HitmanPro-20170320-2235.log

Document joint : GCuwfC71HUu_HitmanPro-20170320-2235.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.15.281
www.hitmanpro.com

Computer name . . . . : SAMIA-PC
Windows . . . . . . . : 6.1.0.7600.X86/2
User name . . . . . . : SAMIA-PC\SAMIA
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2017-03-20 22:14:49
Scan mode . . . . . . : Normal
Scan duration . . . . : 14m 56s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 88
Traces . . . . . . . : 476

Objects scanned . . . : 1 246 796
Files scanned . . . . : 59 862
Remnants scanned . . : 284 377 files / 902 557 keys

Malware _____________________________________________________________________

C:\AdwCleaner\quarantine\files\alovalnxmherllmaxxgbqknzbuxtvskc\ihpul.exe -> Deleted
Size . . . . . . . : 960 728 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:36)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 15A8D2B205BFFBCA8C86088A06A87C00A5549E33ACE284E74E7E14FE2945491E
Product . . . . . : TSvr
Publisher . . . . : TSvr
Description . . . : TSvr
Version . . . . . : 3.0.0.27
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.SubTab.1
Fuzzy . . . . . . : 103.0

C:\AdwCleaner\quarantine\files\alovalnxmherllmaxxgbqknzbuxtvskc\qks.exe -> Deleted
Size . . . . . . . : 263 896 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:36)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 85A3FF3E0AA0C09513D86045E31D230A3691026C5E2B8F467723BFEFD0A7E5BC
Product . . . . . : asdtools
Publisher . . . . : asd
Description . . . : asdtools
Version . . . . . : 3.3.35.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2052
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.RUE
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\alovalnxmherllmaxxgbqknzbuxtvskc\winzipper.exe -> Deleted
Size . . . . . . . : 260 696 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D79420BDFF680A41FFDC9F4A353251A18B3DD8FF3950E7DD42A1FED9135FC5B1
Product . . . . . : dltools.exe
Publisher . . . . : dltools
Description . . . : dltools
Version . . . . . : 2.2.16.0
Copyright . . . . : dltools
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Xadupi.I
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\alovalnxmherllmaxxgbqknzbuxtvskc\wpm.exe -> Deleted
Size . . . . . . . : 210 152 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:36)
Entropy . . . . . : 6.4
SHA-256 . . . . . : E674E7387D1978F9AC59FD3A10928CD21BBF98B0BCCE2B0B81CC07B8658C6AD2
Product . . . . . : WFini
Publisher . . . . : WFini LIMITED
Description . . . : WFini
Version . . . . . : 22.0.0.2535
Copyright . . . . : Copyright (C) WFini.com From 2012
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Application.Agent.QT
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\elwqbbgitabuljcpplrfhjnnduufwewp\desktop154.exe -> Deleted
Size . . . . . . . : 236 728 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:50:12)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 88E6B29977601A6FBA2AFBAE87E4802BCE5AD05AF0CE7053560C22A3DD08FEBF
Product . . . . . : DeskTop Service
Publisher . . . . : DeskTopService
RSA Key Size . . . : 2048
LanguageID . . . . : 2052
Authenticode . . . : Valid
> Bitdefender . . . : Application.Elex.AG
Fuzzy . . . . . . : 98.0

C:\AdwCleaner\quarantine\files\ftkemstvlujbxmgdykqykfexxxjlhkcg\Application\chrome_watcher.dll -> Deleted
Size . . . . . . . : 424 848 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:01)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 14A5E16F4F186EA5492AC21C40CCBA8CD98803F3DC43B377B05E862BDE3463F1
Product . . . . . : Toolrain
Publisher . . . . : Google Inc.
Description . . . : Google Chrome
Version . . . . . : 51.25.2704.63
Copyright
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.GenericKD.3445190
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\ftkemstvlujbxmgdykqykfexxxjlhkcg\Application\delegate_execute.exe -> Deleted
Size . . . . . . . : 652 176 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:02)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 758700F4DD82EA9B28DC3D16265ADEDAA1B1F7788A546C430C36BB8E6F3FC93B
Product . . . . . : Nosemay
Publisher . . . . : Google Inc.
Description . . . : Google Chrome
Version . . . . . : 50.27.2661.78
Copyright
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.GenericKD.3445241
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\ftkemstvlujbxmgdykqykfexxxjlhkcg\Application\libexif.dll -> Deleted
Size . . . . . . . : 301 456 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:02)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 68CA891FD181DC537EEC91D71AE8BC77D800C0BE1506891B0AAAF3ABB5090460
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.Generic.17794874
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\ftkemstvlujbxmgdykqykfexxxjlhkcg\Application\wow_helper.exe -> Deleted
Size . . . . . . . : 72 080 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:02)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 93A1A59C4E6F84D4A08900A51BCFF06B2F8BCDA415DF232AFA2A6A542B9F4DF0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.Generic.17899764
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\curlpp.dll -> Deleted
Size . . . . . . . : 582 144 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 4D47DE147E0981CCA527BC13A5D0BC77E8D3C00FBAB78461D9B7B398A655B831
Product . . . . . : curlpp.dll
Description . . . : libcurl wrapper
Version . . . . . : 0.7.3.0
LanguageID . . . . : 1033
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.Win32.Elex.gen
Fuzzy . . . . . . : 105.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\msuser.dll -> Deleted
Size . . . . . . . : 90 872 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 40CD65EE961187D0FDE568D4E306070A06B1ED13619478BA2604AEF1E51AB2EA
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Graftor.297987
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.Win32.Elex.gen
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\myuser.exe -> Deleted
Size . . . . . . . : 94 968 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 60BD127BB31CDE7EB79160C7AF084C738C2CA9C74716FF37A579409045E9BD32
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.GenericKD.3445152
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\qkdl.exe -> Deleted
Size . . . . . . . : 318 200 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 5.5
SHA-256 . . . . . : 208D7726759036EA781FD7AB4F86FCCA820F973C65BD4D109C0AC84A3A48E7D9
Product . . . . . : qksee
Publisher . . . . : Qksee Pvt Ltd.
Description . . . : qkdl
Version . . . . . : 3.2.33.81
Copyright . . . . : Copyright (c) 2015 Qksee Pvt Ltd. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.3471769
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.Win32.Elex.gen
> HitmanPro . . . . : App/Elex-AN
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\qksee.exe -> Deleted
Size . . . . . . . : 1 348 856 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 6.2
SHA-256 . . . . . : DEEDB2AA11B0FCFFB3EDEE7E786A5D6CFC12E5FFD8CE02DB1ADFC487F7E941A2
Product . . . . . : qksee
Publisher . . . . : Qksee Pvt Ltd.
Description . . . : qksee
Version . . . . . : 3.2.33.81
Copyright . . . . : Copyright (c) 2015 Qksee Pvt Ltd. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Application.GenericKD.3471733
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
> HitmanPro . . . . : App/Elex-AN
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\qkseeSvc.exe -> Deleted
Size . . . . . . . : 789 240 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 6F94AE71B92916205C627A90CD5AE592B16A45E09CE6D932F11E6F4B3D1572FA
Product . . . . . : qks
Publisher . . . . : Qksee Pvt Ltd.
Description . . . : qks svc
Version . . . . . : 3.2.34.0
Copyright . . . . : Copyright (c) 2015 Qksee Pvt Ltd. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.Razy.63720
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 95.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\ucp~312220\upd.exe -> Deleted
Size . . . . . . . : 9 570 100 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:53)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 10C39D23FC0A123AD5280EBFAB231B2D3BA841D1D931E48F2528214FDCBD58F6
> Bitdefender . . . : Gen:Variant.Application.Elex.Zusy.19
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.avb
Fuzzy . . . . . . : 111.0

