Multi-License Discount Quote

Change Region

English Español Português
Threat Database Potentially Unwanted Programs Crawler Toolbar
2 Comments

Crawler Toolbar

By Domesticus in Potentially Unwanted Programs
Translate To:

Threat Scorecard

Popularity Rank: 675
Threat Level: 50 % (Medium)
Infected Computers: 23,338
First Seen: August 31, 2010
Last Seen: May 15, 2026
OS(es) Affected: Windows

Crawler Toolbar is a toolbar that can be used to help you search the internet when intentionally installed. Crawler Toolbar has a loose privacy policy or end user license agreement (EULA) and is often installed by malware or other malicious programs. When inside a machine, Crawler Toolbar will display annoying adware and possibly install other spyware or malware. Crawler Toolbar will also deteriorate a systems performance while gathering internet related information which it later sends to a remote third-party. In not intentionally installed, have Crawler Toolbar removed from your system as soon as possible.

Aliases

7 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Prevx1 Heuristic: Suspicious Self Modifying File
Symantec Suspicious.Insight
F-Prot W32/HotBar.A.gen!Eldorado
McAfee+Artemis Suspect-29!878E643FA7BA
Panda Suspicious file
McAfee+Artemis Suspect-29!C12B6F467570
Authentium W32/Podnuha.B.gen!Eldorado

SpyHunter Detects & Remove Crawler Toolbar

File System Details

Crawler Toolbar may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. PCRxTray.exe 2cfd05bae80678ca16a0bb0f2c1f1e43 119
2. PCRx.exe b05742ed2c53fb76e81c9a17401aa1b0 107
More files

Registry Details

Crawler Toolbar may create the following registry entry or registry entries:
CLSID
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
{22C1406C-6350-4D3B-9F62-2A3F370AD9A7}
{2DC4F899-9C79-4462-863D-4EC61F3EFA52}
{38CF96AD-0ACC-49DF-91B7-5D7F640BF1B7}
{4545C96B-15D0-4E22-8DDE-6F2CAF531281}
{694AB2B2-6141-4567-9B66-B60FD06AD30F}
{7CC6C266-6155-4676-AE77-85164EAE29D9}
{9234F5E0-56CC-4F0B-AAE4-0D4BD5032180}
{BAA73D86-AFBD-4F73-8243-E7D193FA6C8B}
{C4D78C72-08DB-4A3F-9175-B265157283F3}
{EDDAFD4A-10D1-406A-8796-D13B54DB5E04}
{FA66632B-E294-4249-B007-64C07C7E0147}
File name without path
www.crawler[1].xml
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\Crawler.AppServer
SOFTWARE\Classes\Crawler.CRT404
SOFTWARE\Classes\Crawler.JSServer
SOFTWARE\Classes\Crawler.Toolbar
Software\Crawler Toolbar
Software\Microsoft\Internet Explorer\Approved Extensions\{9234F5E0-56CC-4F0B-AAE4-0D4BD5032180}
Software\Microsoft\Internet Explorer\Approved Extensions\{C4D78C72-08DB-4A3F-9175-B265157283F3}
Software\Microsoft\Internet Explorer\DOMStorage\crawler.com
Software\Microsoft\Internet Explorer\DOMStorage\www.crawler.com
SOFTWARE\Microsoft\Internet Explorer\MenuExt\Crawler Search
Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9234F5E0-56CC-4F0B-AAE4-0D4BD5032180}
Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9234F5E0-56CC-4F0B-AAE4-0D4BD5032180}
Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4D78C72-08DB-4A3F-9175-B265157283F3}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22C1406C-6350-4D3B-9F62-2A3F370AD9A7}
SOFTWARE\Wow6432Node\Crawler Toolbar
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAA73D86-AFBD-4F73-8243-E7D193FA6C8B}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D78C72-08DB-4A3F-9175-B265157283F3}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9234F5E0-56CC-4F0B-AAE4-0D4BD5032180}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4D78C72-08DB-4A3F-9175-B265157283F3}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{F13E61C0-917B-4AAD-96CD-7A5860E25A73}_is1

