HitmanPro-20170325-2017.log

Document joint : GCzu3zdZPkl_HitmanPro-20170325-2017.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.15.281
www.hitmanpro.com

Computer name . . . . : YONDAIME-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Yondaime-PC\Yondaime
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2017-03-25 20:08:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 34s
Disk access mode . . : Direct disk access (SPTI)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 13
Traces . . . . . . . : 87

Objects scanned . . . : 1,328,334
Files scanned . . . . : 36,798
Remnants scanned . . : 213,373 files / 1,078,163 keys

Malware _____________________________________________________________________

C:\Program Files (x86)\Gerrupy\CrashReport.dll
Size . . . . . . . : 121,344 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:58:52)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C6BE0D75F5EAEFA5143AF786F4AF6A1A589830312EB96E2D09E827AC1CA3A49E
> Kaspersky . . . . : Trojan.Win32.Stava.cgy
Fuzzy . . . . . . : 108.0

C:\Program Files (x86)\Gerrupy\libvlc.dll
Size . . . . . . . : 90,112 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:58:52)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 025D9C205155E95BD5E5B4FD4FB714A5E37F8734BF1EAB170BB34A91AB0A47D2
> Bitdefender . . . : Gen:Variant.Graftor.317313
Fuzzy . . . . . . : 108.0

C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
Size . . . . . . . : 306,688 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:29)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 53B368D569D1A3EBA1D019F37F833E7CBF0A14E5FAAC6AD3EC3F1E100FDF07B2
> Kaspersky . . . . : Trojan.Win64.Eroyee.rl
Fuzzy . . . . . . : 114.0
Forensic Cluster
-20.1s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
-13.7s C:\ProgramData\TeamViewer_Tracer.exe
-10.0s C:\Pre_Scan\Quarantine\C\run.exe.P_S
-9.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
-9.0s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
-7.8s C:\ProgramData\log.ewbt
-7.8s C:\ProgramData\log.ewb
-6.8s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
-6.8s C:\Windows\taskmgr.exe
-6.2s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
-6.2s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
-5.8s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
-5.8s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
-5.7s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
-4.2s C:\Windows\csrss.exe
-3.7s C:\Windows\svchost.exe
-3.6s C:\Windows\Azart\
-2.6s C:\Program Files (x86)\Negoent\
-2.4s C:\Program Files (x86)\Negoent\vlc.exe
-2.4s C:\Program Files (x86)\Negoent\xaterwuy.exe
-2.4s C:\Program Files (x86)\Negoent\CrashReport.dll
-2.4s C:\Program Files (x86)\Negoent\libvlc.dll
-1.6s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
-1.6s C:\Users\Yondaime\AppData\Roaming\Profiles\
-1.6s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
-0.3s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
-0.2s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
-0.0s C:\Program Files (x86)\Kenaryduguward Module\
0.0s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
0.0s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
0.1s C:\Windows\System32\Tasks\Kenaryduguward Module
0.5s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

C:\Program Files (x86)\Negoent\CrashReport.dll
Size . . . . . . . : 121,344 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:26)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C6BE0D75F5EAEFA5143AF786F4AF6A1A589830312EB96E2D09E827AC1CA3A49E
> Kaspersky . . . . : Trojan.Win32.Stava.cgy
Fuzzy . . . . . . : 108.0
Forensic Cluster
-17.6s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
-11.3s C:\ProgramData\TeamViewer_Tracer.exe
-7.6s C:\Pre_Scan\Quarantine\C\run.exe.P_S
-6.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
-5.4s C:\ProgramData\log.ewbt
-5.4s C:\ProgramData\log.ewb
-4.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
-4.3s C:\Windows\taskmgr.exe
-3.7s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
-3.7s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
-3.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
-3.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
-3.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
-1.8s C:\Windows\csrss.exe
-1.3s C:\Windows\svchost.exe
-1.2s C:\Windows\Azart\
-0.2s C:\Program Files (x86)\Negoent\
-0.0s C:\Program Files (x86)\Negoent\vlc.exe
-0.0s C:\Program Files (x86)\Negoent\xaterwuy.exe
0.0s C:\Program Files (x86)\Negoent\CrashReport.dll
0.0s C:\Program Files (x86)\Negoent\libvlc.dll
0.8s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
0.8s C:\Users\Yondaime\AppData\Roaming\Profiles\
0.8s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
2.1s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
2.2s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
2.4s C:\Program Files (x86)\Kenaryduguward Module\
2.4s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
2.4s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
2.5s C:\Windows\System32\Tasks\Kenaryduguward Module
2.9s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

