEX %s
USING INTEGER PRIMARY KEY
VIRTUAL TABLE INDEX %d:%s
%s.xBestIndex() malfunction
at most %d tables in a join
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
SQL logic error or missing database
unknown operation
large file support is disabled
unknown database: %s
no such %s mode: %s
%s mode not allowed: %s
no such vfs: %s
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
no such table column: %s.%s
Mozilla\Mozilla Firefox
fallbackurl
downloadStub_thread_error_download_cr_exception_%s
downloadStub_thread_error_download_exception_%d
"--installerdata={{path}}\prefs" "--install-archive={{path}}\chrome.packed.7z" "--system-level"
hotkeys
uninstaller_url
make_chrome_default_for_user
make_chrome_default
&report=cberr
statsUrl
jsUrl
searchUrl
jsUrlfallback
searchUrlfallback
checkurl
C:\container\crossbrowse\installer\output\release\CrossriderBrowserInstaller.pdb
IPHLPAPI.DLL
USERENV.dll
HttpOpenRequestW
HttpSendRequestW
WININET.dll
PSAPI.DLL
RPCRT4.dll
KERNEL32.dll
EnumWindows
EnumChildWindows
USER32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
ReportEventA
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
GetCPInfo
zcÁ
.vX<5
e.XG.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>
6m6W6j6y6
00j0
: :$:(:';
2-4h4l4p4t4x4|4
; ;$;(;,;
9Ÿ9
7"8(8,80848
"0(0,00040
? ?$?(?,?0?4?8?<?
1$1,141<1
8 8<8@8`8
SHELL32.DLL
ShellExecuteA
2103.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3843\prefs
ube.ico
.reloc
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\2103.exe
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
@p://VVV.mylatestcreation.com/images/xs.jpg
hXXp://VVV.servetreklam.com/logof.gif
hXXp://nasr-mobtakeran.com/images/xs.jpg
hXXp://netshivhumbetraders.co.za/pics/logos.gif
hXXp://VVV.parsianparto.com/images/xs.jpg
hXXp://noralvasanchez.com/s.jpg
hXXp://sevgikresi.net/logof.gif
hXXp://nlcfoundation.org/images/xs.jpg
hXXp://natufarma.net/imagens/logof.gif
hXXp://68.168.222.206/logos.gif
.JVXT
<@.HT?`
hXXp://89.11;
.info/home.gifv*y
h.rda
[email protected]{WiN8
Bkrnl.exe
.klkjw:9fqwielul
sc.pBTab
Bfig%s:*:
AD.EXE
&?%x=
@<pUSj.DLL
\\.\W
GUrlA''
\'Web%w
HTTPA
.ENHCDMTV
PL/KPCKwWEB
.SEdAUD
MSVCRT.dll
WS2_32.dll
SHFileOperationA
combase.dll
.mscoree.dll
kernel32.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
portuguese-brazilian
%X-%X-%X-%X%X-%X%X%X%X%X%X
%s\%s
Advapi32.dll
6|>')=0'
error_ScheduleTaskAsUser_get_Triggers_logon_%d
error_ScheduleTaskAsUser_QueryInterface_logon_%d
error_ScheduleTaskAsUser_get_Triggers_time_%d
error_ScheduleTaskAsUser_QueryInterface_daily_%d
error_ScheduleTaskAsUser_get_Repetition_%d
PT%dH
%s\%s.lnk
^>/3:?#9
%s\Desktop
%s\Google\Chrome\User Data\Profile %d\Extensions\bmagokdooijbeehmkpknfglimnifench
W%d.%d.%d.%d
%d.%d (%d)
130,235,21,80
%s%i=
%s%s\
X:X:X:X:X:X
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWEFJQkFBS0JnUURJSmtBVlJGT2tqM0VCdXp1aEdZMU1ueDBpTEd0NG5IZ0FZRzcxUTZ5NHhzRUhQQjJiCmdXZTN3QXdPejV5WGRwZm1ZbHdQa051SFMrbmNlMEEwYmt2bUZDekJCRUJkYnM1SGN1UFA5eWJMTS8vWHpEakcKRDVoZlVydHdwUjNKb1p2OFhqQW9SV1A1ZEwvVjVHa0F4ekp6cE42L1B4ck5qcW9iT2dqYk9QRlQ1UUlCQXdLQgpnUUNGYnRWamd1SnR0UFlCSjMwV0VRamR2MmpCY3ZKUWFGQUFRRW40MThoN0x5dGFLQk85QU8vUDFWMWZOUk1QCnBHVkVRWksxQ3owRTNVYVMvTlY0U1lmdGlBN0lUbXBmSVhrMFFQUWp0ajF5TWdRaVRScTREeS9rVGp1N0p3bHoKV0VTL3VEelVCNkp4c3dWdS9vQ3ZGZ2MvZVVLZjlhVUJKYW1JeWU2YldTdkdhd0pCQVArMzQ2bTZ1RFFldDk2RgpodjY0WmlGR2JuYTNIelk0MEJXOXdWL0d6dDlNdUhtb1l4QjdyY00zZVNtMS85VHhxN2JIR0t3VTQrN1hVYnBiCnhHL1pRdmtDUVFESVhyRGs1aGFJZWNFeThCTm5Fam5Ic3pYaDJaTENsN2pIcEJhS3lNMjk2Q1JRTEljcGRLRWwKQURZODhmcFJOZWk0TTdhaWptZm5WSHhReHkzRFZtZE5Ba0VBcW5xWHhueDZ6V25QNmE1Wi95V1phNFJKcEhvVQp6dENLdVNrcmxTODBsTjNRVVJyc3RhZkpMTSttRzg2cWpmWnllZG9RY3JpWDlJK0wwWktDOVR1Qit3SkJBSVdVCmRlM3V1YkJSSzNkS3Q1b01Kb1VpSSt2bVlkY1AwSVVZRHdjd2lTbEZiWXJJV2h1akZoaXF6dE5ML0RZajhIck4KSkd4ZTcrK05xRFhhSG9JNW1qTUNRQnpOZTZvT0JENWFwODRKMzNxNTZoMjVKaWNsdGM4bkloU1lYN0xLMkY2QgpMTTgvQ2NLNFlRZjVnQjR1US9Mc2RoV3YveWZOUHh5M1oxMk9DWktxdEtVPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
%d:f4b82c
%s %s
%ddd
'p%Xh9g
%s\Google Chrome
106.0.0.0

