HitmanPro-20170914-0111.log

Document joint : GIoavam4xyK_HitmanPro-20170914-0111.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.20.286
www.hitmanpro.com

Computer name . . . . : DESKTOP-U59OMC8
Windows . . . . . . . : 10.0.0.10586.X64/2
User name . . . . . . : DESKTOP-U59OMC8\ayoub
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)

Scan date . . . . . . : 2017-09-14 00:50:40
Scan mode . . . . . . : Normal
Scan duration . . . . : 18m 28s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 16
Traces . . . . . . . : 117

Objects scanned . . . : 1,933,575
Files scanned . . . . : 21,849
Remnants scanned . . : 216,991 files / 1,694,735 keys

Malware _____________________________________________________________________

C:\Users\ayoub\AppData\Local\Temp\3BD4C91C\mRCANjdwgY.exe -> Deleted
Size . . . . . . . : 2,402,573 bytes
Age . . . . . . . : 0.0 days (2017-09-14 00:02:10)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 5BCAEE6E32D504290D987A6EA72665CBB11730E4C8A4D40486030FB2E6A2EE86
> Bitdefender . . . : Gen:Variant.Zusy.253737
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.Generic
> HitmanPro . . . . : App/Generic-BL
Fuzzy . . . . . . : 116.0
Forensic Cluster
0.0s C:\Users\ayoub\AppData\Local\Temp\3BD4C91C\
0.0s C:\Users\ayoub\AppData\Local\Temp\3BD4C91C\mRCANjdwgY.exe
1.3s C:\Windows\Prefetch\MRCANJDWGY.EXE-1B9984E8.pf
10.2s C:\Windows\Prefetch\MRCANJDWGY.EXE-D592FC04.pf

C:\Users\ayoub\AppData\Local\Temp\834F.tmp.exe -> Quarantined
Size . . . . . . . : 663,040 bytes
Age . . . . . . . : 0.4 days (2017-09-13 15:37:19)
Entropy . . . . . : 7.9
SHA-256 . . . . . : AE67181117700E0B52006D40874B6D72F5D492FE135AA1BE1AE6C7F9F9F878D4
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.MSIL.Generic
Fuzzy . . . . . . : 116.0
Forensic Cluster
0.0s C:\Users\ayoub\AppData\Local\Temp\834F.tmp.exe
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9B408AEBFBBFF1FE88DD902AEDD8107F