C:\Program Files (x86)\Negoent\libvlc.dll
Size . . . . . . . : 90,112 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:26)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 025D9C205155E95BD5E5B4FD4FB714A5E37F8734BF1EAB170BB34A91AB0A47D2
> Bitdefender . . . : Gen:Variant.Graftor.317313
Fuzzy . . . . . . : 108.0
Forensic Cluster
-17.6s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
-11.3s C:\ProgramData\TeamViewer_Tracer.exe
-7.6s C:\Pre_Scan\Quarantine\C\run.exe.P_S
-6.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
-6.6s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
-5.4s C:\ProgramData\log.ewbt
-5.4s C:\ProgramData\log.ewb
-4.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
-4.3s C:\Windows\taskmgr.exe
-3.7s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
-3.7s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
-3.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
-3.4s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
-3.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
-1.8s C:\Windows\csrss.exe
-1.3s C:\Windows\svchost.exe
-1.2s C:\Windows\Azart\
-0.2s C:\Program Files (x86)\Negoent\
-0.0s C:\Program Files (x86)\Negoent\vlc.exe
-0.0s C:\Program Files (x86)\Negoent\xaterwuy.exe
0.0s C:\Program Files (x86)\Negoent\CrashReport.dll
0.0s C:\Program Files (x86)\Negoent\libvlc.dll
0.8s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
0.8s C:\Users\Yondaime\AppData\Roaming\Profiles\
0.8s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
2.1s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
2.2s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
2.4s C:\Program Files (x86)\Kenaryduguward Module\
2.4s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
2.4s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
2.5s C:\Windows\System32\Tasks\Kenaryduguward Module
2.9s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

C:\ProgramData\TeamViewer_Tracer.exe
Size . . . . . . . : 263,392 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 0A52E235484FEED841A50BAAFD542E17EA2EFFF23882DD292AB5CA6555B12DD3
RSA Key Size . . . : 2048
Service . . . . . : TeamViewer_Tracer
Parent Name . . . : C:\Windows\system32\services.exe
Authenticode . . . : Valid
Running processes : 1788
> Kaspersky . . . . : Trojan-Dropper.Win32.Dapato.ossv
Fuzzy . . . . . . : 106.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\TeamViewer_Tracer\
Network Ports
192.168.1.10:53590 185.158.249.47:1070
Forensic Cluster
-6.4s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
0.0s C:\ProgramData\TeamViewer_Tracer.exe
3.7s C:\Pre_Scan\Quarantine\C\run.exe.P_S
4.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
4.7s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
5.9s C:\ProgramData\log.ewbt
5.9s C:\ProgramData\log.ewb
6.9s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
6.9s C:\Windows\taskmgr.exe
7.5s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
7.5s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
7.9s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
7.9s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
8.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
9.5s C:\Windows\csrss.exe
10.0s C:\Windows\svchost.exe
10.1s C:\Windows\Azart\
11.1s C:\Program Files (x86)\Negoent\
11.3s C:\Program Files (x86)\Negoent\vlc.exe
11.3s C:\Program Files (x86)\Negoent\xaterwuy.exe
11.3s C:\Program Files (x86)\Negoent\CrashReport.dll
11.3s C:\Program Files (x86)\Negoent\libvlc.dll
12.1s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
12.1s C:\Users\Yondaime\AppData\Roaming\Profiles\
12.1s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
13.4s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
13.5s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
13.7s C:\Program Files (x86)\Kenaryduguward Module\
13.7s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
13.7s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
13.7s C:\Windows\System32\Tasks\Kenaryduguward Module
14.2s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\isxdl.dll
Size . . . . . . . : 157,632 bytes
Age . . . . . . . : 0.8 days (2017-03-25 01:58:13)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 159D00F0D8C7A16736C608DE22E83364A9B15B197874116829293F4D67934890
Product . . . . . : ISX Download DLL
Publisher . . . . : Bjørnar Henden
Description . . . : Download DLL
Version . . . . . : 5.1.5.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4255115
Fuzzy . . . . . . : 98.0
Forensic Cluster
-0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\
-0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\eng_em.ini
-0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\French_em.ini
-0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\German_em.ini
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\ininotfound0.ini
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\isxdl.dll
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\japan_em.ini
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\log_03-25-2017.log
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\update.ini
0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\isxdl.dll
0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\log_03-25-2017.log
0.5s C:\Users\Yondaime\AppData\Roaming\ZHP\ZHPCleaner_Tempo.txt
19.3s C:\Users\Yondaime\AppData\Roaming\ZHP\ZHPCleaner-[R]-25032017-01_58_32.txt