2103.exe_628_rwx_005E6000_00011000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
2103.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3843\prefs
ube.ico
.reloc
.text
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\2103.exe
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
@p://VVV.mylatestcreation.com/images/xs.jpg
hXXp://VVV.servetreklam.com/logof.gif
hXXp://nasr-mobtakeran.com/images/xs.jpg
hXXp://netshivhumbetraders.co.za/pics/logos.gif
hXXp://VVV.parsianparto.com/images/xs.jpg
hXXp://noralvasanchez.com/s.jpg
hXXp://sevgikresi.net/logof.gif
hXXp://nlcfoundation.org/images/xs.jpg
hXXp://natufarma.net/imagens/logof.gif
hXXp://68.168.222.206/logos.gif
.JVXT
<@.HT?`
hXXp://89.11;
.info/home.gifv*y
h.rda
[email protected]{WiN8
Bkrnl.exe
.klkjw:9fqwielul
sc.pBTab
Bfig%s:*:
AD.EXE
&?%x=
@<pUSj.DLL
\\.\W
GUrlA''
\'Web%w
HTTPA
.ENHCDMTV
PL/KPCKwWEB
.SEdAUD
ADVAPI32.dll
MSVCRT.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
SHFileOperationA

2103.exe_628_rwx_00C00000_0108E000:

c:\windows
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
%System%\drivers\ififon.sys
14021402564
SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.reloc
.text
h.rdata
H.data
ntoskrnl.exe
Opera/9.50 (Windows NT 6.0; U; en)
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://kukutrustnet777888.info/
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\ShellNoRoam\MUICache
%s:*:Enabled:ipsec
NOTEPAD.EXE
WINMINE.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
GdiPlus.dll
hXXp://
hXXp://klkjwre77638dfqwieuoi888.info/
ipfltdrv.sys
VVV.microsoft.com
?%x=%d
&%x=%d
SYSTEM.INI
USER32.DLL
.%c%s
\\.\amsint32
NTDLL.DLL
autorun.inf
ADVAPI32.DLL
win%s.exe
%s.exe
WININET.DLL
InternetOpenUrlA
avast! Web Scanner
Avira AntiVir Premium WebGuard
BackWeb Plug-in - 4476822
cmdGuard
cmdAgent
Eset HTTP Server
ProtoPort Firewall service
SpIDer FS Monitor for Windows NT
Symantec Password Validation
tcpsr
WebrootDesktopFirewallDataService
WebrootFirewall
%d%d.tmp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
%s\%s
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Explorer.exe
ASHWEBSV.
DRWEB32W.
DRWEBSCD.
DRWEBUPW.
DWEBLLIO
DWEBIO
FSGUIEXE.
MCVSSHLD.
NPFMSG.
SYMSPORT.
WEBSCANX.
WEBTRAP.
.adata
M_%d_
%c%d_%d
?456789:;<=
!"#$%&'()* ,-./0123
GetWindowsDirectoryA
GetProcessHeap
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
SHFileOperationA
&3&3&3&389
.rdata
.data
Bkrnl.exe
.klkjw:9fqwielul
sc.pBTab
Bfig%s:*:
AD.EXE
&?%x=
@<pUSj.DLL
\\.\W
GUrlA''
\'Web%w
HTTPA
.ENHCDMTV
PL/KPCKwWEB
.SEdAUD
ADVAPI32.dll
MSVCRT.dll
SHELL32.dll
USER32.dll
WS2_32.dll

2103.exe_628_rwx_024A0000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.reloc
.text

setup.exe_2020:

.text
`.rdata
@.data
.rsrc
@.reloc
tEHt.Ht
PSSSSSSh
:.texu
j.Yf;
_tcPVj@
.PjRW
c:\container\chromium\src\chrome\installer\setup\archive_patch_helper.cc
c:\container\chromium\src\chrome\installer\setup\install.cc
Adding Chrome to Media player list at
Could not add Chrome to media player inclusion list.
Logo='%2$ls\Logo.png'
SmallLogo='%2$ls\SmallLogo.png'
<SplashScreen Image='%2$ls\splash-620x300.png'/>
Registering Chrome as browser:
c:\container\chromium\src\chrome\installer\setup\install_worker.cc
Chrome Frame in use. Copying to new_chrome.exe
FUnexpected result creating CommandExecuteImpl; hr=0x
Adding unregistration items for DelegateExecute verb handler in
No DelegateExecute verb handler processing to do for
Adding registration items for DelegateExecute verb handler.
not supported.
c:\container\chromium\src\chrome\installer\setup\setup_main.cc
Renaming of executables failed. Rolling back any changes.
Upgrading existing Chrome browser in multi-install mode.
Launching existing system-level chrome instead.
is supported for user-level only.
Tried and failed to launch Metro Chrome.
was found, as a last resort (if the product is not present in Add/Remove Programs), try executing:
Aborting operation: another installation of
setup.exe patching failed.
chrome_install:
Can't register browser - Chrome distribution not found
Chrome product not found.
Uninstalling multi-install Chrome Frame.
Uninstallation of Chrome Frame returned status
Chrome Frame not found for uninstall.
Installing Chrome from compressed archive
Cannot install Chrome without an uncompressed archive.
Chrome only supports Windows XP or later.
Non admin user can not install system level Chrome.
c:\container\chromium\src\chrome\installer\setup\setup_util.cc
Looking for Chrome version folder under
0.0.0.0
single-install Chrome.
multi-install Chrome binaries.
chrome-frame
migrate-chrome-frame
c:\container\chromium\src\chrome\installer\setup\uninstall.cc
Keeping setup.exe due to a remaining
Removing setup.exe.
DeleteChromeFilesAndFolders: no installation destination
Launching Chrome to do uninstall tasks.
chrome.exe launched for uninstall confirmation returned:
Failed to launch chrome.exe for uninstall confirmation.
NTUSER.DAT
Failed to delete key at
Retargeting user-generated Chrome shortcuts.
Retarget failed: system-level Chrome not found.
Closing the Chrome Frame helper process
Uninstallation complete. Launching post-uninstall operations.
setup.exe is not in target path. Skipping installer cleanup.
c:\container\chromium\src\chrome\installer\util\lzma_util.cc
c:\container\chromium\src\chrome\installer\util\shell_util.cc
Could not make Chrome default browser (XP/current user).
Could not make Chrome default browser (XP/system level).
Registering Chrome as default browser on Vista.
c:\container\chromium\src\chrome\installer\util\product.cc
Failed to Open or Write MSI value to client state key. error:
c:\container\chromium\src\chrome\installer\util\installer_state.cc
It seems that chrome is being installed for the first time.
It seems that chrome is being over installed.
Failed opening key
c:\container\chromium\src\chrome\installer\util\master_preferences.cc
c:\container\chromium\src\chrome\installer\util\delete_after_reboot_helper.cc
Failed to open session manager key for writing.
c:\container\chromium\src\chrome\installer\util\install_util.cc
Deleting registry key
Failed to delete registry key:
Failed to parse an executable name from command line: "
auto-launch-chrome
chrome
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
auto_launch_chrome
chrome_shortcut_icon_index
import_bookmarks
import_bookmarks_from_file
import_history
import_home_page
import_search_engine
do_not_launch_chrome
make_chrome_default
make_chrome_default_for_user
extensions.settings
Cannot initialize an AppCommand from an invalid key.
c:\container\chromium\src\chrome\installer\util\app_command.cc
creating AppCommand registry key
c:\container\chromium\src\chrome\installer\util\conditional_work_item_list.cc
Cannot initialize AppCommands from an invalid key.
c:\container\chromium\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
Binaries are not installed, but Chrome is multi-install.
c:\container\chromium\src\chrome\installer\util\eula_util.cc
c:\container\chromium\src\chrome\installer\util\google_update_util.cc
c:\container\chromium\src\chrome\installer\util\installation_validator.cc
be web accessible
Chrome Binaries are missing "-multi" in channel name: "
Chrome Binaries are missing "chrome" in channel name:
Chrome Binaries have "-chrome" in channel name, yet Chrome is not installed: "
Chrome Binaries are missing "-chromeframe" in channel name: "
Chrome Binaries have "-chromeframe" in channel name, yet Chrome Frame is not installed multi: "
Chrome App Launcher is installed in non-multi mode.
Chrome Binaries are missing "-applauncher" in channel name: "
Chrome Binaries have "-applauncher" in channel name, yet Chrome App Launcher is not installed: "
Chrome Binaries are present with no other products.
Chrome Binaries are present yet Chrome is not multi-install.
yet Chrome Frame is not multi-install.
Chrome Binaries are present without Chrome nor App Launcher
Chrome.
installed without Chrome Binaries or a system-level
without Chrome Binaries.
) does not match that of Chrome Binaries (
has an unsupported usagestats value (
Chrome App Launcher must always be multi-install.
c:\container\chromium\src\chrome\installer\util\self_cleaning_temp_dir.cc
c:\container\chromium\src\chrome\installer\util\user_experiment.cc
Experiment qualification bypass
c:\container\chromium\src\chrome\installer\util\channel_info.cc
googlechromeapphost
googlechromeframe
item execution failed
c:\container\chromium\src\chrome\installer\util\work_item_list.cc
list execution succeeded
NoRollbackWorkItemList: item execution failed
NoRollbackWorkItemList: list execution succeeded
c:\container\chromium\src\chrome\installer\util\copy_tree_work_item.cc
c:\container\chromium\src\chrome\installer\util\create_dir_work_item.cc
c:\container\chromium\src\chrome\installer\util\create_reg_key_work_item.cc
no key to create
c:\container\chromium\src\chrome\installer\util\delete_tree_work_item.cc
Acquired exclusive lock for key file:
Could not exclusively hold all key files.
c:\container\chromium\src\chrome\installer\util\delete_reg_key_work_item.cc
Failed to backup destination for registry key copy.
