[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : DGOCHOTA Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : DGOchota\DG_Ochota UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2017-05-15 18:53:57 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 152 Objects scanned . . . : 1 367 336 Files scanned . . . . : 35 713 Remnants scanned . . : 258 609 files / 1 073 014 keys Malware _____________________________________________________________________ C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll Size . . . . . . . : 933 376 bytes Age . . . . . . . : 1.3 days (2017-05-14 12:02:31) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9075CFB0AF23C680EFC552A226AC48A6B907D5EEF8AA50485BC5996CDB548495 > Kaspersky . . . . : not-a-virus:RiskTool.Win32.FusionCore.d Fuzzy . . . . . . : 116.0 Forensic Cluster -2.6s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\7283664bb9043f514be2b665cb0abd0b_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -2.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\ -2.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\uninstall.hta.log -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\install.1494756148.zip -1.5s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\container.dat 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\index.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\uninstall.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.ocx 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\br.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\de.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\common.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\es5-shim.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\initialize.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\install.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\uninstall.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\bt_icon_48px.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\loading.gif 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_bittorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_icon.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_utorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\common.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\installer.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\check_if_cscript_is_working.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_install_offer.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_ping_after_close.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\en.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\es.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\fr.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\it.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ko.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\pt.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ru.json 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\ 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat.old 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat.old 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\maindoc.ico 0.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Nathaniel Rateliff And The Night Sweats - Nathaniel Rateliff And The Night Sweats (2015) l Audio l Album Track l 320Kbps l CBR l Mp3 l sn3h1t87.torrent 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat.old 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\UK Top 40 Singles 12th August 2016.torrent 0.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates.dat 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\uTorrent.exe 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\utorrent.lng 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E01.HDTV.x264-KILLERS[ettv].torrent 0.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E02.HDTV.XviD-FUM[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E03.HDTV.x264-KILLERS[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E04.INTERNAL.HDTV.x264-BATV[ettv].torrent 0.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\ 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\featuredContent.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\player.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\plus.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\welcome-upsell.btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp 0.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png 0.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\share\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\bittorrent.crt 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\ 0.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712.exe 1.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865.exe 1.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449.exe 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.5.0_43580.exe 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\39e8a1.lng 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\402db1.lng 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\ 1.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\utorrentie.exe 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\ 1.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\ 1.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\utorrentie.exe 3.1s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\29f39fdeac471eb6a671a56c4758a80c_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\ 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\ 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\uninstall.hta.log 3.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\install.1494756154.zip 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\index.hta 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\uninstall.hta 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.ocx 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\br.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\de.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\en.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\es.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\fr.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\it.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ko.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\pt.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ru.json 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\common.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\es5-shim.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\initialize.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\install.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\uninstall.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\bt_icon_48px.png 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\loading.gif 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_bittorrent.ico 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_icon.png 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_utorrent.ico 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\common.css 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\installer.css 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\ 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\check_if_cscript_is_working.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_install_offer.js 5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_ping_after_close.js C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll Size . . . . . . . : 933 376 bytes Age . . . . . . . : 1.3 days (2017-05-14 12:02:36) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9075CFB0AF23C680EFC552A226AC48A6B907D5EEF8AA50485BC5996CDB548495 > Kaspersky . . . . : not-a-virus:RiskTool.Win32.FusionCore.d Fuzzy . . . . . . : 116.0 Forensic Cluster -8.2s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\7283664bb9043f514be2b665cb0abd0b_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\ -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\uninstall.hta.log -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\ -8.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\install.1494756148.zip -7.2s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\container.dat -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\index.hta -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\uninstall.hta -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\ -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.dll -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\3rdparty\FS.ocx -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\br.json -5.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\de.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\common.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\es5-shim.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\initialize.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\install.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\scripts\uninstall.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\bt_icon_48px.png -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\loading.gif -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_bittorrent.ico -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_icon.png -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\images\main_utorrent.ico -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\common.css -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\styles\installer.css -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\ -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\check_if_cscript_is_working.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_install_offer.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\shell_scripts\shell_ping_after_close.js -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\en.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\es.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\fr.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\it.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ko.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\pt.json -5.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148\HTA\i18n\ru.json -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\ -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht.dat.old -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dht_feed.dat.old -5.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\maindoc.ico -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Nathaniel Rateliff And The Night Sweats - Nathaniel Rateliff And The Night Sweats (2015) l Audio l Album Track l 320Kbps l CBR l Mp3 l sn3h1t87.torrent -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\resume.dat.old -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\rss.dat.old -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat -5.3s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\settings.dat.old -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\UK Top 40 Singles 12th August 2016.torrent -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates.dat -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\uTorrent.exe -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\utorrent.lng -5.2s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E01.HDTV.x264-KILLERS[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E02.HDTV.XviD-FUM[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E03.HDTV.x264-KILLERS[ettv].torrent -5.1s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\Vinyl.S01E04.INTERNAL.HDTV.x264-BATV[ettv].torrent -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\ -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\featuredContent.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\player.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\plus.btapp -5.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\welcome-upsell.btapp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ -4.9s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\share\ -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1 -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C -4.8s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\trusted\bittorrent.crt -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\ -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712.exe -4.7s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.5.0_43580.exe -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\39e8a1.lng -4.6s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\402db1.lng -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\ -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41712\utorrentie.exe -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\ -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.5_41865\utorrentie.exe -4.