C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\isxdl.dll
Size . . . . . . . : 157,632 bytes
Age . . . . . . . : 0.8 days (2017-03-25 01:58:13)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 159D00F0D8C7A16736C608DE22E83364A9B15B197874116829293F4D67934890
Product . . . . . : ISX Download DLL
Publisher . . . . : Bjørnar Henden
Description . . . : Download DLL
Version . . . . . : 5.1.5.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4255115
Fuzzy . . . . . . : 98.0
Forensic Cluster
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\eng_em.ini
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\French_em.ini
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\German_em.ini
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\ininotfound0.ini
-0.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\isxdl.dll
-0.2s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\japan_em.ini
-0.2s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\log_03-25-2017.log
-0.2s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\Event Monitor.DIR\update.ini
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\isxdl.dll
0.0s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\log_03-25-2017.log
0.2s C:\Users\Yondaime\AppData\Roaming\ZHP\ZHPCleaner_Tempo.txt
19.1s C:\Users\Yondaime\AppData\Roaming\ZHP\ZHPCleaner-[R]-25032017-01_58_32.txt

C:\Users\Yondaime\Desktop\PS3 U\ps3tools\tools\BruteforceSaveData\tools\Cod MW3\DevComponents.DotNetBar2.dll
Size . . . . . . . : 663,552 bytes
Age . . . . . . . : 62.0 days (2017-01-22 19:48:54)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 2E8FFE0C7397A0F19133B6167D4193C61D063F38633C735979B6B9C47F4600F4
Product . . . . . : DNGuard HVM Runtime Library
Publisher . . . . : ZiYuXuan Studio
Description . . . : DNGuard HVM Runtime Library
Version . . . . . : 3.6.0.1
LanguageID . . . . : 0
> Kaspersky . . . . : Trojan.MSIL.Agent.fmzg
Fuzzy . . . . . . : 100.0

C:\Users\Yondaime\Desktop\PS3 U\ps3tools\tools\ExtractPupPKG.exe
Size . . . . . . . : 87,552 bytes
Age . . . . . . . : 62.0 days (2017-01-22 19:48:51)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 71A8C88527E7AD61EBFB06B066A5AEDA392DE3BB58DBEE68F360A68CBE958AFC
Product . . . . . : ExtractPupPKG
Publisher . . . . : Aldo Vargas - http://www.aldostools.org
Description . . . : ExtractPupPKG
Version . . . . . : 1.01
Copyright . . . . : 2014 by aldostools.org
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Variant.Kazy.81325
Fuzzy . . . . . . : 108.0

C:\Users\Yondaime\Desktop\PS3 U\ps3tools\tools\ps3netsrv.exe
Size . . . . . . . : 184,334 bytes
Age . . . . . . . : 62.0 days (2017-01-22 19:48:51)
Entropy . . . . . : 5.7
SHA-256 . . . . . : FE88920985664E1C44000CE74640A6E6A4CE81CB17FE5FCD7A30EA467CECE84E
> Bitdefender . . . : Gen:Variant.Kazy.48398
Fuzzy . . . . . . : 106.0

C:\Windows\csrss.exe
Size . . . . . . . : 1,556,916 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:25)
Entropy . . . . . : 5.8
SHA-256 . . . . . : B3AEE88B9C41915DF37DC7A6BBD7EB06FD08B84ADF98BC16346DA7F77DC4B1D8
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : @>F5AA 8A?>;=5=8O :;85=B-A5@25@
Version . . . . . : 6.3.9600.16384
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Parent Name . . . : C:\Windows\svchost.exe
LanguageID . . . . : 1033
Running processes : 2396
> Bitdefender . . . : Application.BitCoinMiner.IY
> Kaspersky . . . . : not-a-virus:RiskTool.Win64.BitCoinMiner.ql
Fuzzy . . . . . . : 117.0
Network Ports
192.168.1.10:49164 93.190.142.176:8000
Forensic Cluster
-15.8s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
-9.5s C:\ProgramData\TeamViewer_Tracer.exe
-5.8s C:\Pre_Scan\Quarantine\C\run.exe.P_S
-4.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
-4.8s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
-3.6s C:\ProgramData\log.ewbt
-3.6s C:\ProgramData\log.ewb
-2.6s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
-2.5s C:\Windows\taskmgr.exe
-1.9s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
-1.9s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
-1.6s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
-1.6s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
-1.5s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
0.0s C:\Windows\csrss.exe
0.6s C:\Windows\svchost.exe
0.6s C:\Windows\Azart\
1.6s C:\Program Files (x86)\Negoent\
1.8s C:\Program Files (x86)\Negoent\vlc.exe
1.8s C:\Program Files (x86)\Negoent\xaterwuy.exe
1.8s C:\Program Files (x86)\Negoent\CrashReport.dll
1.8s C:\Program Files (x86)\Negoent\libvlc.dll
2.6s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
2.6s C:\Users\Yondaime\AppData\Roaming\Profiles\
2.6s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
3.9s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
4.0s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
4.2s C:\Program Files (x86)\Kenaryduguward Module\
4.2s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
4.2s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
4.3s C:\Windows\System32\Tasks\Kenaryduguward Module
4.7s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