C:\AdwCleaner\quarantine\files\krlqlnooqizktttbjnvhfgthparwsvpd\uninstall.exe -> Deleted
Size . . . . . . . : 1 424 120 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:41)
Entropy . . . . . : 6.3
SHA-256 . . . . . : F2EBA5FD9424ADF142B71ED5E76F142761C5731FC5F7001574F0C21C08FFB2B8
Product
Publisher
Description
Version . . . . . : 5.3.3.0
Copyright
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.GenericKD.3445150
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
> HitmanPro . . . . : App/Elex-AN
Fuzzy . . . . . . : 98.0

C:\AdwCleaner\quarantine\files\nikgevbuufolksawqlcfuxhoebosgpgu\WinSAP.dll -> Deleted
Size . . . . . . . : 218 624 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:50:03)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F161A4F7588A7F2B9AD741F4FD91DC00751C0F8420E4A3B0454719D5C4AD50FE
Product . . . . . : Windows
Publisher . . . . : Windows
Description . . . : Window
Version . . . . . : 1.0.0.1
LanguageID . . . . : 2052
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.kdcm
Fuzzy . . . . . . : 102.0

C:\AdwCleaner\quarantine\files\orqajczxbejlqmueqxirblfczkqqimni\Application\libexif.dll -> Deleted
Size . . . . . . . : 301 440 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:12)
Entropy . . . . . : 6.3
SHA-256 . . . . . : B42438D3E085DDA82FA320B3E88EE3DD7642CC3B8BE2976452EB3CE15D6218C3
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.Generic.17913827
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\plsezawsbobqkifcjscllzakuvqigcsp\Kyubey.exe -> Deleted
Size . . . . . . . : 113 152 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:50:05)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 346445B77CD6F83FFBE8BB1B5EFC33C8DCFE57BAE6ACFF51B97C42F011BF43B6
> Bitdefender . . . : Application.Downloader.AKM
> Kaspersky . . . . : not-a-virus:AdWare.Win32.SoftPulse.gghp
Fuzzy . . . . . . : 108.0

C:\AdwCleaner\quarantine\files\trvkjppcityfwuhmvtfjxytaaxptmeft\xtemp\mib.exe -> Deleted
Size . . . . . . . : 1 000 448 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:28:59)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 92F3878325F0C32BFD6E3FB5843BE1FC3EA0BA5C9BC6C0805AF62A0C90CB59AA
> Bitdefender . . . : Gen:Variant.Adware.SupTab.2
> HitmanPro . . . . : App/Generic-MO
Fuzzy . . . . . . : 116.0
Forensic Cluster
-39.6s C:\AdwCleaner\quarantine\registry\reg_lrpgaxpcshkowxdndgzshdhwhunwryac.reg
-39.2s C:\AdwCleaner\quarantine\registry\reg_epifdktcdarsnjkvcmhggujlejtojdnz.reg
-38.8s C:\AdwCleaner\quarantine\registry\reg_kgosixurlxjiwohhsvtwlmwaoedqsrsh.reg
-35.9s C:\AdwCleaner\quarantine\registry\reg_huyvgkczjkoriwkyburtdmemmvsdrmmf.reg
-35.1s C:\AdwCleaner\quarantine\registry\reg_jsilyeqlfubugbuqrycyevvadvmvanja.reg
-34.8s C:\AdwCleaner\quarantine\registry\reg_cnpplgegoymbqkkxisbyzuzcgcoliaxw.reg
-8.4s C:\Users\SAMIA\AppData\Local\Temp\DeleteOnReboot.bat
-8.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr
-8.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl
-8.0s C:\AdwCleaner\quarantine\registry\reg_xbdivarepkaeaghbfgzhtodopfooutcj.reg
-7.4s C:\AdwCleaner\quarantine\registry\reg_yigfexsuleeprpcvyvthscrhctvsdemr.reg
-6.9s C:\AdwCleaner\quarantine\registry\reg_njyjmjrgfkdaxamhvinmhnaizzwnbkrc.reg
-6.5s C:\AdwCleaner\quarantine\registry\reg_cocqvgqhvycijstnktjftuwfuowlrubt.reg
-5.9s C:\AdwCleaner\quarantine\registry\reg_druwojcobhlxdckaeaigxqxlmesbersd.reg
-4.4s C:\AdwCleaner\quarantine\registry\reg_quoayaacuqssfcridmvokrcjvppwency.reg
-3.8s C:\AdwCleaner\quarantine\registry\reg_qxpeyyntgukmktzhuyjkfvmytnalwdfk.reg
-3.1s C:\AdwCleaner\quarantine\files\tojyvunpcpivjndfupqzzbidqrfbcvrr\
-3.0s C:\AdwCleaner\quarantine\files\tojyvunpcpivjndfupqzzbidqrfbcvrr\WinSnare.dll
-2.3s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\
-2.3s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\LICENSE.txt
-2.3s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\openweb.bat
-2.3s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\SnareWindowsInstallSupport.dll
-2.2s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\stopweb.bat
-2.2s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\s_32.ico
-2.2s C:\AdwCleaner\quarantine\files\ktbmasltncfhiyhqgunjwvetzptayegs\WinSnare.dll
-1.3s C:\AdwCleaner\quarantine\files\giwszwfzfaamkxouzlkcbgbjtouwsqba\
-1.2s C:\AdwCleaner\quarantine\files\giwszwfzfaamkxouzlkcbgbjtouwsqba\{497C131E-2032-051B-B32A-C69A960FBB13}
-0.6s C:\AdwCleaner\quarantine\files\ugbifyizhxssbuqbsdtkekemcsotwhof\
-0.5s C:\AdwCleaner\quarantine\files\ugbifyizhxssbuqbsdtkekemcsotwhof\tmpx\
-0.5s C:\AdwCleaner\quarantine\files\ugbifyizhxssbuqbsdtkekemcsotwhof\tmpx\{2029B70D-A131-414B-942A-D6BF6A7FAC91}.html
-0.0s C:\AdwCleaner\quarantine\files\trvkjppcityfwuhmvtfjxytaaxptmeft\
0.0s C:\AdwCleaner\quarantine\files\trvkjppcityfwuhmvtfjxytaaxptmeft\xtempconf
0.0s C:\AdwCleaner\quarantine\files\trvkjppcityfwuhmvtfjxytaaxptmeft\xtemp\
0.0s C:\AdwCleaner\quarantine\files\trvkjppcityfwuhmvtfjxytaaxptmeft\xtemp\mib.exe
0.7s C:\AdwCleaner\quarantine\files\ufgkjyjvmtdmkjmjrckxqwkhliblwevj\xtemp\
0.7s C:\AdwCleaner\quarantine\files\ufgkjyjvmtdmkjmjrckxqwkhliblwevj\xtemp\conf
0.7s C:\AdwCleaner\quarantine\files\ufgkjyjvmtdmkjmjrckxqwkhliblwevj\
1.4s C:\AdwCleaner\quarantine\files\iywouzaffkfvqxwwbifbjapovfyylfuq\xtemp\
1.4s C:\AdwCleaner\quarantine\files\iywouzaffkfvqxwwbifbjapovfyylfuq\xtemp\conf
1.4s C:\AdwCleaner\quarantine\files\iywouzaffkfvqxwwbifbjapovfyylfuq\
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\bab098.claroico.zpb
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\bab138.deltatb_dmn.zpb
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\bab149.spreg.zpb
2.1s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\latest.zpb
2.2s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\Setup-deltatb.zpb
2.2s C:\AdwCleaner\quarantine\files\pwcggekbbifxzumericlkmcfdulftywu\Setup\Setup2.zpb
3.2s C:\AdwCleaner\quarantine\files\qleczytjooqvqzrqqunibnatqgjxmypj\
3.7s C:\AdwCleaner\quarantine\files\zrpahxfgxyvonbxkdpetswmzcsgyygxw\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv\1.1.1.1\
3.7s C:\AdwCleaner\quarantine\files\zrpahxfgxyvonbxkdpetswmzcsgyygxw\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv\1.1.1.1\user.config
3.7s C:\AdwCleaner\quarantine\files\zrpahxfgxyvonbxkdpetswmzcsgyygxw\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv\
3.7s C:\AdwCleaner\quarantine\files\zrpahxfgxyvonbxkdpetswmzcsgyygxw\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\1.1\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\1.1\background.html
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\1.1\content.js
4.3s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\1.1\lsdb.js
4.4s C:\AdwCleaner\quarantine\files\gddkvtyoethvuvstudswkqfgilfjtkxf\User Data\Default\Extensions\fmbdpmllpkfodckedbomjbbehcbjnlon\1.1\manifest.json

