[code] HitmanPro 3.8.0.295 www.hitmanpro.com Computer name . . . . : USER-KOMPUTER Windows . . . . . . . : 10.0.0.17134.X64/4 User name . . . . . . : User-Komputer\User UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2018-08-02 19:05:58 Scan mode . . . . . . : Normal Scan duration . . . . : 18m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 3 Traces . . . . . . . : 225 Objects scanned . . . : 3 732 090 Files scanned . . . . : 292 599 Remnants scanned . . : 1 447 391 files / 1 992 100 keys Malware _____________________________________________________________________ C:\Program Files (x86)\sbqh\uc.exe Size . . . . . . . : 200 752 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:54) Entropy . . . . . : 5.0 SHA-256 . . . . . : 8A555151FFA5FA17CE68ED1B5BB7FD90C5BD33CB32B00AD390CAEF861547A52B Product . . . . . : pps Publisher . . . . : Description . . . : pps Version . . . . . : 1.0.0.1 LanguageID . . . . : 2052 > Bitdefender . . . : Gen:Variant.Mikey.55472 > Kaspersky . . . . : not-a-virus:HEUR:RiskTool.Win32.Hidap.gen > HitmanPro . . . . : App/Generic-OA Fuzzy . . . . . . : 108.0 C:\Users\User\AppData\Local\ThunderbirdPortable\MsiEXEC64.exe Size . . . . . . . : 320 000 bytes Age . . . . . . . : 0.0 days (2018-08-02 18:55:36) Entropy . . . . . : 6.9 SHA-256 . . . . . : 84DD02DEBBF2B0C5ED7EEBF813305543265E34EC98635139787BF8B882E7C7B4 Process Type . . . : Critical Running processes : 8364 > Bitdefender . . . : Application.BitCoinMiner.PD > Kaspersky . . . . : not-a-virus:RiskTool.Win64.BitCoinMiner.djd > HitmanPro . . . . : Mal/Miner-I Fuzzy . . . . . . : 119.0 Network Ports 192.168.1.104:62036 178.62.205.21:4444 Forensic Cluster -6.9s C:\Users\User\AppData\Local\ThunderbirdPortable\ -6.1s C:\Windows\Prefetch\CACLS.EXE-AF118E12.pf -4.3s C:\Users\User\AppData\Local\ThunderbirdPortable\000001N.zip -1.9s C:\Windows\SysWOW64\SelfFolder.idc -1.5s C:\Windows\Prefetch\SVCHOST.EXE-18E84E0C.pf -0.0s C:\Users\User\AppData\Local\ThunderbirdPortable\cuda.cfg -0.0s C:\Users\User\AppData\Local\ThunderbirdPortable\license.txt 0.0s C:\Users\User\AppData\Local\ThunderbirdPortable\MsiEXEC64.exe 0.3s C:\Users\User\AppData\Local\ThunderbirdPortable\cudart64_80.dll 0.3s C:\Users\User\AppData\Local\ThunderbirdPortable\cudart32_80.dll 0.3s C:\Users\User\AppData\Local\ThunderbirdPortable\msvcr120.dll 2.2s C:\Windows\Prefetch\CMD.EXE-4A81B364.pf 4.3s C:\ProgramData\NVIDIA\MessageBus_10592_0x62ED278.log 4.5s C:\ProgramData\NVIDIA\MessageBus_10592_0x689D178.log 4.8s C:\ProgramData\NVIDIA\MessageBus_10592_0x68CC670.log 5.5s C:\ProgramData\NVIDIA\MessageBus_10592_0x69D2300.log 5.6s C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\SPUser\nvspcaps\ 7.0s C:\Windows\Prefetch\RUNDLL32.EXE-D5372631.pf 7.6s C:\ProgramData\NVIDIA\MessageBus_10592_0xF47C28.log 7.6s C:\ProgramData\NVIDIA\MessageBus_10088_0x2B191AFC650.log 8.4s C:\Windows\Prefetch\IDR_RCDATA.BIN-DA5569B0.pf 11.9s C:\Windows\Prefetch\MSIEXEC64.EXE-73EF5F2A.pf 12.2s C:\Windows\Prefetch\NVNODEJSLAUNCHER.EXE-0F84F74B.pf 17.1s C:\Windows\Prefetch\NVSPHELPER64.EXE-0D63409A.pf 23.3s C:\Windows\Prefetch\NVIDIA SHARE.EXE-AE8D2621.pf 33.3s C:\Windows\Prefetch\SVCHOST.EXE-D739EDED.pf 37.5s C:\Windows\Prefetch\SVCHOST.EXE-E13A8616.pf C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\MsiEXEC64.exe Size . . . . . . . : 320 000 bytes Age . . . . . . . : 0.8 days (2018-08-02 00:08:12) Entropy . . . . . : 6.9 SHA-256 . . . . . : 84DD02DEBBF2B0C5ED7EEBF813305543265E34EC98635139787BF8B882E7C7B4 > Bitdefender . . . : Application.BitCoinMiner.PD > Kaspersky . . . . : not-a-virus:RiskTool.Win64.BitCoinMiner.djd > HitmanPro . . . . : Mal/Miner-I Fuzzy . . . . . . : 108.0 Forensic Cluster -11.5s C:\Windows\Installer\MSI7945.tmp -10.4s C:\Windows\Installer\MSI7D8C.tmp -10.3s C:\Users\User\AppData\Local\Temp\{A0D7C087-3516-41D9-906B-35B5E1F8D6F2}\ -10.0s C:\Windows\Installer\MSI7F06.tmp -6.2s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\ -4.1s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\000001N.zip -0.0s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\cuda.cfg -0.0s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\license.txt 0.0s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\MsiEXEC64.exe 