[code] HitmanPro 3.7.18.284 www.hitmanpro.com Computer name . . . . : DGOCHOTA Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : DGOchota\DG_Ochota UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2017-05-14 12:18:24 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 1 322 393 Files scanned . . . . : 26 671 Remnants scanned . . : 224 036 files / 1 071 686 keys Malware _____________________________________________________________________ C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll Size . . . . . . . : 933 376 bytes Age . . . . . . . : 0.0 days (2017-05-14 12:02:31) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9075CFB0AF23C680EFC552A226AC48A6B907D5EEF8AA50485BC5996CDB548495 > Kaspersky . . . . : not-a-virus:RiskTool.Win32.FusionCore.d Fuzzy . . . . . . : 116.0 Forensic Cluster -2.6s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\7283664bb9043f514be2b665cb0abd0b_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -2.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\ -2.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\uninstall.hta.log -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\install.1494756148.zip -1.5s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\container.dat 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\index.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\uninstall.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.ocx 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\br.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\de.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\common.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\es5-shim.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\initialize.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\install.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\uninstall.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\bt_icon_48px.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\loading.gif 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_bittorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_icon.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_utorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\common.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\installer.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\check_if_cscript_is_working.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_install_offer.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_ping_after_close.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\en.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\es.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\fr.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\it.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ko.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\pt.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ru.json 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\ 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat.old 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat.old 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\maindoc.ico 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Nathaniel Rateliff And The Night Sweats - Nathaniel Rateliff And The Night Sweats (2015) l Audio l Album Track l 320Kbps l CBR l Mp3 l sn3h1t87.torrent 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\UK Top 40 Singles 12th August 2016.torrent 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates.dat 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\uTorrent.exe 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\utorrent.lng 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E01.HDTV.x264-KILLERS[ettv].torrent 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E02.HDTV.XviD-FUM[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E03.HDTV.x264-KILLERS[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E04.INTERNAL.HDTV.x264-BATV[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\ 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\featuredContent.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\player.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\plus.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\welcome-upsell.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\share\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\bittorrent.crt 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712.exe 1.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865.exe 1.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449.exe 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.5.0_43580.exe 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\39e8a1.lng 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\402db1.lng 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\ 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\ 1.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\utorrentie.exe 3.1s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\29f39fdeac471eb6a671a56c4758a80c_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\ 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\ 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\uninstall.hta.log 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\install.1494756154.zip 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\index.hta 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\uninstall.hta 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.ocx 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\br.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\de.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\en.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\es.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\fr.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\it.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ko.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\pt.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ru.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\common.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\es5-shim.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\initialize.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\install.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\uninstall.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\bt_icon_48px.png 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\loading.gif 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_bittorrent.ico 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_icon.png 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_utorrent.ico 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\common.css 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\installer.css 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\check_if_cscript_is_working.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_install_offer.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_ping_after_close.js C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll Size . . . . . . . : 933 376 bytes Age . . . . . . . : 0.0 days (2017-05-14 12:02:36) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9075CFB0AF23C680EFC552A226AC48A6B907D5EEF8AA50485BC5996CDB548495 > Kaspersky . . . . : not-a-virus:RiskTool.Win32.FusionCore.d Fuzzy . . . . . . : 116.0 Forensic Cluster -8.2s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\7283664bb9043f514be2b665cb0abd0b_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\ -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\uninstall.hta.log -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\ -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\install.1494756148.zip -7.2s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\container.dat -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\index.hta -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\uninstall.hta -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\ -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.ocx -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\br.json -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\de.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\common.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\es5-shim.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\initialize.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\install.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\uninstall.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\bt_icon_48px.png -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\loading.gif -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_bittorrent.ico -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_icon.png -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_utorrent.ico -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\common.css -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\installer.css -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\check_if_cscript_is_working.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_install_offer.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_ping_after_close.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\en.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\es.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\fr.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\it.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ko.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\pt.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ru.json -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\ -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat.old -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat.old -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\maindoc.ico -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Nathaniel Rateliff And The Night Sweats - Nathaniel Rateliff And The Night Sweats (2015) l Audio l Album Track l 320Kbps l CBR l Mp3 l sn3h1t87.torrent -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat.old -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat.old -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat.old -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\UK Top 40 Singles 12th August 2016.torrent -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates.dat -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\uTorrent.exe -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\utorrent.lng -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E01.HDTV.x264-KILLERS[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E02.HDTV.XviD-FUM[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E03.HDTV.x264-KILLERS[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E04.INTERNAL.HDTV.x264-BATV[ettv].torrent -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\ -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\featuredContent.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\player.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\plus.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\welcome-upsell.btapp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\share\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1 -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\bittorrent.crt -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\ -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712.exe -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.5.0_43580.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\39e8a1.lng -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\402db1.lng -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\ -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\utorrentie.exe -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\ -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\utorrentie.exe -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\utorrentie.exe -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\utorrentie.exe -2.5s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\29f39fdeac471eb6a671a56c4758a80c_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\uninstall.hta.log -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\install.1494756154.zip 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\index.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\uninstall.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.ocx 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\br.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\de.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\en.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\es.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\fr.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\it.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ko.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\pt.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ru.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\common.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\es5-shim.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\initialize.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\install.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\uninstall.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\bt_icon_48px.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\loading.gif 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_bittorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_icon.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_utorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\common.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\installer.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\check_if_cscript_is_working.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_install_offer.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_ping_after_close.js Suspicious files ____________________________________________________________ C:\Users\DG_Ochota\Downloads\FRST64.exe Size . . . . . . . : 2 429 440 bytes Age . . . . . . . : 0.9 days (2017-05-13 14:16:31) Entropy . . . . . : 7.6 SHA-256 . . . . . : 896B7B41B936A1A793C6BE0DE9B9857B106FA5EC70D3335E9380744CD09F19F4 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-2882476764-1616236546-509559111-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\DG_Ochota\Downloads\FRST64.exe [/code]