C:\AdwCleaner\quarantine\files\udsrgwhinwzssajfdllgqlltxoqcdmwa\Packet.dll -> Deleted
Size . . . . . . . : 141 312 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:37)
Entropy . . . . . : 5.9
SHA-256 . . . . . : F95EE4AF5C87EBED5E101175109B78893F05AB84226DBADBDFCB895278C1FDFE
> Bitdefender . . . : Adware.GenericKD.4377205
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.atg
Fuzzy . . . . . . : 108.0

C:\AdwCleaner\quarantine\files\wzubrbetdqesncjksxorbwsildzxjctj\Update\F5AC4786B255E7117FFED197E496CCAD\Update\chrome_elf.dll -> Deleted
Size . . . . . . . : 358 416 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:58)
Entropy . . . . . : 6.6
SHA-256 . . . . . : FD4D4FC2E6DBB3796F212E3FFD6925B1A46B70FB20999BD2F60462036C733697
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Application.Downloader.Sasquor.Gen.1
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\xhuquzcwyoykkwenmizuuvmeykgbmrxf\GubedZL.dll -> Deleted
Size . . . . . . . : 125 952 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:53:39)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F1666D5CBBB770E25EB6B4A1A13D3306F11FFF2E7019A3DF255F89E9B2B2D559
> Bitdefender . . . : Adware.Agent.SFL
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.xxddui
> HitmanPro . . . . : App/Generic-GG
Fuzzy . . . . . . : 108.0

C:\AdwCleaner\quarantine\files\zvhzblouzymzzfinamrdrtepwsckjnwd\saber.exe -> Deleted
Size . . . . . . . : 518 360 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:54:07)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 6AE27E3E9809EBC12CB79FC849ED03EA2A9B9E96C66CC3550C144CCB7905BFC8
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.RZU
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 101.0

C:\AdwCleaner\quarantine\files\zvthzvgmudurgxkhloazugtjvbzcvtku\Update\F5AC4786B255E7117FFED197E496CCAD\Update\chrome_elf.dll -> Deleted
Size . . . . . . . : 363 568 bytes
Age . . . . . . . : 0.9 days (2017-03-19 23:52:57)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 6D7EA188CF21268A94107E3B305B0683A1B0AB87E30DBF9984AF28127B38C1F5
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 101.0

C:\Program Files\Elex-tech\YAC\curlpp.dll -> PendingDelete
Size . . . . . . . : 582 144 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 40B2BF6E50080B681BCEA957B537001BE8D988C9431A3167C9840A050E54A8A9
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : libcurl wrapper
Version . . . . . : 0.7.3.0
LanguageID . . . . : 1033
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.Win32.Elex.gen
Fuzzy . . . . . . : 107.0

C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys -> PendingDelete
Size . . . . . . . : 227 776 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 5.5
SHA-256 . . . . . : 5F8A914B7CA5AA954BE43A893BBEF1B166D6FA22FD6D6C0355AC7911CDBFBFD9
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafe Kernel Driver
Version . . . . . : 6.10.449.30619
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeKrnl
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.afy
Fuzzy . . . . . . : 89.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnl\

C:\Program Files\Elex-tech\YAC\iSafeKrnlBoot.sys -> PendingDelete
Size . . . . . . . : 50 280 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 5CA7F0433D9F85DEC6699A7E2B163B99AFC78569DE23114BFCF41E08B47D3968
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafe Kernel Boot Driver
Version . . . . . : 6.10.449.30619
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.yj
Fuzzy . . . . . . : 92.0

C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys -> PendingDelete
Size . . . . . . . : 97 912 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 6.3
SHA-256 . . . . . : C154B524F7ED7893A2F99A6C9459CBD2F1A83BCBC99F0171F8043908B861449A
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafe Kernel Kit Driver
Version . . . . . : 6.10.449.30619
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeKrnlKit
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:NetTool.Win32.NetFilter.p
Fuzzy . . . . . . : 89.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlKit\

C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys -> PendingDelete
Size . . . . . . . : 45 032 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 57A300DE25CD77A915D1E0A5499A6F14AD4CE5BFC5E97ABE8FC0D1AD568175B8
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : YAC Monitor Driver
Version . . . . . : 6.10.449.30619
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeKrnlMon
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Application.iSafeKrnlMon.A
> Kaspersky . . . . : not-a-virus:NetTool.Win32.NetFilter.o
Fuzzy . . . . . . : 89.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlMon\