0.1s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\cudart64_80.dll 0.1s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\cudart32_80.dll 0.1s C:\Users\User\AppData\Local\{9A5F1821-1526-1C50-A634-7F84341A2214}\msvcr120.dll 3.8s C:\Users\User\AppData\Roaming\NVIDIA\ComputeCache\b\a\30106af954af62 Suspicious files ____________________________________________________________ C:\Users\User\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll Size . . . . . . . : 969 032 bytes Age . . . . . . . : 1480.2 days (2014-07-14 13:19:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1 014 616 bytes Age . . . . . . . : 1274.0 days (2015-02-05 19:59:19) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 140 072 bytes Age . . . . . . . : 1518.0 days (2014-06-06 18:12:21) Entropy . . . . . : 7.7 SHA-256 . . . . . : CC3F4E453FC246B64C09E81BB73741CECC897C805C13815336647E986A60301E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\FC3\pb\pbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 506.0 days (2017-03-14 18:50:46) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 506.0 days (2017-03-14 18:50:59) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\PG\pb\pbcl.dll Size . . . . . . . : 965 880 bytes Age . . . . . . . : 1029.0 days (2015-10-08 19:09:36) Entropy . . . . . : 7.6 SHA-256 . . . . . : 9D84C917D9E747EDCBB23A765E2D70C8AE9E629556BB19613136B4C7598062BE RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\PG\pb\PnkBstrK.sys Size . . . . . . . : 140 160 bytes Age . . . . . . . : 1029.0 days (2015-10-08 19:09:48) Entropy . . . . . : 7.8 SHA-256 . . . . . : C5FF96EF8AC37C5B02579173DBA6BC9E8148381BC9817C426600968A7BAAF168 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\WAW\pb\pbcl.dll Size . . . . . . . : 733 004 bytes Age . . . . . . . : 1458.0 days (2014-08-05 18:00:29) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\Downloads\FRST64.exe Size . . . . . . . : 2 412 544 bytes Age . . . . . . . : 2.0 days (2018-07-31 19:22:21) Entropy . . . . . : 7.6 SHA-256 . . . . . : 50627CD7EFFC2C7E2BF32334D159C73B80AFF4B3EE2F7FF4FADFB906187C7759 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -26.6s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d592 -18.3s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d593 -5.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d594 -5.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d595 -5.7s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d597 -5.5s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d598 -5.5s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d599 -5.0s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Media Cache\f_000203 -4.8s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Media Cache\f_000204 -4.4s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Media Cache\f_000205 -1.7s C:\Users\User\Downloads\FRST64.exe 9.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Media Cache\f_000206 13.3s C:\Windows\Prefetch\FRST64.EXE-959D71F4.pf 14.7s C:\FRST\Logs\ 14.7s C:\FRST\ 14.7s C:\FRST\Hives\ 14.7s C:\FRST\Logs\ct.ini 14.7s C:\FRST\Quarantine\ 21.8s C:\FRST\Hives\ERDNT.INF 21.8s C:\FRST\Hives\ERDNT.CON 21.8s C:\FRST\Hives\SYSTEM 22.9s C:\FRST\Hives\SOFTWARE 25.6s C:\FRST\Hives\DEFAULT 26.0s C:\FRST\Hives\SECURITY 26.0s C:\FRST\Hives\SAM 26.1s C:\FRST\Hives\BCD 26.2s C:\FRST\Hives\Users\ 26.2s C:\FRST\Hives\Users\00000001\ 26.2s C:\FRST\Hives\Users\00000001\NTUSER.DAT 26.6s C:\FRST\Hives\Users\00000002\ 26.6s C:\FRST\Hives\Users\00000002\UsrClass.dat 27.1s C:\FRST\Hives\DRIVERS 27.6s C:\FRST\Hives\ERDNT.EXE 27.6s C:\FRST\Hives\ERDNTWIN.LOC 27.6s C:\FRST\Hives\ERDNTDOS.LOC 28.1s C:\Users\User\Downloads\FRST.txt 53.5s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d59c 61.4s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d59d 61.5s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d59e 73.6s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a0 74.3s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a1 83.6s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a3 113.7s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a5 117.4s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a6 118.8s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a7 124.