C:\Users\ayoub\AppData\Local\Temp\CB99.tmp.exe -> Deleted
Size . . . . . . . : 861,234 bytes
Age . . . . . . . : 0.4 days (2017-09-13 15:24:31)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 0B465B5FAED98FE1A4FE732FB3BD15F595FE092D82D5C4C1C1C44A932EFBAA6F
> Bitdefender . . . : Gen:Variant.Graftor.408930
> Kaspersky . . . . : Trojan.Win32.Inject.agoqw
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 108.0
Forensic Cluster
-38.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\2D9CB60ED1CA032870C139A046E2553E
-34.8s C:\Windows\SysWOW64\qitgbhel\
-34.6s C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
-33.4s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
-33.3s C:\Windows\Prefetch\EFKLVCTZ.EXE-47FD4FB5.pf
-30.9s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
-30.9s C:\Windows\Prefetch\WUSA.EXE-A8D5906C.pf
-30.9s C:\Windows\Prefetch\3532.TMP.EXE-15A5D35D.pf
-28.5s C:\Windows\SysWOW64\config\systemprofile\Local Settings
-23.6s C:\Windows\Prefetch\SVCHOST.EXE-672DEC87.pf
-12.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5C340FC3F834345DF22A1418FFCA2265
-5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5E8E2F0FD832F0881FE612FD3ACA7C81
-5.4s C:\Windows\Prefetch\B467.TMP.EXE-7C1D3B1B.pf
-5.4s C:\Users\ayoub\AppData\Roaming\A3D5F7CCA4A01546086603\
-4.6s C:\Windows\Prefetch\A3D5F7CCA4A01546086603.EXE-A7C55077.pf
-0.8s C:\Windows\Prefetch\94C8.TMP.EXE-3CCEA1C4.pf
-0.4s C:\Users\ayoub\AppData\Local\Temp\A3D5F7CCA4A0154608660332
0.0s C:\Users\ayoub\AppData\Local\Temp\CB99.tmp.exe
1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C17BF0D6A2F5C9D5DA26DE718086BE5A
2.3s C:\Users\ayoub\AppData\Local\Temp\A3D5F7CCA4A0154608660364
9.7s C:\Windows\Prefetch\DLLHOST.EXE-02B5A5A1.pf
13.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A710C0AEC7C6540CBD02215B72DF3921
13.0s C:\Windows\Prefetch\CB99.TMP.EXE-90AE24AF.pf
18.9s C:\Users\ayoub\AppData\Local\Temp\nsd1552.tmp\
19.1s C:\Users\ayoub\AppData\Roaming\Microsoft\adijusbj\
35.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5D1FC092717FE44EE56401B827D490C8
36.0s C:\Users\ayoub\AppData\Local\Temp\nsd1552.tmp\System.dll
41.2s C:\Users\ayoub\AppData\Roaming\Microsoft\ussbjuht\
41.2s C:\Users\ayoub\AppData\Roaming\Microsoft\ussbjuht\gtjhtjhh.exe
45.3s C:\Windows\Prefetch\DF03.TMP.EXE-D13313ED.pf
45.3s C:\Windows\Prefetch\SVCHOST.EXE-81F024F5.pf
64.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\DE369D07D48E28F7D8FA3CED6A6DB045
65.4s C:\Windows\Prefetch\7B34.TMP.EXE-2E0B86EC.pf
77.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A0FB03D4DEB08BABE21DD903C32B21E4
77.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\38BCB6AA68803402F0D08FD8611C986D
93.9s C:\Windows\Prefetch\FONDUE.EXE-DE2CE179.pf
93.9s C:\Windows\Prefetch\FONDUE.EXE-142C2D15.pf
94.3s C:\Windows\Prefetch\BFB1.TMP.EXE-BBF3F593.pf