C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys -> PendingDelete
Size . . . . . . . : 73 232 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 6.4
SHA-256 . . . . . : CDA114B8EA726E2440F554D49EBFD1482006DAF1611ACD1742FA9AB310290908
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafe Kernel Ring3 Driver
Version . . . . . : 6.10.449.30619
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeKrnlR3
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 89.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlR3\

C:\Program Files\Elex-tech\YAC\iSafeNetFilter.sys -> PendingDelete
Size . . . . . . . : 59 152 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:44)
Entropy . . . . . : 6.8
SHA-256 . . . . . : A26BC278DFD2A0AB88B1C6BA5BD71C549ECD2BD946692E476CEE42E8BCEE9F49
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafeNetFilter SDK WFP Driver (WPP)
Version . . . . . : 1.4.7.3
Copyright . . . . : Copyright (c) 2011-2013 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4318237
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 92.0

C:\Program Files\Elex-tech\YAC\iSafeSvc.exe -> PendingDelete
Size . . . . . . . : 131 024 bytes
Age . . . . . . . : 281.3 days (2016-06-12 15:14:35)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 564A56CAF1D1CCCF8C4604DFB9014C8349E343033FD9B49336A9110434D7FB98
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafeSvc
Version . . . . . : 6,11,109,30775
Copyright . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeService
Parent Name . . . : C:\Windows\system32\services.exe
LanguageID . . . . : 1033
Authenticode . . . : Valid
Running processes : 936
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 91.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeService\

C:\Users\SAMIA\AppData\Local\Temp\hp2147.tmp\WinSAP.dll -> Deleted
Size . . . . . . . : 184 832 bytes
Age . . . . . . . : 3.1 days (2017-03-17 19:28:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 50B4BFDBED0C5628C72F56DC0C294129D29650825AE7A6F084E6C63F7CD0FCCD
Product . . . . . : Windows
Publisher . . . . : Windows
Description . . . : Window
Version . . . . . : 1.0.0.1
LanguageID . . . . : 2052
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.bce
Fuzzy . . . . . . : 102.0
Forensic Cluster
-2.8s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b1fca5ee-a7ed-4ce5-87f2-6d4751a16995}\
-2.8s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b1fca5ee-a7ed-4ce5-87f2-6d4751a16995}\snapshot.etl
-0.3s C:\Users\SAMIA\AppData\Local\Temp\hp2147.tmp\
-0.2s C:\Users\SAMIA\AppData\Local\Temp\hp2147.tmp\bikaQ.msi
-0.2s C:\Users\SAMIA\AppData\Local\Temp\hp2147.tmp\WinSnare.msi
0.0s C:\Users\SAMIA\AppData\Local\Temp\hp2147.tmp\WinSAP.dll
0.0s C:\Users\SAMIA\AppData\Local\Temp\thp2261.tmp
0.1s C:\Users\SAMIA\AppData\Local\Temp\csw229C.tmp
3.2s C:\Users\SAMIA\AppData\Local\Temp\thp2ED0.tmp
7.0s C:\Users\SAMIA\AppData\Local\Temp\thp3D81.tmp
26.1s C:\Windows\Temp\winsap_update\
26.3s C:\Users\SAMIA\AppData\Local\Temp\csw891D.tmp
29.0s C:\Users\SAMIA\AppData\Local\Temp\thp93AD.tmp
32.8s C:\Users\SAMIA\AppData\Local\Temp\thpA24E.tmp
33.9s C:\Windows\Temp\~saA68B.tmp
34.2s C:\Users\SAMIA\AppData\Local\Temp\cswA7C5.tmp
35.4s C:\Program Files\MIO\loader\st320lt020-9yg142_w04391e8.dat
35.8s C:\Program Files\n1\{baimingdanedrfsdss}\

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF1BCOHV\Updater_zip_0317_new[1].exe -> Deleted
Size . . . . . . . : 11 793 920 bytes
Age . . . . . . . : 3.1 days (2017-03-17 19:27:10)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 4704DA8190C482BD8D2B407C4498524942B47CF60FBE45164873C1022E41A0C2
> Kaspersky . . . . : not-a-virus:AdWare.Win32.SoftPulse.gghq
Fuzzy . . . . . . : 113.0

C:\Windows\system32\DRIVERS\iSafeNetFilter.sys -> PendingDelete
Size . . . . . . . : 59 152 bytes
Age . . . . . . . : 0.9 days (2017-03-20 00:21:45)
Entropy . . . . . : 6.8
SHA-256 . . . . . : A26BC278DFD2A0AB88B1C6BA5BD71C549ECD2BD946692E476CEE42E8BCEE9F49
Product . . . . . : YAC Security Protection
Publisher . . . . : Elex do Brasil Participações Ltda
Description . . . : iSafeNetFilter SDK WFP Driver (WPP)
Version . . . . . : 1.4.7.3
Copyright . . . . : Copyright (c) 2011-2013 Elex do Brasil Participações Ltda
RSA Key Size . . . : 2048
Service . . . . . : iSafeNetFilter
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4318237
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
Fuzzy . . . . . . : 101.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iSafeNetFilter\

C:\Windows\Temp\nsi4069.tmp\update.dll-201702151902.dll.exe -> Deleted
Size . . . . . . . : 6 014 834 bytes
Age . . . . . . . : 33.1 days (2017-02-15 20:20:16)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 33348163BADFAE71BF5904907C73284D1BE08D5F32B5B293EDFF44287DC2777E
> Bitdefender . . . : Gen:Variant.Application.Elex.Zusy.41
Fuzzy . . . . . . : 109.0

C:\Windows\Temp\nsi40D6.tmp\Lancer.dll -> Deleted
Size . . . . . . . : 161 792 bytes
Age . . . . . . . : 28.2 days (2017-02-20 17:29:58)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 630ADFD42B4A14E8E3DC5D3FAE6F9626379E35D0535702AED7B966BE4AF12B1C
> Bitdefender . . . : Trojan.GenericKD.4446949
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 106.0
Forensic Cluster
-5.6s C:\Windows\Temp\nsi40D6.tmp\update.dll-201702202020.dll.exe
-1.5s C:\Windows\Temp\nsi40D6.tmp\helper
-1.5s C:\Windows\Temp\nsi40D6.tmp\License
-1.4s C:\Windows\Temp\nsi40D6.tmp\WinSnare.msi
-1.3s C:\Windows\Temp\nsi40D6.tmp\lanceruse.dat
-0.1s C:\Windows\Temp\nsi40D6.tmp\Downloader_ie8.exe
0.0s C:\Windows\Temp\nsi40D6.tmp\Lancer.dll
0.0s C:\Windows\Temp\nsi40D6.tmp\RegKey.dll
0.0s C:\Windows\Temp\nsi40D6.tmp\Update.dll