Failed to restore key in rollback.
c:\container\chromium\src\chrome\installer\util\delete_reg_value_work_item.cc
(delete value) Key:
c:\container\chromium\src\chrome\installer\util\move_tree_work_item.cc
c:\container\chromium\src\chrome\installer\util\self_reg_work_item.cc
0xX
COM registration export function not found
c:\container\chromium\src\chrome\installer\util\set_reg_value_work_item.cc
c:\container\chromium\src\chrome\installer\util\language_selector.cc
Failed getting info of key to backup, result:
c:\container\chromium\src\chrome\installer\util\registry_key_backup.cc
Failed getting name of subkey
Failed opening subkey "
Failed backing up subkey "
Failed creating subkey "
Failed writing subkey "
Failed to backup key at
Failed to open key at
Failed to create destination key at
Failed to write key data.
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
promo-server-url
proxy-bypass-list
proxy-pac-url
remember-cert-error-decisions
spelling-service-feedback-url
sync-url
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-port-selection
disable-save-password-bubble
disable-web-resources
enable-auth-negotiate-port
enable-npn-http
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
enable-website-settings-manager
explicitly-allowed-ports
extensions-not-webstore
ignore-urlfetcher-cert-requests
install-chrome-app
install-ephemeral-app-from-webstore
pack-extension-key
permission-request-api-url
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
profile.ephemeral_mode
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
session.startup_urls_migration_time
profile.exited_cleanly
profile.exit_type
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.custodian_profile_image_url
profile.managed.custodian_profile_url
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.second_custodian_email
profile.managed.second_custodian_name
profile.managed.second_custodian_profile_image_url
profile.managed.second_custodian_profile_url
profile.managed.shared_settings
session.startup_urls
session.urls_to_restore_on_startup
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
safebrowsing.enabled
safebrowsing.extended_reporting_enabled
safebrowsing.proceed_anyway_disabled
safebrowsing.incident_report_sent
safebrowsing.incidents_sent
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
net.network_prediction_options
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.ui.dismissed_adt_promo
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.default_browser_setting_enabled
browser.custom_chrome_frame
profile.default_content_settings
profile.override_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
enable_deprecated_web_platform_features
import_autofill_form_data
import_saved_passwords
profile.avatar_index
profile.using_default_name
profile.name
profile.using_default_avatar
profile.using_gaia_avatar
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
profile.reset_prompt_memento
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
gcm.channel_enabled
gcm.push_messaging_registration_count
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
easy_unlock.allowed
zerosuggest.cachedresults
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.version_fallback_min
ssl.cipher_suites.blacklist
ssl.ssl_record_splitting.disabled
ssl.ssl_blocking_bypassed
user_experience_metrics.reporting_enabled
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
profile.reset_prompt_mementos
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.page_load_count
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
browser.window_placement_popup
task_manager.window_placement
browser.app_window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
download.open_pdf_in_adobe_reader
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_open_tabs
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.password_hash
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
remote_access.host_allow_relayed_connection
remote_access.host_udp_port_range
printing.print_preview_sticky_settings
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.always_on_search_enabled
hotword.audio_logging_enabled
hotword.previous_language
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.allow_cross_origin_prompt
async_dns.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.policy.registered_protocol_handlers
custom_handlers.policy.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
message_center.show_icon
message_center.was_forced_on_taskbar
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.max_separation_for_gesture_touches_in_pixels
gesture.semi_long_press_time_in_seconds
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launcher.drive_app_mapping
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_version
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
proxy.quick_check_enabled
profile.browser_guest_enabled
profile.add_person_enabled
easy_unlock.hardlock_state
chrome.googleechotest.com
%s\%s
clients1.google.com
Mozilla/4.0 (compatible; Win32)
c:\container\chromium\src\courgette\assembly_program.cc
32 bit executables are not supported by this disassembler
Resource-only executables are not yet supported
.relocs outside image
.relocs block outside image
64 bit executables are not supported by this disassembler
Not an executable file or shared library
Not a supported architecture
c:\container\chromium\src\courgette\disassembler_elf_32.cc
Skipping relocation entry for unsupported section:
c:\container\chromium\src\crypto\secure_hash_default.cc
SHELL32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
\uX
RegDeleteKeyExW
advapi32.dll
PlatformFile.UnknownErrors.Windows
Windows NT
%d.%d
user32.dll
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
0123456789
Dictionary keys must be quoted.
Unsupported encoding. JSON must be UTF-8.
Line: %i, column: %i, %s
C:\container\chromium\src\out\Release\setup.exe.pdb
ShellExecuteExW
SHFileOperationW
ShellExecuteW
VERSION.dll
WS2_32.dll
WINMM.dll
UrlCanonicalizeW
SHLWAPI.dll
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
GetWindowsDirectoryW
KERNEL32.dll
ole32.dll
OLEAUT32.dll
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
CreateURLMonikerEx
urlmon.dll
WTSAPI32.dll
USERENV.dll
GetProcessHeap
PeekNamedPipe
GetCPInfo