C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe -> Quarantined
Size . . . . . . . : 184,320 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:32:35)
Entropy . . . . . : 4.9
SHA-256 . . . . . : A09AB0A703AD86E60FD09C2EC2691E3A4E78B8199D2E444320E60F1BACA504BE
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
0.0s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
9.8s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
13.5s C:\RECYCLER\
13.5s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
15.6s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
15.6s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
19.9s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
21.6s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
25.1s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
29.7s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
29.7s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
30.0s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
38.7s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
38.7s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
40.4s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
40.4s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
42.7s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
45.2s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
48.7s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
48.7s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
50.3s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
50.3s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
51.1s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
51.1s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
57.1s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
58.9s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
58.9s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
60.4s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
60.4s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
64.2s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
64.4s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
68.9s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
68.9s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
73.3s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
76.1s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
76.1s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
83.2s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
101.4s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe -> Quarantined
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 99B746A01E5CE573112A03FB47D0573F3ABE0BEA38784CCA16555D2A538E0A78
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-58.9s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-58.9s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-49.1s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-45.4s C:\RECYCLER\
-45.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-43.3s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-43.3s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-39.0s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-37.3s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-33.8s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-29.2s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-29.2s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-28.9s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-20.2s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-20.2s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
-18.5s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
-18.5s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
-16.2s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
-13.7s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
-10.2s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
-10.2s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
-8.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
-8.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
-7.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
-7.8s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
-1.8s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
0.0s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
1.5s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
1.5s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
5.3s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
5.5s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
10.0s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
10.0s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
14.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
17.2s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
17.2s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
24.3s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
42.5s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe -> Quarantined
Size . . . . . . . : 135,168 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:44)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 6086F8FF49891FBFE230B2B406629F3436D870784F50F8C97CD54DB778233085
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-68.9s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-68.9s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-59.1s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-55.4s C:\RECYCLER\
-55.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-53.3s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-53.3s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-49.0s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-47.3s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-43.9s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-39.2s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-39.2s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-38.9s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-30.2s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-30.2s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
-28.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
-28.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
-26.3s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
-23.8s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
-20.2s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
-20.2s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
-18.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
-18.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
-17.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
-17.8s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
-11.8s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
-10.0s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
-10.0s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
-8.5s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
-8.5s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
-4.8s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
-4.5s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
0.0s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
4.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
7.1s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
7.1s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
14.3s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
32.5s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe -> Quarantined
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 693716707A0CC7A4DB079AD3568E4B72B24039C00B5483DAF347D89FE38C5EE8
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-60.4s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-60.4s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-50.6s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-46.9s C:\RECYCLER\
-46.9s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-44.8s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-44.8s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-40.5s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-38.8s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-35.3s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-30.7s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-30.7s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-30.4s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-21.7s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-21.7s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
-20.1s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
-20.1s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
-17.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
-15.3s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
-11.7s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
-11.7s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
-10.1s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
-10.1s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
-9.3s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
-9.3s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
-3.3s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
-1.5s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
-1.5s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
0.0s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
3.8s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
4.0s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
8.5s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
8.5s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
12.9s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
15.6s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
15.6s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
22.8s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
41.0s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe -> Quarantined
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : D2DF993A3B5D9057A6FBD5AE8CFCD2E96642A19ADFF4AC80B5FEE0E2CC0F0BF5
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-38.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-38.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-28.9s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-25.2s C:\RECYCLER\
-25.2s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-23.1s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-23.1s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-18.8s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-17.1s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-13.7s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-9.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-9.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-8.7s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
1.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
1.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
3.9s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
6.4s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
10.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
10.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
11.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
11.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
12.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
12.4s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
18.4s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
20.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
20.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
21.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
21.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
25.4s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
25.7s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
30.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
30.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
34.6s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
37.3s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
37.3s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
44.5s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
62.7s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe -> Quarantined
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:15)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 9C0AFF95CA94B9057029321868A56A6B665EA69D09C67BA1FC467CC43DE2964C
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-40.4s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-40.4s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-30.6s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-26.8s C:\RECYCLER\
-26.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-24.8s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-24.8s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-20.4s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-18.7s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-15.3s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-10.6s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-10.6s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-10.3s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-1.6s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-1.6s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
0.0s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
2.3s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
4.8s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
8.4s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
8.4s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
10.0s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
10.0s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
10.7s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
10.8s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
16.7s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
18.5s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
18.5s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
20.1s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
20.1s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
23.8s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
24.1s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
28.6s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
28.6s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
33.0s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
35.7s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
35.7s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
42.8s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
61.0s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe -> Quarantined
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:24)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 63A2994A7C5FA7EDA7AA52F893D71B8FC149852C36289EA75FA3D83FA0AB528B
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-48.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-48.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-38.9s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-35.2s C:\RECYCLER\
-35.2s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-33.1s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-33.1s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-28.8s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-27.1s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-23.6s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-19.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-19.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-18.7s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-10.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-10.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
-8.4s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
-8.4s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
-6.0s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
-3.5s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
0.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
1.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
1.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
2.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
2.4s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
8.4s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
10.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
10.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
11.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
11.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
15.5s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
15.7s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
20.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
20.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
24.6s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
27.3s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
27.3s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
34.5s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
52.7s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe -> Quarantined
Size . . . . . . . : 135,168 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:25)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 3F222BD4129ADBEE2C6ADC742484A71E4E139DA64BEE875A07E86FD2482282BD
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 102.0
Forensic Cluster
-50.3s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-50.3s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-40.5s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-36.8s C:\RECYCLER\
-36.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-34.7s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-34.7s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-30.4s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-28.7s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-25.3s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
-20.6s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
-20.6s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
-20.3s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
-11.6s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
-11.6s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
-10.0s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
-10.0s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
-7.7s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
-5.2s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
-1.6s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
-1.6s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
0.0s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
0.0s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
0.8s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
0.8s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
6.8s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
8.6s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
8.6s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
10.1s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
10.1s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
13.8s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
14.1s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
18.6s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
18.6s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
23.0s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
25.7s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
25.7s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
32.8s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
51.1s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\gtjhtjhh.exe -> Quarantined
Size . . . . . . . : 181,760 bytes
Age . . . . . . . : 0.4 days (2017-09-13 15:20:43)
Entropy . . . . . : 7.0
SHA-256 . . . . . : 45ED2B2C6D41F3FB391C549CE391323D2D031CBE8FC76F253FB079DB4F75D771
> Bitdefender . . . : Gen:Variant.Trojan.Crypt.37
Fuzzy . . . . . . : 122.0
Startup
HKU\S-1-5-21-2175527721-1046665974-439335780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent
Forensic Cluster
-0.0s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\
0.0s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\gtjhtjhh.exe