C:\Windows\Temp\nsi40D6.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 28.2 days (2017-02-20 17:29:58)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0
Forensic Cluster
-5.6s C:\Windows\Temp\nsi40D6.tmp\update.dll-201702202020.dll.exe
-1.5s C:\Windows\Temp\nsi40D6.tmp\helper
-1.5s C:\Windows\Temp\nsi40D6.tmp\License
-1.4s C:\Windows\Temp\nsi40D6.tmp\WinSnare.msi
-1.3s C:\Windows\Temp\nsi40D6.tmp\lanceruse.dat
-0.1s C:\Windows\Temp\nsi40D6.tmp\Downloader_ie8.exe
-0.0s C:\Windows\Temp\nsi40D6.tmp\Lancer.dll
0.0s C:\Windows\Temp\nsi40D6.tmp\RegKey.dll
0.0s C:\Windows\Temp\nsi40D6.tmp\Update.dll

C:\Windows\Temp\nsi40D6.tmp\update.dll-201702202020.dll.exe -> Deleted
Size . . . . . . . : 6 852 833 bytes
Age . . . . . . . : 28.2 days (2017-02-20 17:29:53)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 1BCAAC038E34AF85F40EDF45F7AF612DCADBE8A6EB41874E7F7406FCFA761525
> Bitdefender . . . : Gen:Variant.Application.Elex.88
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 109.0
Forensic Cluster
0.0s C:\Windows\Temp\nsi40D6.tmp\update.dll-201702202020.dll.exe
4.1s C:\Windows\Temp\nsi40D6.tmp\helper
4.1s C:\Windows\Temp\nsi40D6.tmp\License
4.2s C:\Windows\Temp\nsi40D6.tmp\WinSnare.msi
4.2s C:\Windows\Temp\nsi40D6.tmp\lanceruse.dat
5.4s C:\Windows\Temp\nsi40D6.tmp\Downloader_ie8.exe
5.6s C:\Windows\Temp\nsi40D6.tmp\Lancer.dll
5.6s C:\Windows\Temp\nsi40D6.tmp\RegKey.dll
5.6s C:\Windows\Temp\nsi40D6.tmp\Update.dll

C:\Windows\Temp\nsi6067.tmp\Kyubey.exe -> Deleted
Size . . . . . . . : 113 152 bytes
Age . . . . . . . : 4.1 days (2017-03-16 19:12:59)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 89135E1B7A8D557E808C21689ED5158DC178338CDB38572712719B5E530E4A9A
> Bitdefender . . . : Application.Elex.DO
> Kaspersky . . . . : Trojan-Downloader.Win32.Eroyee.k
Fuzzy . . . . . . : 108.0
Forensic Cluster
-0.6s C:\Windows\Temp\nsi6067.tmp\WinSnare.msi
0.0s C:\Windows\Temp\nsi6067.tmp\Kyubey.exe
0.5s C:\Windows\Temp\nsi6067.tmp\QQBrowser.exe
0.5s C:\Windows\Temp\nsi6067.tmp\yacqq.exe
0.5s C:\Windows\Temp\nsi6067.tmp\QQBrowserFrame.dll
0.5s C:\Windows\Temp\nsi6067.tmp\RegKey.dll

C:\Windows\Temp\nsi6067.tmp\update.dll-201703161643.dll.exe -> Deleted
Size . . . . . . . : 7 263 795 bytes
Age . . . . . . . : 4.1 days (2017-03-16 19:12:23)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D1F0D36A6F870FD85C21309B37DF3BAD385347BA088500D99378A95E3B451C7F
Product . . . . . : update
Publisher . . . . : update
Description . . . : update
Version . . . . . : 1.0.0.1
LanguageID . . . . : 2052
> Bitdefender . . . : Gen:Variant.Graftor.344904
> Kaspersky . . . . : Trojan.Win32.Agentb.ijbc
Fuzzy . . . . . . : 105.0

C:\Windows\Temp\nsi6067.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 150 744 bytes
Age . . . . . . . : 4.1 days (2017-03-16 19:12:59)
Entropy . . . . . : 6.4
SHA-256 . . . . . : DBEAFEAB7EF34A17E9F12714FFDB29F7A78FCD74BC7171B8EE2082D10716B6A2
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Application.Bundler.Elex.1
> Kaspersky . . . . : not-a-virus:AdWare.Win32.QkSee.bs
Fuzzy . . . . . . : 101.0
Forensic Cluster
-1.1s C:\Windows\Temp\nsi6067.tmp\WinSnare.msi
-0.5s C:\Windows\Temp\nsi6067.tmp\Kyubey.exe
-0.0s C:\Windows\Temp\nsi6067.tmp\QQBrowser.exe
0.0s C:\Windows\Temp\nsi6067.tmp\yacqq.exe
0.0s C:\Windows\Temp\nsi6067.tmp\QQBrowserFrame.dll
0.0s C:\Windows\Temp\nsi6067.tmp\RegKey.dll

C:\Windows\Temp\nsi8848.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 24.1 days (2017-02-24 20:44:26)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0
Forensic Cluster
-2.5s C:\Windows\Temp\nsi8848.tmp\update.dll-201702242007.dll.exe
-0.5s C:\Windows\Temp\nsi8848.tmp\helper
-0.5s C:\Windows\Temp\nsi8848.tmp\License
-0.4s C:\Windows\Temp\nsi8848.tmp\WinSnare.msi
-0.1s C:\Windows\Temp\nsi8848.tmp\BaofengUpdate_U.exe
-0.1s C:\Windows\Temp\nsi8848.tmp\Downloader_ie8.exe
0.0s C:\Windows\Temp\nsi8848.tmp\RegKey.dll
0.0s C:\Windows\Temp\nsi8848.tmp\Update.dll

C:\Windows\Temp\nsi8848.tmp\update.dll-201702242007.dll.exe -> Deleted
Size . . . . . . . : 6 772 128 bytes
Age . . . . . . . : 24.1 days (2017-02-24 20:44:24)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 6F4A0F6D853C71B21BDBA2FAAAEA8DACB59F9FBD2C3B7F6B3AA786D2C8B4674E
> Bitdefender . . . : Gen:Variant.Application.Elex.88
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 109.0
Forensic Cluster
0.0s C:\Windows\Temp\nsi8848.tmp\update.dll-201702242007.dll.exe
2.0s C:\Windows\Temp\nsi8848.tmp\helper
2.0s C:\Windows\Temp\nsi8848.tmp\License
2.0s C:\Windows\Temp\nsi8848.tmp\WinSnare.msi
2.4s C:\Windows\Temp\nsi8848.tmp\BaofengUpdate_U.exe
2.4s C:\Windows\Temp\nsi8848.tmp\Downloader_ie8.exe
2.5s C:\Windows\Temp\nsi8848.tmp\RegKey.dll
2.5s C:\Windows\Temp\nsi8848.tmp\Update.dll