Directories

Crawler Toolbar may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
%PROGRAMFILES%\Crawler Toolbar
%PROGRAMFILES%\Crawler\Toolbar
%PROGRAMFILES(x86)%\Crawler Toolbar
%PROGRAMFILES(x86)%\Crawler\Toolbar
%USERPROFILE%\AppData\LocalLow\Crawler Toolbar

URLs

Crawler Toolbar may call the following URLs:

crawler.com

Analysis Report

General information

Family Name: Crawler Toolbar
Signature status: Root Not Trusted

Known Samples

MD5: 68c9b7fdafcaa1e1664dcf3fca1d3e3e
SHA1: da6b9d8bd453a74f489d0c78df663ce15df0a574
SHA256: A99952D823173EAA1A403F0737DD3DC87AB5F1859525AFA9EA806F6625298ABE
File Size: 8.60 MB, 8604456 bytes
MD5: fd31c306bd8ec037753f32c5a34ca41b
SHA1: 6827ba65e0765ed8b83817f89b435508f0e30e75
SHA256: ACBD6FAC46D4E823E7D5E2ADE13EAD2DED6BAA32DE7976ACB960DBDD5FEF9A0B
File Size: 4.98 MB, 4979152 bytes
MD5: 20a9ef8a59603e8b4db1f1b10a516555
SHA1: 22367dbafabb0397cdb7ac925c1a8471a8628d8d
SHA256: 6DE730E732D91A94FC0C6A193EC2035E6B2E755753F9D8FFDC2A0A371A6D3BCE
File Size: 1.21 MB, 1211344 bytes
MD5: d659818120de412a8b66d9e22c944d76
SHA1: a6a27bd50d7f4c98a40aeac6a1349b988bb909bf
SHA256: 5FCE15F1D0ADA6064D7199A966EDF2ED52586D5FEC6C2BA450077906DD59DD97
File Size: 1.74 MB, 1741464 bytes
MD5: f04a816f3969f75f99cec8849b083610
SHA1: 44cce897d7207df337352ed91230e5803f73a302
SHA256: 973C681F216F65C6F5696E71D651C918C4AEC4FD833C151E849BD092AC08ED6A
File Size: 6.50 MB, 6499480 bytes
Show More
MD5: 9bec9bd815f344c4a8e38ee4ec5261ca
SHA1: 5855ce5f3d09acc35f73b8a39aa82fcadd8320b1
SHA256: DAF681014CE4668AF610D561F6457B0DDA789577107B53E593A11C8E73ADB56E
File Size: 4.81 MB, 4806672 bytes
MD5: e11b3cf8a702f47fc657b757b357e655
SHA1: 4140d5f27d5914edf81641530bbd29c9d2bf917f
SHA256: 84B27C5BEFA25BE6B21C05E05BCD662DABADE12813D53283917F66BA32F07843
File Size: 5.32 MB, 5323768 bytes
MD5: 21b7c4b8162785c698ec890456820d7f
SHA1: 9be0dd2f7790c0a8a910f1dd21c4b3200d8d13b8
SHA256: 81884343FCEA8179A4AE6221D1D66FA3D143170E467603183A1DCE1398FD2FB6
File Size: 646.90 KB, 646904 bytes
MD5: 2547230726e76dcd45c148a39681310a
SHA1: 3b5c0c96e4cb86690647b3409c219588ea62c52c
SHA256: 2D3F1E8898E31C462E92895FF5966DDFEA70BBB46AB431532A70F30DBD8420C8
File Size: 2.26 MB, 2260706 bytes
MD5: 9954a18711e71d06495ce57e35d10168
SHA1: 3874157c2c9281e8a47a3234e89fae645e1fca98
SHA256: 2687BF1B7F21AF93203CB4A1C87E6086870709C1C7CCE38F09D32A1C2E6D3C7F
File Size: 1.15 MB, 1148664 bytes
MD5: e5f33492c484d012c59ef156edaca46f
SHA1: 99c02896c5b22ba5e974b16ab2e85e367086c3e0
SHA256: 60CD30ACA8D6E8AC09FD47528B10DB001319CF4ECCB72C0166C5FF74856ABA2A
File Size: 2.35 MB, 2352080 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • SpywareTerminator PORTABLE
  • This installation was built with Inno Setup.
  • This installation was built with Inno Setup: http://www.innosetup.com
Company Name
  • Crawler, LLC
  • Crawler.com
  • Crawler.com
  • Crawler Group
  • Crawler Inc.
  • tugashare.net
File Description
  • 24x7Help
  • Crawler Parental Control Setup
  • Crawler Toolbar
  • Crawler Toolbar Browser Object
  • Spyware Terminator 2012 Realtime Shield Service
  • Spyware Terminator 2012 Setup
  • Spyware Terminator 2015 Setup
  • SpywareTerminator PORTABLE
  • Spyware Terminator Setup
File Version
  • 5.1.0.286
  • 5.1.0.177
  • 3.0.1.107
  • 3.0.0.74
  • 3.0.0.69
  • 3.0.0.34
  • 3, 0, 0, 54
  • 2.5.6.316
  • 2.2.0.355
  • 2.1.0.19
Show More
  • 1.1.0.226
Internal Name SpywareTerminator PORTABLE
Legal Copyright
  • copyright Crawler
  • Copyright © 2006-2012 tugashare.net
  • copyright © Crawler.com
  • © Crawler, LLC
  • © Crawler.com
Original Filename
  • App24x7Help.exe
  • ctbr.dll
  • CToolbar.exe
  • SpywareTerminator.exe
  • st_rsser.exe
Product Name
  • 24x7Help
  • Crawler Toolbar
  • Spyware Terminator 2012
  • Spyware Terminator 2012
  • Spyware Terminator 2015
  • SpywareTerminator PORTABLE
Product Version
  • 5.1.0.177
  • 3.0.0.0
  • 3.0.0.0
  • 3, 0, 0, 54
  • 2.1.0.0