zcÁ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><ms_asmv2:trustInfo xmlns="urn:schemas-microsoft-com:asm.v3" xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2"><ms_asmv2:security><ms_asmv2:requestedPrivileges><ms_asmv2:requestedExecutionLevel xmlns:ms_asmv3="urn:schemas-microsoft-com:asm.v3" level="asInvoker" ms_asmv3:uiAccess="false"></ms_asmv2:requestedExecutionLevel></ms_asmv2:requestedPrivileges></ms_asmv2:security></ms_asmv2:trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS></application></compatibility></assembly>
0 0$0(0,000
2%3u3
=!=9=\={=
5*6r6%7S7
7 848]8'949
; ;0;9;`;
9-9C9}9
3!3,333<3
0 0$0(0,0004080
2$2(2,202
<$<(<.<2<
;%;,;1<8<
?0&152>2
4 40;<<@<
3 3$3(3,3034383<3
9 9$9(9,909
0 0$0(0,0004080<0
7 7$7(7,707
24,0,0,0
{6C288DD7-76FB-4721-B628-56FAC252E199}
Software\Classes\Interface\{0BA0D4E9-2259-4963-B9AE-A839F7CB7544}
Software\Classes\TypeLib\{7779FB70-B399-454A-AA1A-BAA850032B10}
Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}
ServerExecutable
BCommandExecuteImpl Class
.StubPath
ieframe.dll
\\.\pipe\GoogleCrashServices\
chrome.7z
chrome.packed.7z
VisualElementsManifest.xml
wow_helper.exe
Chrome-bin
%SystemRoot%\System32\rundll32.exe
..htm
.html
.xhtml
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
.DEFAULT\
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\CurrentVersion\App Paths
.shtml
.webp
https
webcal
URL Protocol
\.exe
DelegateExecute
Browser.Launch
\URLAssociations
\shell\open\ddeexec
" -- "%1"
GoogleChromeAutoLaunch
PendingFileRenameOperations
.binary_patching
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
app_host.exe
chrome.dll
chrome_child.dll
crossbrowse.exe
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
.HTML
IDR_OEMPG_EN.HTML
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
DMSHTML.DLL
chrome_installer.log
hXXp://VVV.google.com/chrome/intl/$1/welcomeback-new.html
-chrome
-chromeframe
DGoogle Chrome App Launcher
ChromeAppList
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
DGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{2A563926-CF4B-4363-A760-F71E46205B7E}
eSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Origin Bound Certs
Certificate Revocation Lists
Custom Dictionary.txt
Login Data
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
gcswf32.dll
pdf.dll
pepper/libppeffects.dll
Crash Reports
script.log
resources.pak
shell32.dll
Google\Chrome SxS
s{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}
Jmscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
Ndebug.log
.\debug.log
ASoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Software\Microsoft\Windows\CurrentVersion\Run
Chrome_MessagePumpWindow_%p
kernel32.dll
\StringFileInfo\xx\%ls
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3843\setup.exe
39.6.2171.95
The Crossbrowse AuthorsGCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.GCrossbrowse App Launcher is a standalone platform for Crossbrowse apps.
Crossbrowse (mDNS-In)qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.qInstallation failed due to unspecified error. If Crossbrowse is currently running, please close it and try again.
This computer already has a more recent version of Crossbrowse. If the software is not working, please uninstall Crossbrowse and try again.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.
rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.rThis computer already has a more recent version of the Crossbrowse components. Please use a more recent installer.
lar aplicacions al sistema. Proveu de tornar a executar l'instal
.sYou do not have appropriate rights for system-level installation. Try running the installer again as Administrator.nYou do not have appropriate rights for system-level install. Try running the installer again as Administrator.
n al nivel del sistema. Intenta ejecutar el instalador nuevamente como Administrador.uTeil ei ole s
.rNeturite reikiam
.rAnda tidak mempunyai hak wajar untuk pemasangan peringkat sistem. Cuba jalankan pemasang semula sebagai Pentadbir.
vel do sistema. Tente executar o instalador novamente como administrador.
vel do sistema. Tente executar o programa de instala
.cNem
vca.qNimate ustreznih pravic za namestitev na ravni sistema. Poskusite znova zagnati namestitveni program kot skrbnik.
.zDu har inte beh
r.uHuna haki zifaazo ili kufanya usakinishaji wa kiwango cha mfumo. Jaribu kutumia kisakinishi kama msimamiaji kompyuta.u
QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.QThe installer archive is corrupted or invalid. Please download Crossbrowse again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again.eA conflicting installation of Crossbrowse was found on the system. Please uninstall it and try again./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update./No installation of Crossbrowse found to update.ZAn operating system error occurred during installation. Please download Crossbrowse again.
ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.ZAn operating system error occurred during installation. Please download Crossbrowse again.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.DCrossbrowse requires Windows Vista or Windows XP with SP2 or higher.E
.yThe installer couldn't create a temporary directory. Please check for free disk space and permission to install software.yThe installer couldn't create a temporary directory. Please check for free disk space and permission to install software.
El instalador no pudo crear un directorio temporal. Verifique si hay espacio disponible en el disco y cuenta con permiso para instalar software.wInstallija ei suutnud luua ajutist kataloogi. Palun kontrollige vaba kettaruumi ja tarkvara installimise loa olemasolu.e
.xPemasang tidak dapat mencipta direktori sementara. Sila semak ruang cakera kosong dan kebenaran untuk memasang perisian.
NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.
NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.NThe installer failed to uncompress archive. Please download Crossbrowse again.
Web Browser
Navegador web
Web-preglednik
Browser web
Webov
Web Taray
Crossbrowse is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Crossbrowse.
CrossbrowseoCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.oCan not install the same Crossbrowse version that is currently running. Please close Crossbrowse and try again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.
PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.PInstallation failed due to unspecified error. Please download Crossbrowse again.