C:\Windows\Temp\nsi906C.tmp\Install.dll -> Deleted
Size . . . . . . . : 224 768 bytes
Age . . . . . . . : 45.5 days (2017-02-03 11:11:46)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 1F295C39AEBEF87E454D543927C9D7427689735EA75437957373AFEEE9513DD9
> Bitdefender . . . : Gen:Variant.Adware.Graftor.318523
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
> HitmanPro . . . . : App/Generic-MH
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\nsi906C.tmp\Packet.dll -> Deleted
Size . . . . . . . : 141 312 bytes
Age . . . . . . . : 45.5 days (2017-02-03 11:11:46)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 1F0D0791B1CBAFC1F15160750DFA64A7B2C50126A2E65957E8B1EB45AC2C02A1
> Bitdefender . . . : Adware.GenericKD.4355643
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.arx
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\nsi906C.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 45.5 days (2017-02-03 11:11:46)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\nsi9BC1.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 26.2 days (2017-02-22 18:31:17)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0
Forensic Cluster
-17.2s C:\Windows\Temp\nsi9BC1.tmp\
-17.2s C:\Windows\Temp\nsi9BC2.tmp\
-2.1s C:\Windows\Temp\nsi9BC1.tmp\update.dll-201702221534.dll.exe
-0.8s C:\Windows\Temp\nsi9BC1.tmp\helper
-0.8s C:\Windows\Temp\nsi9BC1.tmp\License
-0.8s C:\Windows\Temp\nsi9BC1.tmp\WinSnare.msi
-0.0s C:\Windows\Temp\nsi9BC1.tmp\Downloader_ie8.exe
0.0s C:\Windows\Temp\nsi9BC1.tmp\RegKey.dll
0.0s C:\Windows\Temp\nsi9BC1.tmp\Update.dll

C:\Windows\Temp\nsi9BC1.tmp\update.dll-201702221534.dll.exe -> Deleted
Size . . . . . . . : 2 921 111 bytes
Age . . . . . . . : 26.2 days (2017-02-22 18:31:15)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 3FC546687FC33F9466DC752DE80BB085990B9E52CAB34CCA73202AC72BDC85D9
> Bitdefender . . . : Gen:Variant.Application.Elex.88
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 114.0
Forensic Cluster
-15.0s C:\Windows\Temp\nsi9BC1.tmp\
-15.0s C:\Windows\Temp\nsi9BC2.tmp\
0.0s C:\Windows\Temp\nsi9BC1.tmp\update.dll-201702221534.dll.exe
1.4s C:\Windows\Temp\nsi9BC1.tmp\helper
1.4s C:\Windows\Temp\nsi9BC1.tmp\License
1.4s C:\Windows\Temp\nsi9BC1.tmp\WinSnare.msi
2.1s C:\Windows\Temp\nsi9BC1.tmp\Downloader_ie8.exe
2.1s C:\Windows\Temp\nsi9BC1.tmp\RegKey.dll
2.1s C:\Windows\Temp\nsi9BC1.tmp\Update.dll

C:\Windows\Temp\nsi9C8C.tmp\GubedZL.dll -> Deleted
Size . . . . . . . : 133 632 bytes
Age . . . . . . . : 74.3 days (2017-01-05 14:02:37)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D4CDBC3E09CAC6584A03DA355064623D340DB71A1EF17C5BB93322CFBDA6B7B5
> Bitdefender . . . : Adware.GenericKD.4140855
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.amr
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\nsi9C8C.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 74.3 days (2017-01-05 14:02:37)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\nsiDCB7.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 82.3 days (2016-12-28 14:25:37)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\oua60C8.tmp\secondu71\de_svr.exe -> Deleted
Size . . . . . . . : 733 696 bytes
Age . . . . . . . : 76.1 days (2017-01-03 19:32:15)
Entropy . . . . . : 6.3
SHA-256 . . . . . : A3B49EF58FCAE656B4FD07C0E458E27BB95DED44968C22F474156C8E3C61E6E0
Version . . . . . : 0.1.0.22
> Bitdefender . . . : Gen:Variant.Razy.117779
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.alv
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\oua60C8.tmp\secondu71\GubedZL.dll -> Deleted
Size . . . . . . . : 120 320 bytes
Age . . . . . . . : 76.1 days (2017-01-03 19:32:15)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1848EB7E603162E240C95E3E6A6FE95570B525C926C9AD50801D57DCA89284BD
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.alu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\oua60C8.tmp\secondu71\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 76.1 days (2017-01-03 19:32:15)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\ouaE967.tmp\secondu71\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 70.0 days (2017-01-09 22:48:13)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\ouaFAF3.tmp\secondu71\de_svr.exe -> Deleted
Size . . . . . . . : 966 656 bytes
Age . . . . . . . : 80.5 days (2016-12-30 11:20:06)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 1EF37E12A5B21E1E8EB7776B090CDD020A41D41FCA21708D12B84B74E5E304AB
Version . . . . . : 0.1.0.21
> Bitdefender . . . : Gen:Variant.Razy.119099
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.akw
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\ouaFAF3.tmp\secondu71\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 80.5 days (2016-12-30 11:20:06)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\ouaFB61.tmp\secondu71\Install.dll -> Deleted
Size . . . . . . . : 130 560 bytes
Age . . . . . . . : 70.0 days (2017-01-09 21:31:48)
Entropy . . . . . : 5.9
SHA-256 . . . . . : E93856AF2057724B380A7C9388FCC1C2B01A97AA47CBA6072382A339F6C29DAD
> Bitdefender . . . : Gen:Variant.Graftor.321366
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.xxddip
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\ouaFB61.tmp\secondu71\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 70.0 days (2017-01-09 21:31:48)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea144D.tmp\de_svr.exe -> Deleted
Size . . . . . . . : 966 656 bytes
Age . . . . . . . : 80.0 days (2016-12-30 22:27:18)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 1EF37E12A5B21E1E8EB7776B090CDD020A41D41FCA21708D12B84B74E5E304AB
Version . . . . . : 0.1.0.21
> Bitdefender . . . : Gen:Variant.Razy.119099
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.akw
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\wea144D.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 80.0 days (2016-12-30 22:27:18)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea1843.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 233 688 bytes
Age . . . . . . . : 96.4 days (2016-12-14 12:21:32)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D7B96B3F43BE5C86FDA4FBD4BE6C2F89749381EBBDE267D3B5D452215B083120
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Strictor.118698
> Kaspersky . . . . : not-a-virus:Downloader.Win32.AdLoad.xwyi
Fuzzy . . . . . . : 99.0