Digital Signatures

Signer Root Status
Crawler, LLC VeriSign Class 3 Code Signing 2004 CA Root Not Trusted
Crawler, LLC VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted

File Traits

  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • x86

Block Information

Total Blocks: 6,546
Potentially Malicious Blocks: 1,908
Whitelisted Blocks: 4,572
Unknown Blocks: 66

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 x 0 x 0 x 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x x 0 0 x 0 x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x x x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 x 0 x 0 x 0 x 0 0 0 0 x x x 0 0 x x 0 0 x x 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Crawler.A

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\samr Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-101cq.tmp\is-8rei7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-22glm.tmp\6827ba65e0765ed8b83817f89b435508f0e30e75_0004979152.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-eqqlm.tmp\_isetup\_regdll.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-eqqlm.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-eqqlm.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h39n5.tmp\da6b9d8bd453a74f489d0c78df663ce15df0a574_0008604456.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h7i8f.tmp\_isetup\_regdll.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h7i8f.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\is-h7i8f.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7_uploaderdark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7_uploaderdark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7_uploaderdark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_left.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_left.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_left.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_right.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_right.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_right.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x00.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x00.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x00.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x02.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x02.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7bubble_x02.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsactive.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsactive.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsactive.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsback.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsback.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingsback.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingshover.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingshover.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark001_settingshover.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_back00.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_back00.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_back00.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_phoneicon.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_phoneicon.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7dark_notabs_phoneicon.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7logonew_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7logonew_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7logonew_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7man_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\24x7man_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\24x7man_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmall.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmall.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmall.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmallhot.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmallhot.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\arrowsmallhot.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\bubble.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\bubble.xml Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\bubble.xml Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hardware_icon.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\hardware_icon.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hardware_icon.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetableft.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetableft.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetableft.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetabright.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetabright.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\hotinactivetabright.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\mainimg_settingsdark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\mainimg_settingsdark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\mainimg_settingsdark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon00_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon00_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon00_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon01_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon01_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_homeicon01_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon00_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon00_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon00_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon01_dark01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon01_dark01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\navigation_settingsicon01_dark01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\ok_icongreen01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\ok_icongreen01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\ok_icongreen01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\phones_icon.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\phones_icon.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\phones_icon.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetableft.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetableft.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetableft.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetabright.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetabright.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\pushedinactivetabright.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\security_icon.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\security_icon.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\security_icon.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\skin.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\skin.xml Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\skin.xml Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\software_icon.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\software_icon.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\software_icon.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow00.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow00.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow00.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\supportcheck01_arrow01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_icon01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\warning_icon01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_icon01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconorange01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconorange01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconorange01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconred01.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconred01.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\warning_iconred01.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\whitetableft.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\whitetableft.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\whitetableft.png Synchronize,Write Attributes