C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe -> Quarantined
Size . . . . . . . : 184,320 bytes
Age . . . . . . . : 0.3 days (2017-09-13 16:33:05)
Entropy . . . . . : 4.9
SHA-256 . . . . . : A09AB0A703AD86E60FD09C2EC2691E3A4E78B8199D2E444320E60F1BACA504BE
Product . . . . . : TrueCrypt
Publisher . . . . : TrueCrypt Foundation
Description . . . : TrueCrypt
Version . . . . . : 7.1a
LanguageID . . . . : 1033
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 112.0
Startup
HKU\S-1-5-21-2175527721-1046665974-439335780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ProductSetup
Forensic Cluster
-29.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp
-29.7s C:\Users\ayoub\AppData\Local\Temp\NN1C49.tmp.exe
-19.9s C:\Users\ayoub\AppData\Local\Temp\NN428F.tmp
-16.2s C:\RECYCLER\
-16.2s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
-14.1s C:\Windows\Prefetch\NN1C49.TMP.EXE-14CE0A55.pf
-14.1s C:\Windows\Prefetch\NN428F.TMP.EXE-4011C2EC.pf
-9.8s C:\Users\ayoub\AppData\Local\Temp\NN6A2C.tmp
-8.1s C:\Users\ayoub\AppData\Roaming\Microsoft\esajsfgw\esajsfgw
-4.7s C:\Windows\Prefetch\NN6A2C.TMP.EXE-993C1DE4.pf
0.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\
0.0s C:\Users\ayoub\AppData\Roaming\Microsoft\gagcucue\gtjhtjhh.exe
0.3s C:\Users\ayoub\AppData\Local\Temp\NN919B.tmp
9.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp
9.0s C:\Users\ayoub\AppData\Local\Temp\NNB38C.tmp.exe
10.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp
10.6s C:\Users\ayoub\AppData\Local\Temp\NNB9F5.tmp.exe
12.9s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\
15.4s C:\Windows\Prefetch\NN919B.TMP.EXE-1943E361.pf
19.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp
19.0s C:\Users\ayoub\AppData\Local\Temp\NNDA9E.tmp.exe
20.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp
20.6s C:\Users\ayoub\AppData\Local\Temp\NNE0E8.tmp.exe
21.4s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\
21.4s C:\Windows\Prefetch\NNB38C.TMP.EXE-EC9A0508.pf
27.3s C:\Windows\Prefetch\NNB9F5.TMP.EXE-07E0FE96.pf
29.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp
29.2s C:\Users\ayoub\AppData\Local\Temp\NN25B.tmp.exe
30.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp
30.7s C:\Users\ayoub\AppData\Local\Temp\NN858.tmp.exe
34.4s C:\Windows\Prefetch\NNDA9E.TMP.EXE-D290E92F.pf
34.7s C:\Windows\Prefetch\NNE0E8.TMP.EXE-427287D2.pf
39.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp
39.2s C:\Users\ayoub\AppData\Local\Temp\NN298D.tmp.exe
43.6s C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\
46.3s C:\Windows\Prefetch\NN25B.TMP.EXE-719C3F65.pf
46.3s C:\Windows\Prefetch\NN858.TMP.EXE-AE28F3F1.pf
53.4s C:\Windows\Prefetch\NN298D.TMP.EXE-13731E9B.pf
71.7s C:\Windows\Prefetch\5BFD.TMP.EXE-303A5949.pf