2103.exe_628_rwx_025B0000_00001000:

|2103.exeM_628_

setup.exe_2020_rwx_00A10000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.reloc
.text

setup.exe_2020_rwx_00A20000_00001000:

|setup.exeM_2020_

Explorer.EXE_1912_rwx_00FF0000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.reloc
.text

Explorer.EXE_1912_rwx_01E00000_00001000:

|explorer.exeM_1912_


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    5E9C2970-6314-4954-8027-EE832E378B1.exe:2356
    %original file name%.exe:1676

  2. Delete the original Worm file.
  3. Delete or disinfect the following files created/modified by the Worm:

    %Program Files%\Crossbrowse\Crossbrowse\Temp\source2020_8295\chrome.7z (22581 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2103.exe (14988 bytes)
    %WinDir%\system.ini (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\expedia.ico (1921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\priceline.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\winpbyvx.exe (15019 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\youtube.ico (3913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\skype.ico (1597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\amazon.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\search.ico (1917 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_finance.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\linkedin.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yandex.ico (1588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\9gag.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_search.ico (5593 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nfl.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nba.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\chrome.packed.7z (1350297 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\weather_channel.ico (5593 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yelp.ico (1597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\pinterest.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\msn.ico (1588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\cnn.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\netflix.ico (1909 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bestbuy.ico (3913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\5E9C2970-6314-4954-8027-EE832E378B1\5E9C2970-6314-4954-8027-EE832E378B1.exe (14988 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\setup.exe (37305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_translate.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\kayak.com.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ted.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\prefs (823 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\huffingtonpost.ico (1909 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\icon.json (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\tripadvisor.ico (1917 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\walmart.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\facebook.ico (3913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_plus.ico (1921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\crbrw.zip (306422 bytes)
    \\XP3\PIPE\srvsvc (72 bytes)
    %System%\drivers\ififon.sys (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\gmail.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\espn.ico (1588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\wikipedia.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\nytimes.ico (1921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ikea.ico (2993 bytes)
    %WinDir%\Tasks\5E9C2970-6314-4954-8027-EE832E378B1.job (1380 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\agoda.ico (1921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].004 (3959285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\booking.com.ico (1601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bing.ico (1597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\google_news.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\theguardian.ico (1597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\twitter.ico (1588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\bbc.ico (1588 bytes)
    C:\totalcmd\TOTALCMD.EXE (1728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\reddit.ico (1917 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mdqxyy.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].005 (3959285 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].003 (3959285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].002 (3959285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ie.zip[1].001 (3959285 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\etsy.ico (3913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\mail_live_msn.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\groupom.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\yahoo_mail.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\forbes.ico (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\tumblr.ico (1592 bytes)
    %Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\gizmodo.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\imdb.ico (2993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\ebay.ico (1913 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\target.ico (1909 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\mail.ru.ico (1909 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3843\Icons\hotels.com.ico (1601 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now