C:\Windows\Temp\wea314F.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 217 088 bytes
Age . . . . . . . : 100.5 days (2016-12-10 10:17:41)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 60CCF3BE408ABA0ABA5EB7C99F4351040F21A3AD0A62AE43CB47CAB778392685
> Bitdefender . . . : Trojan.GenericKD.3851057
> Kaspersky . . . . : not-a-virus:Downloader.Win32.AdLoad.xvcq
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea3D10.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 35.1 days (2017-02-13 19:59:49)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea3D10.tmp\wintooll.exe -> Deleted
Size . . . . . . . : 105 168 bytes
Age . . . . . . . : 35.1 days (2017-02-13 19:59:49)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 35052137438AA96DF5256F213E163B90D2B431D476ADABF79BA130E8F1A00773
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4399636
> HitmanPro . . . . : App/Generic-IL
Fuzzy . . . . . . : 99.0

C:\Windows\Temp\wea3D10.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 152 792 bytes
Age . . . . . . . : 35.1 days (2017-02-13 19:59:49)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 8C3AEAF7BF0A460AED4C82D5089D407356D2C127D1C247D3F40FD24CDFD6968B
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.Graftor.336053
> Kaspersky . . . . : not-a-virus:AdWare.Win32.QkSee.ap
Fuzzy . . . . . . : 99.0

C:\Windows\Temp\wea9954.tmp\Install.dll -> Deleted
Size . . . . . . . : 142 336 bytes
Age . . . . . . . : 40.1 days (2017-02-08 19:18:35)
Entropy . . . . . : 5.7
SHA-256 . . . . . : A84E847D626D7BE6AC0788859890D659D3DC134C6ECD76882BD85ACCAB389744
> Bitdefender . . . : Trojan.GenericKD.4354283
> Kaspersky . . . . : Trojan.Win32.Starter.ankx
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea9954.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 40.1 days (2017-02-08 19:18:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea9954.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 154 840 bytes
Age . . . . . . . : 40.1 days (2017-02-08 19:18:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 499F172944BF4F049CE9F089BA10D3FC8C8AE8957997D4FF7A0D706875B2AD6A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4337881
> Kaspersky . . . . : not-a-virus:AdWare.Win32.QkSee.am
> HitmanPro . . . . : App/Generic-AM
Fuzzy . . . . . . : 99.0

C:\Windows\Temp\wea9C12.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 44.1 days (2017-02-04 18:50:27)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\wea9C12.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 272 088 bytes
Age . . . . . . . : 44.1 days (2017-02-04 18:50:27)
Entropy . . . . . : 6.5
SHA-256 . . . . . : E69A998B37BD9A284FF27FB190EC832D9ED357B29B18F266BA7B5510919D0437
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4314884
> Kaspersky . . . . : not-a-virus:AdWare.Win32.QkSee.ak
> HitmanPro . . . . : App/Generic-FP
Fuzzy . . . . . . : 99.0

C:\Windows\Temp\weaB2B5.tmp\de_svr.exe -> Deleted
Size . . . . . . . : 966 656 bytes
Age . . . . . . . : 80.0 days (2016-12-30 22:08:40)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 1EF37E12A5B21E1E8EB7776B090CDD020A41D41FCA21708D12B84B74E5E304AB
Version . . . . . : 0.1.0.21
> Bitdefender . . . : Gen:Variant.Razy.119099
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.akw
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\weaB2B5.tmp\iThemes.dll -> Deleted
Size . . . . . . . : 820 224 bytes
Age . . . . . . . : 80.0 days (2016-12-30 22:08:40)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2C83739A5BDF4E0833AA70482A018B7877348A1E381F5B139A06B882F76DA383
Version . . . . . : 0.1.0.21
> Bitdefender . . . : Trojan.GenericKD.4098523
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.akw
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\weaB2B5.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 80.0 days (2016-12-30 22:08:40)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaBBF1.tmp\Install.dll -> Deleted
Size . . . . . . . : 132 608 bytes
Age . . . . . . . : 70.1 days (2017-01-09 20:02:36)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 987B66E0625388575C66141B872EF4560ABA847D70EB151D6B5EDB483EA50A03
> Bitdefender . . . : Adware.GenericKD.4188105
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.kczk
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaBBF1.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 70.1 days (2017-01-09 20:02:36)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaD931.tmp\de_svr.exe -> Deleted
Size . . . . . . . : 706 560 bytes
Age . . . . . . . : 75.5 days (2017-01-04 10:59:27)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 290A9E972603DB5AC637DF8105205450705AFA08231C9D7AC43BA740884A6C65
Version . . . . . : 0.1.0.23
> Bitdefender . . . : Trojan.GenericKD.4123914
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.aml
Fuzzy . . . . . . : 103.0

C:\Windows\Temp\weaD931.tmp\GubedZL.dll -> Deleted
Size . . . . . . . : 129 024 bytes
Age . . . . . . . : 75.5 days (2017-01-04 10:59:27)
Entropy . . . . . : 6.4
SHA-256 . . . . . : ED0D72F24CD6BB6BBECB82EA715F584C8B5E7348EA6E400BC37F9493BA4402AE
> Bitdefender . . . : Trojan.GenericKD.4132825
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.kczf
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaD931.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 75.5 days (2017-01-04 10:59:27)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaE504.tmp\GubedZL.dll -> Deleted
Size . . . . . . . : 125 952 bytes
Age . . . . . . . : 61.2 days (2017-01-18 17:40:13)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F1666D5CBBB770E25EB6B4A1A13D3306F11FFF2E7019A3DF255F89E9B2B2D559
> Bitdefender . . . : Adware.Agent.SFL
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.xxddui
> HitmanPro . . . . : App/Generic-GG
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaE504.tmp\QQBrowserFrame.dll -> Deleted
Size . . . . . . . : 116 224 bytes
Age . . . . . . . : 61.2 days (2017-01-18 17:40:13)
Entropy . . . . . : 6.4
SHA-256 . . . . . : B9BB5506B1EEB9A8687509D8242D1BE0BA3AD622AB42B4C0C87ACA903E6BA5D8
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.apa
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaE504.tmp\RegKey.dll -> Deleted
Size . . . . . . . : 96 256 bytes
Age . . . . . . . : 61.2 days (2017-01-18 17:40:13)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 1E62A41983D37F983100A9E9E2A5D4A89BD319F186F1A4D5D3EE35DEA4DE3F3C
> Kaspersky . . . . : Trojan.Win32.Regger.cu
Fuzzy . . . . . . : 106.0

C:\Windows\Temp\weaE504.tmp\yacqq.exe -> Deleted
Size . . . . . . . : 271 024 bytes
Age . . . . . . . : 61.2 days (2017-01-18 17:40:13)
Entropy . . . . . : 6.5
SHA-256 . . . . . : B1E385E0322D76F611B2BEE3669A055C29948B24F11B2A31ECAF227910DF51B7
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4201756
> Kaspersky . . . . : not-a-virus:AdWare.Win32.QkSee.h
Fuzzy . . . . . . : 99.0