C:\Users\ayoub\Downloads\Programs\uTorrent.exe -> Quarantined
Size . . . . . . . : 1,733,104 bytes
Age . . . . . . . : 16.4 days (2017-08-28 15:35:25)
Entropy . . . . . : 8.0
SHA-256 . . . . . : A684AC7AA6B4821B37861F07CD42F12DB320BE64302E9F775C45285A07A7D724
Product . . . . . : uTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.5.0.43804
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.heur
Fuzzy . . . . . . : 102.0
Forensic Cluster
-0.6s C:\Users\ayoub\AppData\Roaming\IDM\DwnlData\ayoub\windows_93\
0.0s C:\Users\ayoub\Downloads\Programs\uTorrent.exe
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\70\A556B64413F4FF56.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\70\

C:\Windows\KMS-R@1n.exe -> Quarantined
Size . . . . . . . : 26,112 bytes
Age . . . . . . . : 17.4 days (2017-08-27 14:32:31)
Entropy . . . . . : 5.5
SHA-256 . . . . . : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
Service . . . . . : KMS-R@1n
Running processes : 1692
> HitmanPro . . . . : Troj/KMS-A
Fuzzy . . . . . . : 120.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\KMS-R@1n\
Network Ports
0.0.0.0:1688
Forensic Cluster
-0.8s C:\Windows\System32\config\systemprofile\AppData\Local\PeerDistRepub\
0.0s C:\Windows\KMS-R@1n.exe
2.7s C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\
8.1s C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab
10.4s C:\Windows\appcompat\Programs\Amcache.hve{44f9a5bd-8b33-11e7-a914-74d435dfc178}.TM.blf

C:\Windows\system32\SppExtComObjPatcher.exe -> Quarantined
Size . . . . . . . : 4,608 bytes
Age . . . . . . . : 17.4 days (2017-08-27 15:24:05)
Entropy . . . . . : 4.3
SHA-256 . . . . . : E4F6906C800671EB0DD1C10DAC364714902B02FE68CCF6BDB08052BDCDAC2543
> Kaspersky . . . . : not-a-virus:RiskTool.Win64.ProcPatcher.a
Fuzzy . . . . . . : 109.0
Forensic Cluster
0.0s C:\Windows\System32\SppExtComObjPatcher.exe
0.1s C:\Windows\System32\SppExtComObjHook.dll
1.7s C:\Windows\Prefetch\IDM.6.X_U8-PATCH.EXE-EBDA58EE.pf