c:\users\user\appdata\roaming\24x7 help\skin\whitetabright.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\24x7 help\skin\whitetabright.png Generic Write,Read Attributes
c:\users\user\appdata\roaming\24x7 help\skin\whitetabright.png Synchronize,Write Attributes
c:\users\user\downloads\ctoolbar.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\ctoolbar.exe Synchronize,Write Attributes
c:\users\user\downloads\languages\tbr5_cs.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_de.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_en.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_es.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_fr.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_it.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_nl.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_pl.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_pt-br.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_pt.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\languages\tbr5_ru.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tbr5languageact\info.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tbr5languageact\info.ini Generic Write,Read Attributes
c:\users\user\downloads\tbr5languageact\info.ini Synchronize,Write Attributes
c:\users\user\downloads\tbr5languageact\language.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tbr5languageact\language.ini Generic Write,Read Attributes
c:\users\user\downloads\tbr5languageact\language.ini Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\ctoolbar::afa_done 0 RegNtPreCreateKey
HKCU\software\24x7help::lang_id en RegNtPreCreateKey
HKCU\software\24x7help::techsupport_text Click here for instant access to technical support from the 24x7 Help RegNtPreCreateKey
HKCU\software\24x7help::representative_icon 1 RegNtPreCreateKey
HKLM\software\wow6432node\24x7help::last_senddata 46003.328733044 RegNtPreCreateKey
HKCU\software\ctoolbar\cache::ctcachelastsave  RegNtPreCreateKey
HKCU\software\ctoolbar::mainhwnd ̘ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_url http://cfg.crawler.com/cr_config.asmx/GetSAPXML?CU=%cfg_cu% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_check_hour  RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::install_confirm_1 http://cfg.crawler.com/cr_confirm.asmx/GetXMLInst?TbId=%tb_id%&TUID=%ihash%&Action_Type=INCRWTP&Result_Code=%icode%&sDate=%idate RegNtPreCreateKey
Show More
HKLM\software\wow6432node\ctoolbar\server::install_confirm_sys http://cfg.crawler.com/cr_confirm.asmx/GetXML?TbId=%tb_id%&TUID=%ihash%&Action_Type=INCRWTP&Result_Code=%icode%&sDate=%idate%&sT RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_publisher Crawler, LLC RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_helpinfo http://www.crawler.com/faqs.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_aboutinfo http://www.crawler.com/ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_updateinfo http://www.crawler.com/products/toolbar.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_confirm http://cfg.crawler.com/cr_confirm.asmx/GetXML?TbId=%tb_id%&TUID=%ihash%&Action_Type=UNCRWTP&Result_Code=%icode%&sDate=%idate%&sT RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninstall_info_1 http://dnl.crawler.com/Support/cr_uninstall.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninstall_info_2 http://dnl.crawler.com/support/cr_uninstall_reboot.aspx?tbid=%tb_id%&TUID=%ihash% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::random_skin http://cfg.crawler.com/cr_config.asmx/getSkin?SkinID=%currentskin% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::skin_confirm http://cfg.crawler.com/cr_config.asmx/SetSkinDwnlLog?SkinID=%currentskin%&TbId=%tb_id%&TUID=%tuid% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::random_cursor http://cfg.crawler.com/cr_config.asmx/getCursor?CursorID=%currentcursor% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cursor_confirm http://cfg.crawler.com/cr_config.asmx/SetCursorDwnlLog?CursorID=%currentcursor%&TbId=%tb_id%&TUID=%tuid% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::manual_update http://dnl.crawler.com/dnl/config/1/ctupd.cab RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down_queue http://dnl.crawler.com/support/cr_dnl_all.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_all=%DOWN_ALL%&down_count=%DOW RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down_detail http://dnl.crawler.com/support/cr_dnl_basic.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_all=%DOWN_ALL%&down_count=%D RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down_show RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down_ask  RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::exit_proc 2 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::dlg_help http://www.crawler.com/help/default.aspx?src=tbmenu&b=2&m=CR_Options_Help&i= RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::whats_this http://www.crawler.com/help/default.aspx?m=CR_Options_Help&i=%topic% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::brand_domain www.crawler.com RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::help_url http://www.crawler.com/help/default.aspx?src=TbMenu RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::install_wait 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::uninst_name Crawler Toolbar RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::ff_search_url http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=#TbId#&qkw= RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::terms_url http://www.crawler.com/legal/terms.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::privacy_url http://www.crawler.com/legal/privacy.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::products_url http://www.crawler.com/products/ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down5_detail http://dnl.crawler.com/support/cr5_dnl_basic.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_all=%DOWN_ALL%&down_count=% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down5_queue http://dnl.crawler.com/support/cr5_dnl_all.