Suspicious files ____________________________________________________________

C:\Users\SAMIA\Desktop\DIVERS\Divers\samir\LOGICIELS1\bbflash\bbflbk2.exe
Size . . . . . . . : 8 559 728 bytes
Age . . . . . . . : 927.4 days (2014-09-05 12:14:18)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 915554A2968108338D6978BE88A5B2FB9CF6C5009C0BB3381C2CD6C8AF6BE776
Needs elevation . : Yes
Publisher . . . . : Blueberry Software Ltd.
Description . . . : BB FlashBack Pro Installation
Version . . . . . : 2.6.5.1316
Copyright . . . . : All rights reserved
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Malware remnants ____________________________________________________________

HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-635114891-1663833559-3594687183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ (Hijacker) -> PendingDelete

Potential Unwanted Programs _________________________________________________

C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage (iLivid) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.PopSwatterBarButton.1\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.PopSwatterBarButton\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.PopSwatterSettingsControl.1\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.PopSwatterSettingsControl\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.SettingsPlugin.1\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\AskTBar.SettingsPlugin\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{72FE8681-0BFA-471b-9B2A-B37ED68DD09E}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{83453071-3F9C-4ab0-BE30-EDA368D7976D}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{BD04DAE2-8C1B-4cc5-9E06-22DE05C2EDA0}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{83453070-3F9C-4AB0-BE30-EDA368D7976D}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{83453072-3F9C-4AB0-BE30-EDA368D7976D}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{FE063DBC-4EC0-403E-8DD8-394C54984B2C}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ (CertifiedToolbar) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{FE063DB0-4EC0-403E-8DD8-394C54984B2C}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.Band.1\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.Band\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.NotificationSource.1\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.NotificationSource\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Classes\wtb.ToolbarInfo\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda\ (Complitly) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}\ (Certified Toolbar) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6) -> PendingDelete
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ (CertifiedToolbar) -> PendingDelete
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83453071-3F9C-4ab0-BE30-EDA368D7976D}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe\ (NationZoom) -> PendingDelete
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet001\services\iSafeKrnl\ (NationZoom)
HKLM\SYSTEM\ControlSet001\services\iSafeNetFilter\ (NationZoom)
HKLM\SYSTEM\ControlSet001\services\iSafeService\ (NationZoom)
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet002\services\iSafeKrnl\ (NationZoom)
HKLM\SYSTEM\ControlSet002\services\iSafeNetFilter\ (NationZoom)
HKLM\SYSTEM\ControlSet002\services\iSafeService\ (NationZoom)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnl\ (NationZoom)
HKLM\SYSTEM\CurrentControlSet\services\iSafeNetFilter\ (NationZoom)
HKLM\SYSTEM\CurrentControlSet\services\iSafeService\ (NationZoom)
HKU\S-1-5-21-635114891-1663833559-3594687183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Delta Search) -> PendingDelete
HKU\S-1-5-21-635114891-1663833559-3594687183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6) -> PendingDelete

Cookies _____________________________________________________________________

C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.diamonds
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.elbilad.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:domdex.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibeu2.mookie1.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:servesharp.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:sync.go.sonobi.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:z1.zedo.com
C:\Users\SAMIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@254a[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@254a[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@abmr[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@abmr[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@acuityplatform[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@acxiom-online[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ad.daum[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ad.mlnadvertising[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adadvisor[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adaptv.advertising[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@addthis[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adfarm1.adition[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adform[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adform[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adform[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adform[5].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adgrx[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adgrx[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adhigh[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adhigh[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[5].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adnxs[7].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.creative-serving[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[5].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[6].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[8].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.pandora[9].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.stickyadstv[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.yahoo[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ads.yahoo[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adsby.bidtheatre[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adscale[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adscale[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adscience[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adscience[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adserver-r8[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adserver[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adsrvr[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adsrvr[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adsrvr[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@adsymptotic[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@advertising[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@advertising[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@agkn[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@agkn[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@api.taboola[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@api.taboola[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@atdmt[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@atdmt[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@audienceiq[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@basebanner[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@basebanner[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@bidr[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@bidswitch[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@bidswitch[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@bluekai[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@bluekai[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@burstnet[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@burstnet[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@c.appier[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@c.appier[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@c1.adform[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@c1.adform[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@c1.adform[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@casalemedia[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@casalemedia[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@cdn.turn[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@chango[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@chango[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@chango[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@collective-media[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@connexity[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@connexity[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@contextweb[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@contextweb[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@crwdcntrl[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ctnsnet[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ctnsnet[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@demdex[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@demdex[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@domdex[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[5].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[7].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@doubleclick[8].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@dpclk[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@dpm.demdex[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@dpm.demdex[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@effectivemeasure[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@everesttech[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@everesttech[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@everesttech[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@eyereturn[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@eyereturn[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@eyeviewads[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@go.sonobi[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@gtp12.acecounter[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@gwallet[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@gwallet[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@gwallet[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ib.mookie1[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ibeu2.mookie1[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ibeu2.mookie1[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ih.adscale[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ih.adscale[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@krxd[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@legolas-media[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@liverail[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@m6r[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@m6r[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@match.rundsp[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mathtag[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mathtag[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mathtag[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@media6degrees[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@metrigo[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@metrigo[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@metrigo[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mookie1[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mookie1[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@mxptint[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@nexac[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@nexac[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@openx[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@openx[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ots.optimize.webtrends[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@owneriq[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pixel.rubiconproject[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pixel.rubiconproject[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pornhub[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pswec[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pubmatic[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@pubmatic[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@revsci[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rfihub[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rfihub[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rfihub[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rhythmxchange[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rlcdn[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rlcdn[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rs.gwallet[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rs.gwallet[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rtbidder[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rtbidder[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ru4[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ru4[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@ru4[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rubiconproject[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@rubiconproject[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@scorecardresearch[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@simpli[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@simpli[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@simpli[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@sitescout[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@sitescout[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@sitescout[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@skimresources[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@skimresources[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@taboola[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@taboola[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tap.rubiconproject[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tap.rubiconproject[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tapad[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tapad[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tidaltv[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tidaltv[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@trc.taboola[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@trc.taboola[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tremorhub[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tribalfusion[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tribalfusion[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tubemogul[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@tubemogul[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@turn[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@turn[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@turn[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@virool[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@w55c[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@w55c[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@w55c[4].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@wtp101[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@wtp101[3].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@www.burstnet[1].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@x.bidswitch[2].txt
C:\Users\SAMIA\AppData\Roaming\Microsoft\Windows\Cookies\samia@zedo[1].txt
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:adform.net
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:adnxs.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:ads.avocet.io
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:adsrvr.org
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:bluekai.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:casalemedia.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:contextweb.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:crwdcntrl.net
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:doubleclick.net
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:mathtag.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:outbrain.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:rubiconproject.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:server.cpmstar.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:taboola.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:tidaltv.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:trc.taboola.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:turn.com
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:w55c.net
C:\Users\SAMIA\AppData\Roaming\Mozilla\Firefox\Profiles\8nlychy6.default-1467880386418\cookies.sqlite:www.googleadservices.com

[/code]

Signaler le contenu de ce document