Suspicious files ____________________________________________________________

C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\RegHunter.exe
Size . . . . . . . : 4,426,920 bytes
Age . . . . . . . : 0.1 days (2017-09-13 22:46:30)
Entropy . . . . . : 7.1
SHA-256 . . . . . : A771D84FCA813B2F236ACE6002B8C4D781FBB75847E2A86593EE566886D12787
Product . . . . . : RegHunter
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : RegHunter Application
Version . . . . . : 1.3.16.13
Copyright . . . . : Copyright 2003-2016. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\
-0.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\
-0.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Brazilian.lng
-0.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Chinese(Simplified).lng
-0.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Chinese(Traditional).lng
-0.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Common.dll
-0.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Croatian.lng
-0.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Czech.lng
-0.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Danish.lng
-0.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Defman.dll
-0.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Dutch.lng
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\English.lng
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\EsgScanner.inf
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\EsgScanner.sys
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\ExecutionGuard.dll
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Finnish.lng
-0.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\French.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\German.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Greek.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Indonesian.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Italian.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Japanese.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Lithuanian.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Norwegian.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Polish.lng
-0.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Portuguese.lng
0.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\RegHunter.exe
1.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Romanian.lng
1.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Russian.lng
1.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SH4Service.exe
1.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\ShScanner.dll
2.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Slovene.lng
2.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Spanish.lng
2.3s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SpyHunter4.com
3.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SpyHunter4.exe
3.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Swedish.lng
3.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\cos.dat
3.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\esgiguard.sys
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\gas.dat
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\gil.dat
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\native.exe
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\purl.dat
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\dns.dat
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\proxy.dat
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Downloads\
4.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160604_231103.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_184904.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_185016.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_185123.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195443.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195638.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195938.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_200109.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161116_132259.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170416_205201.log
4.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170713_084830.log
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170812_152437.log
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170908_021120.log
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170910_170811.log
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\defs\
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\defs\2017090901.def
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\autoexec.bat.bk
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\hosts.bk
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\system.ini.bk
4.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\win.ini.bk
4.3s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\
4.3s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\
4.3s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\SpyHunterPortable.reg
4.3s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\SpyHunterPortableSettings.ini

C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SpyHunter4.exe
Size . . . . . . . : 8,385,720 bytes
Age . . . . . . . : 0.1 days (2017-09-13 22:46:33)
Entropy . . . . . : 7.3
SHA-256 . . . . . : 0136F3552193D3A731F6FF4686ABF6DEB7EF3EDD89F5695C638CC9A8B99890BF
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.28.5.4848
Copyright . . . . : Copyright 2003-2016. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Startup
C:\Windows\system32\Tasks\SpyHunter4Startup
Forensic Cluster
-3.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\
-3.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\
-3.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Brazilian.lng
-3.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Chinese(Simplified).lng
-3.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Chinese(Traditional).lng
-3.7s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Common.dll
-3.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Croatian.lng
-3.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Czech.lng
-3.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Danish.lng
-3.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Defman.dll
-3.6s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Dutch.lng
-3.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\English.lng
-3.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\EsgScanner.inf
-3.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\EsgScanner.sys
-3.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\ExecutionGuard.dll
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Finnish.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\French.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\German.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Greek.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Indonesian.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Italian.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Japanese.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Lithuanian.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Norwegian.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Polish.lng
-3.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Portuguese.lng
-3.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\RegHunter.exe
-1.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Romanian.lng
-1.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Russian.lng
-1.5s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SH4Service.exe
-1.4s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\ShScanner.dll
-0.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Slovene.lng
-0.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Spanish.lng
-0.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SpyHunter4.com
0.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\SpyHunter4.exe
0.8s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Swedish.lng
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\cos.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\esgiguard.sys
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\gas.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\gil.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\native.exe
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\purl.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\dns.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Data\proxy.dat
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Downloads\
0.9s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160604_231103.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_184904.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_185016.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20160725_185123.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195443.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195638.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_195938.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161115_200109.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20161116_132259.log
1.0s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170416_205201.log
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170713_084830.log
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170812_152437.log
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170908_021120.log
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\Log\SpyHunter4_20170910_170811.log
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\defs\
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\defs\2017090901.def
1.1s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\autoexec.bat.bk
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\hosts.bk
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\system.ini.bk
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\App\SpyHunter\mon\win.ini.bk
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\SpyHunterPortable.reg
1.2s C:\Users\ayoub\Desktop\Portable SpyHunter\Data\settings\SpyHunterPortableSettings.ini

Cookies _____________________________________________________________________

C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.sara.media
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.deliverimp.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.programattik.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yieldmo.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:domdex.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.adzerk.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:sync.go.sonobi.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\ayoub\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net

[/code]

Signaler le contenu de ce document