C:\Windows\taskmgr.exe
Size . . . . . . . : 73,216 bytes
Age . . . . . . . : 0.8 days (2017-03-25 00:51:22)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 776CA9BE12231CECDE7E465A9C5B57BA8ABB934684E2B90A2EE4FEC04B87E9AC
Needs elevation . : Yes
> Bitdefender . . . : Trojan.Generic.20521513
Fuzzy . . . . . . : 117.0
Forensic Cluster
-13.3s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@hejie123[1].txt
-6.9s C:\ProgramData\TeamViewer_Tracer.exe
-3.2s C:\Pre_Scan\Quarantine\C\run.exe.P_S
-2.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\content.js
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0024397e
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\content.js
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\background.js
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon18.png
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon48.png
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon64.png
-2.2s C:\Users\Yondaime\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\icons\icon128.png
-1.1s C:\ProgramData\log.ewbt
-1.1s C:\ProgramData\log.ewb
-0.0s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\
0.0s C:\Windows\taskmgr.exe
0.6s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe
0.6s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\6voG+z-MQc.exe.config
1.0s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe
1.0s C:\Program Files\Windows Photo Viewer\PLUARCX0F2SRLDDGDIG65X4G08FU6SE\oPX9R7xXHa.exe.config
1.1s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\
2.5s C:\Windows\csrss.exe
3.1s C:\Windows\svchost.exe
3.1s C:\Windows\Azart\
4.2s C:\Program Files (x86)\Negoent\
4.3s C:\Program Files (x86)\Negoent\vlc.exe
4.3s C:\Program Files (x86)\Negoent\xaterwuy.exe
4.3s C:\Program Files (x86)\Negoent\CrashReport.dll
4.3s C:\Program Files (x86)\Negoent\libvlc.dll
5.2s C:\Users\Yondaime\AppData\Local\Anefationprafoing\
5.2s C:\Users\Yondaime\AppData\Roaming\Profiles\
5.2s C:\Users\Yondaime\AppData\Roaming\Profiles\Mutesh.default\
6.4s C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@onclkds[2].txt
6.6s C:\Users\Yondaime\AppData\Roaming\Gogesthimiry\
6.8s C:\Program Files (x86)\Kenaryduguward Module\
6.8s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll
6.8s C:\Program Files (x86)\Kenaryduguward Module\local64spl.dll.ini
6.8s C:\Windows\System32\Tasks\Kenaryduguward Module
7.3s C:\Users\Yondaime\AppData\Roaming\ZHP\Quarantine\pccleanplus\uninstaller.exe.config

Suspicious files ____________________________________________________________

C:\Program Files (x86)\Stardock\Fences\Screen.exe
Size . . . . . . . : 430,192 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:34:20)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 9C1D60E86437C369B48D526187E07026D9A6D556C2EB6BE4EAF7000B73B248F2
Product . . . . . : Stardock WindowBlinds 8.x
Publisher . . . . : Stardock Software, Inc
Description . . . : Screen
Version . . . . . : 8.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 28.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
File belongs to an identified security risk.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Program Files (x86)\Stardock\Fences\WindowBlinds8_Patch.exe
0.0s C:\Program Files (x86)\Stardock\Fences\Screen.exe
0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.exe
0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.lng
0.0s C:\Program Files (x86)\Stardock\Fences\sddlc.dll
0.0s C:\Program Files (x86)\Stardock\Fences\wbsrv.dll