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_all=%DOWN_ALL%&down_count=%DO RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down5_ask  RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::down5_show RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::save_cfg_hit 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::main_url http://www.crawler.com/ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::ct5_upgd_notify_url http://dnl.crawler.com/tbr_upd_confirm.aspx?tbid=%tb_id% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::ff_ct5_upgd_notify_url http://dnl.crawler.com/tbr_upd_confirm.aspx?tbid=%tb_id% RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::ct51_upgd_notify_url http://dnl.crawler.com/support/bubble.aspx?t=TABS RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::confirm_src http://cfg.crawler.com/cr_confirm.asmx/GetXMLInst?TbId=%tb_id%&TUID=%ihash%&Action_Type=SRCH&Result_Code=&sDate=&sTime=&sLP= RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::home_page_def_dwn 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::inbox_download #define InboxDownloadTBID '80012' RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::spt_cfg #define SPT_CFG '32' RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::design_image_large #define MyFileImageLarge 'compiler:WCrawl.bmp' RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::design_welcome #define MyFileWelcome 'compiler:Crawler.isl.rtf' RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::design_text #define MyFileMessages 'compiler:Crawler.isl' RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\installer\userdata::tuid V3E20AE93C393B405293DAB106CF8703DB10911190410 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::stui S0B/->B60@060?1-2/60A>?.-3@C54-0A?.-6...6-1.- RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::tuid V3E20AE93C393B405293DAB106CF8703DB10911190410 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::install_confirmed 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::install_level 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::d_cfg_upd 20260515 08:31:39 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::d_sched 18991230 00:00:00 RegNtPreCreateKey
HKCU\software\ctoolbar\server::p_usr 0 RegNtPreCreateKey
HKCU\software\ctoolbar\server::p_admin 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_srv_v (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_v_lst (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_plugins (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::cfg_stats (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::last_ask_update 20050101 00:00:00 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\server::ssaimode 0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::no_backup (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_cs_shortname cs RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_cs_longname Cesky RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_cs_version 1.0.0.10 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_cs_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_cs_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_de_shortname RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_de_longname Deutsch RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_de_version 1.0.0.8 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_de_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_de_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_en_shortname en RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_en_longname English RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_en_version 1.0.0.7 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_en_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_en_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_es_shortname es RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_es_longname Espanol RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_es_version 1.0.0.10 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_es_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_es_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_fr_shortname fr RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_fr_longname Francais RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_fr_version 1.0.0.7 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_fr_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_fr_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_it_shortname it RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_it_longname Italiano RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_it_version 1.0.0.9 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_it_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_it_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_nl_shortname nl RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_nl_longname Dutch RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_nl_version 1.0.0.0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_nl_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_nl_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pl_shortname pl RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pl_longname Polski RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pl_version 1.0.0.0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pl_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pl_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt-br_shortname pt-br RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt-br_longname Portugues Brasileiro RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt-br_version 1.0.0.10 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt-br_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt-br_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt_shortname pt RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt_longname Portugues RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt_version 1.0.0.9 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_pt_sortid 100 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_ru_shortname ru RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_ru_longname Pyccku RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_ru_version 1.0.0.0 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_ru_utf8 1 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::lng_tbr5_ru_sortid 100 RegNtPreCreateKey
HKCU\software\ctoolbar::language en RegNtPreCreateKey
HKCU\software\ctoolbar::tbr5_language_ver 1.0.0.7 RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\files\app::filename CToolbar.exe RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\files\tbr::filename ctbr.dll RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar\files\common::filename ctbcomm.dll RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::pathroot c:\Users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::pathtoolbar c:\Users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::pathupdate c:\users\user\downloads\Update\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::pathuserdata c:\users\user\downloads\UserData\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::pathdownload c:\users\user\downloads\Download\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::usedstartmenu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\ RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::locked (NULL) RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::displayname Crawler Toolbar RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::uninstallstring c:\users\user\downloads\CToolbar.exe uninst RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::displayicon c:\users\user\downloads\CToolbar.exe,1 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::publisher Crawler, LLC RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::helplink http://www.crawler.com/faqs.aspx RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::urlinfoabout http://www.crawler.com/ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\ctoolbar_uninstall::urlupdateinfo http://www.crawler.com/products/toolbar.aspx RegNtPreCreateKey
HKLM\software\wow6432node\ctoolbar::local_it ꂌ廢覫䃦 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Network Winhttp
  • WinHttpOpen
Service Control
  • StartServiceCtrlDispatcher
Network Winsock2
  • WSAStartup