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\3.4.8_42449\utorrentie.exe -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\ -4.4s C:\Users\DG_Ochota\AppData\Local\Temp\HYDD3C3.tmp.1494756148_permissionsCopy\updates\updates\3.5.0_43580\utorrentie.exe -2.5s C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2882476764-1616236546-509559111-1000\29f39fdeac471eb6a671a56c4758a80c_3e90bb52-5b50-4c9b-a86b-cfeb77df0ba7 -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\ -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\uninstall.hta.log -2.5s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\install.1494756154.zip 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\index.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\uninstall.hta 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.dll 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\3rdparty\FS.ocx 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\br.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\de.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\en.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\es.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\fr.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\it.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ko.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\pt.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\i18n\ru.json 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\common.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\es5-shim.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\initialize.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\install.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\scripts\uninstall.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\bt_icon_48px.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\loading.gif 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_bittorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_icon.png 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\images\main_utorrent.ico 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\common.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\styles\installer.css 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\ 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\check_if_cscript_is_working.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_install_offer.js 0.0s C:\Users\DG_Ochota\AppData\Local\Temp\HYDEA11.tmp.1494756154\HTA\shell_scripts\shell_ping_after_close.js Suspicious files ____________________________________________________________ C:\ProgramData\scsi3-4\scsi3-87.exe Size . . . . . . . : 796 672 bytes Age . . . . . . . : 0.3 days (2017-05-15 10:42:59) Entropy . . . . . : 5.4 SHA-256 . . . . . : 8B063989BE5D2601B62FCC5097E2DD58BF7F6CB57F5490DBF818C33B9DDDEC1B Fuzzy . . . . . . : 36.0 Substitutes Explorer.exe as the default shell. Malware tends to start this way. Program starts automatically without user intervention. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Startup HKU\S-1-5-21-2882476764-1616236546-509559111-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Forensic Cluster 0.0s C:\ProgramData\scsi3-4\ 0.0s C:\ProgramData\scsi3-4\scsi3-87.exe 3.8s C:\Windows\Prefetch\SCSI3-87.EXE-48E1AC24.pf C:\Users\DG_Ochota\Downloads\FRST64.exe Size . . . . . . . : 2 429 440 bytes Age . . . . . . . : 2.2 days (2017-05-13 14:16:31) Entropy . . . . . : 7.6 SHA-256 . . . . . : 896B7B41B936A1A793C6BE0DE9B9857B106FA5EC70D3335E9380744CD09F19F4 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-2882476764-1616236546-509559111-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\DG_Ochota\Downloads\FRST64.exe Cookies _____________________________________________________________________ C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\1XADUG63.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\2F68H4HR.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\39PSY0H3.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\7P2B3YI1.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\829D7WGC.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\8BRFP50J.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\B9KOSV0X.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\BDVFLJD0.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\BFU9JN9B.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\CH9T9YOJ.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\FR7DPRX0.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\GCDBPC9E.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\GQAECV38.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\KU0DVN23.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\M2QOZNKG.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\PNZ2VMVU.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\Q8VW1B2J.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\SE1NTF1N.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\U2U514AG.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\W3IXSIJL.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\WEVHY9E1.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\WTCHQXTG.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\YFZ0XPJ1.txt C:\Users\DG_Ochota\AppData\Roaming\Microsoft\Windows\Cookies\Z9NO6I0D.txt C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:2129670914.log.optimizely.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:526710254.log.optimizely.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:acuityplatform.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ad.360yield.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adaptv.advertising.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adbrn.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:addthis.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adfarm1.adition.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adform.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adgrx.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adhigh.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adnxs.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.avocet.io C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.businessclick.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.chargeads.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.creative-serving.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.deliverimp.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.linkedin.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.programattik.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.servebom.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.stickyadstv.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ads.yieldmo.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adscale.de C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adsrvr.org C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adsymptotic.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adtech.de C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adtechus.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:advertising.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:adx.adform.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:agkn.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:apex.go.sonobi.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:at.atwola.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:atdmt.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:atemda.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:basebanner.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:bidr.io C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:bidswitch.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:bizrate.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:bluekai.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:bs.serving-sys.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:c.appier.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:casalemedia.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:connexity.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:contextweb.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:crwdcntrl.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ctnsnet.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:cw.addthis.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:d.adroll.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:default.atemda.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:dellinc.tt.omtrdc.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:demdex.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:domdex.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:dotomi.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:doubleclick.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:dpm.demdex.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:dsp.linksynergy.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:erne.co C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:everesttech.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:eyereturn.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:eyeviewads.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:go.sonobi.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:googleadservices.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:gwallet.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ibillboard.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ih.adscale.de C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:imrworldwide.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:in.ml314.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ipredictive.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:krxd.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:lijit.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:linksynergy.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:m6r.eu C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:match.adsby.bidtheatre.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:match.rundsp.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:mathtag.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:ml314.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:mookie1.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:mscom.demdex.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:mxptint.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:nexac.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:omtrdc.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:openx.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:optimatic.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:owneriq.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:pagefair.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:pixel-a.sitescout.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:pixel.rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:pixel.sitescout.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:postrelease.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:pubmatic.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:revsci.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:rfihub.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:rlcdn.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:scorecardresearch.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:serving-sys.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:simpli.fi C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:sitescout.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:skimresources.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:smartadserver.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:stat.komoona.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:sxp.smartclip.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:sync.go.sonobi.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:taboola.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tap-secure.rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tap-t.rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tap.rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tap2-cdn.rubiconproject.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tapad.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tidaltv.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:track.adform.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:trc.taboola.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tribalfusion.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:tubemogul.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:turn.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:univide.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:virool.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:w55c.net C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:weborama.fr C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:wtp101.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:xiti.com C:\Users\DG_Ochota\AppData\Roaming\Mozilla\Firefox\Profiles\xmpevmx9.default-1494849304724\cookies.sqlite:yieldlab.net [/code]