C:\Program Files (x86)\Stardock\Fences\sdactivate.exe
Size . . . . . . . : 1,008,304 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:34:20)
Entropy . . . . . : 6.1
SHA-256 . . . . . : FBBFD363BC531B8045A8D1BE71256A1DC30913D4FD07A51ADB4F1BD4755355C0
Product . . . . . : Activate
Publisher . . . . : Stardock Corporation
Description . . . : Product Activation
Version . . . . . : 1.2.3.2
Copyright . . . . : Copyright (C) 2005-2011 Stardock Corporation
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Program Files (x86)\Stardock\Fences\WindowBlinds8_Patch.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\Screen.exe
0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.exe
0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.lng
0.0s C:\Program Files (x86)\Stardock\Fences\sddlc.dll
0.0s C:\Program Files (x86)\Stardock\Fences\wbsrv.dll

C:\Program Files (x86)\Stardock\Fences\sddlc.dll
Size . . . . . . . : 732,784 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:34:20)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 5E1A7C163EAC46250986CF3DD7268EBE1B8CB24744FE71907A8A51DBD650D890
Product . . . . . : Stardock SDDLC
Publisher . . . . : Stardock Software, Inc
Description . . . : SDDLC
Version . . . . . : 1.0.0.1
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Program Files (x86)\Stardock\Fences\WindowBlinds8_Patch.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\Screen.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.lng
0.0s C:\Program Files (x86)\Stardock\Fences\sddlc.dll
0.0s C:\Program Files (x86)\Stardock\Fences\wbsrv.dll

C:\Program Files (x86)\Stardock\Fences\wbsrv.dll
Size . . . . . . . : 548,976 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:34:20)
Entropy . . . . . : 6.1
SHA-256 . . . . . : EA1BBC82C1BFE9E33BDFBF1218271B20F24CDAD879A98B5ECFDA29D8C7F11E13
Product . . . . . : Stardock WindowBlinds 8
Publisher . . . . : Stardock Software, Inc
Description . . . : WBSrv.dll
Version . . . . . : 8.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.1s C:\Program Files (x86)\Stardock\Fences\WindowBlinds8_Patch.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\Screen.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.exe
-0.0s C:\Program Files (x86)\Stardock\Fences\sdactivate.lng
-0.0s C:\Program Files (x86)\Stardock\Fences\sddlc.dll
0.0s C:\Program Files (x86)\Stardock\Fences\wbsrv.dll

C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\Screen.exe
Size . . . . . . . : 430,192 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:27:33)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 9C1D60E86437C369B48D526187E07026D9A6D556C2EB6BE4EAF7000B73B248F2
Product . . . . . : Stardock WindowBlinds 8.x
Publisher . . . . : Stardock Software, Inc
Description . . . : Screen
Version . . . . . : 8.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-55.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\ca35d63b-c0fe-4c53-bb62-c59bdc948955\1b50f081c2940762_0
-52.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d090
-52.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d091
-52.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d092
-51.7s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d093
-51.7s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d094
-51.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d095
-51.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d096
-50.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d098
-49.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d099
-38.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09c
-37.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09f
-37.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a0
-37.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a1
-36.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a3
-11.5s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\
-11.5s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\WindowBlinds8-cnet-setup.exe
-7.9s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0aa
-7.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0ae
-7.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b0
-7.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b1
-5.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\
-5.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.exe
-4.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\wbsrv.dll
-4.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\WindowBlinds8_Patch.exe
0.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\Screen.exe
1.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.lng
1.2s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\nstallation guide.txt
1.8s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sddlc.dll

C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.exe
Size . . . . . . . : 1,008,304 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:27:28)
Entropy . . . . . : 6.1
SHA-256 . . . . . : FBBFD363BC531B8045A8D1BE71256A1DC30913D4FD07A51ADB4F1BD4755355C0
Product . . . . . : Activate
Publisher . . . . : Stardock Corporation
Description . . . : Product Activation
Version . . . . . : 1.2.3.2
Copyright . . . . : Copyright (C) 2005-2011 Stardock Corporation
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-50.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\ca35d63b-c0fe-4c53-bb62-c59bdc948955\1b50f081c2940762_0
-47.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d090
-47.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d091
-47.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d092
-46.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d093
-46.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d094
-46.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d095
-46.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d096
-45.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d098
-44.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d099
-32.7s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09c
-31.9s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09f
-31.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a0
-31.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a1
-30.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a3
-6.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\
-6.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\WindowBlinds8-cnet-setup.exe
-2.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0aa
-2.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0ae
-2.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b0
-2.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b1
-0.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\
0.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.exe
1.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\wbsrv.dll
1.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\WindowBlinds8_Patch.exe
5.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\Screen.exe
6.5s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.lng
6.6s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\nstallation guide.txt
7.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sddlc.dll