Shell Command Execution

"C:\Users\Wojvgvpc\AppData\Local\Temp\is-H39N5.tmp\da6b9d8bd453a74f489d0c78df663ce15df0a574_0008604456.tmp" /SL5="$5020E,8103461,66048,c:\users\user\downloads\da6b9d8bd453a74f489d0c78df663ce15df0a574_0008604456"
"C:\Users\Ldojtqam\AppData\Local\Temp\is-22GLM.tmp\6827ba65e0765ed8b83817f89b435508f0e30e75_0004979152.tmp" /SL5="$8034A,4298571,161792,c:\users\user\downloads\6827ba65e0765ed8b83817f89b435508f0e30e75_0004979152"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\22367dbafabb0397cdb7ac925c1a8471a8628d8d_0001211344.,LiQMAxHB
"C:\Users\Xocdxxto\AppData\Local\Temp\is-101CQ.tmp\is-8REI7.tmp" /SL4 $D0242 "c:\users\user\downloads\4140d5f27d5914edf81641530bbd29c9d2bf917f_0005323768" 4902226 65024
c:\users\user\downloads\CToolbar.exe

2 Comments

Hessy Reply

If only there were more clever people like you!

wendy c benton Reply

I would like to know how to remove crawler toolbar from my computer

Related Posts

Trending

Most Viewed

Loading...