C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sddlc.dll
Size . . . . . . . : 732,784 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:27:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 5E1A7C163EAC46250986CF3DD7268EBE1B8CB24744FE71907A8A51DBD650D890
Product . . . . . : Stardock SDDLC
Publisher . . . . : Stardock Software, Inc
Description . . . : SDDLC
Version . . . . . : 1.0.0.1
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-57.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\ca35d63b-c0fe-4c53-bb62-c59bdc948955\1b50f081c2940762_0
-54.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d090
-54.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d091
-54.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d092
-53.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d093
-53.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d094
-53.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d095
-53.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d096
-52.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d098
-51.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d099
-39.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09c
-39.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09f
-39.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a0
-38.7s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a1
-38.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a3
-13.3s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\
-13.3s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\WindowBlinds8-cnet-setup.exe
-9.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0aa
-9.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0ae
-9.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b0
-9.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b1
-7.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\
-7.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.exe
-6.2s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\wbsrv.dll
-6.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\WindowBlinds8_Patch.exe
-1.8s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\Screen.exe
-0.6s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.lng
-0.6s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\nstallation guide.txt
0.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sddlc.dll

C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\wbsrv.dll
Size . . . . . . . : 548,976 bytes
Age . . . . . . . : 0.9 days (2017-03-24 23:27:29)
Entropy . . . . . : 6.1
SHA-256 . . . . . : EA1BBC82C1BFE9E33BDFBF1218271B20F24CDAD879A98B5ECFDA29D8C7F11E13
Product . . . . . : Stardock WindowBlinds 8
Publisher . . . . : Stardock Software, Inc
Description . . . : WBSrv.dll
Version . . . . . : 8.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-51.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\ca35d63b-c0fe-4c53-bb62-c59bdc948955\1b50f081c2940762_0
-48.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d090
-48.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d091
-47.9s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d092
-47.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d093
-47.3s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d094
-47.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d095
-47.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d096
-46.0s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d098
-45.1s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d099
-33.6s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09c
-32.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d09f
-32.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a0
-32.5s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a1
-31.8s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0a3
-7.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\
-7.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\WindowBlinds8-cnet-setup.exe
-3.4s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0aa
-3.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0ae
-3.2s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b0
-2.9s C:\Users\Yondaime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_01d0b1
-1.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\
-1.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.exe
0.0s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\wbsrv.dll
0.1s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\WindowBlinds8_Patch.exe
4.4s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\Screen.exe
5.6s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sdactivate.lng
5.6s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\nstallation guide.txt
6.2s C:\Users\Yondaime\Downloads\Documents\Stardock Windowblinds 8.05 Build 027 x86 x64 [2014, ENG]\Crack\sddlc.dll

Potential Unwanted Programs _________________________________________________

HKLM\SYSTEM\ControlSet001\services\DrvAgent64\ (DriverRestore)
HKLM\SYSTEM\ControlSet002\services\DrvAgent64\ (DriverRestore)
HKLM\SYSTEM\CurrentControlSet\services\DrvAgent64\ (DriverRestore)

Cookies _____________________________________________________________________

C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@adaptv.advertising[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@addthis[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@adnxs[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@ads.avocet[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@ads[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@adsrvr[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@advertising[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@agkn[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@bluekai[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@bs.serving-sys[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@casalemedia[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@crwdcntrl[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@d.adroll[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@demdex[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@dotomi[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@dotomi[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@doubleclick[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@dpm.demdex[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@effectivemeasure[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@everesttech[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@exoclick[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@imrworldwide[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@mathtag[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@ml314[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@mmstat[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@mookie1[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@openx[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@outbrain[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@pagefair[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@pixel.rubiconproject[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@pubmatic[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@revsci[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@rfihub[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@rlcdn[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@rubiconproject[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@scorecardresearch[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@serving-sys[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@taboola[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@tap.rubiconproject[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@tapad[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@trc.taboola[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@trc.taboola[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@trc.taboola[4].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@tubemogul[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@turn[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@w55c[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\Low\yondaime@zedo[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@abmr[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@ad.admitad[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@adnxs[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@ads.linkedin[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@ads[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@agkn[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@atdmt[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@doubleclick[2].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@mmstat[1].txt
C:\Users\Yondaime\AppData\Roaming\Microsoft\Windows\Cookies\yondaime@mookie1[2].txt

[/code]

Signaler le contenu de ce document