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\137096050380C0629B9640236BD53FBC 126.4s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5a9 130.5s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5aa 131.2s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5ab 131.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8B44E1FD-2F4A-4001-8032-F2A8699BB1B9} 131.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5ac 132.1s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5ad 132.1s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5ae 132.3s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5af 132.3s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b0 134.0s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b1 136.3s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b2 139.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b3 139.9s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b4 140.1s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5b6 140.7s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5ba 140.7s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5bb 140.8s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5bc 140.8s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5bd 143.6s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5be 143.8s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5bf 145.0s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5c0 159.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC1AC122-DD42-450E-BAAC-CF8A52987038} 162.1s C:\Windows\Temp\MSIaf3d1.LOG 183.2s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Cache\f_00d5c2 184.0s C:\Users\User\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion\Session Storage\001153.ldb C:\WINDOWS\SysWOW64\wave32.ocx Size . . . . . . . : 43 432 bytes Age . . . . . . . : 943.9 days (2016-01-01 22:19:56) Entropy . . . . . : 5.5 SHA-256 . . . . . : FB30C3D30AE30DC9F2B2F2F7C22F8BCCB5FC7E70C1ED6844380AD4374FD2A3CD Product . . . . . : WAVE Publisher Description . . . : Mabry Wave Control Version . . . . . : 1.10.002 Copyright . . . . : Copyright © 1994-1998 by Mabry Software, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 27.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Authors name is missing in version info. This is not common to most programs. Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\sbqh\ (SBQH) C:\Program Files (x86)\sbqh\360net.dll (SBQH) Size . . . . . . . : 481 256 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:55) Entropy . . . . . : 6.7 SHA-256 . . . . . : 6BA57B3AE870532B72EDA873491B9A3AAEC875A69CA8FAF0F98A17B32EEA41AB Product . . . . . : 360 Security Center Publisher . . . . : Qihu 360 Software Co., Ltd. Description . . . : 360 Security Center Network Module Version . . . . . : 1.2.0.1190 RSA Key Size . . . : 2048 LanguageID . . . . : 2057 Authenticode . . . : Valid Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\sbqh\360NetBase.dll (SBQH) Size . . . . . . . : 362 608 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:55) Entropy . . . . . : 6.6 SHA-256 . . . . . : 226919A226297DAFA3CBADF799B5D95FDEF176FAA84F35F84F73EE6F92181745 Product . . . . . : 360‰[hQkSëX Publisher . . . . : 360.cn Description . . . : 360‰[hQkSëX QÜ~úW@x!jWW Version . . . . . : 7.25.0.68 RSA Key Size . . . : 2048 LanguageID . . . . : 2052 Authenticode . . . : Valid Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\sbqh\360NetBase64.dll (SBQH) Size . . . . . . . : 327 752 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:56) Entropy . . . . . : 6.4 SHA-256 . . . . . : 8DA5AD36B9A55F3D71B0FF19996ABCC59346C236BC40AADA32E5331F9537C55A Product . . . . . : 360‰[hQkSëX Publisher . . . . : 360.cn Description . . . : 360‰[hQkSëX QÜ~úW@x!jWW Version . . . . . : 7.25.0.51 RSA Key Size . . . : 2048 LanguageID . . . . : 2052 Authenticode . . . : Valid Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\sbqh\360NetUL.dll (SBQH) Size . . . . . . . : 240 240 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:56) Entropy . . . . . : 6.6 SHA-256 . . . . . : 139FDD92E6DDF1AAC0761A68502B374DAA32E82039621018511DC491ED9B4048 Product . . . . . : 360 GS§~“^ Publisher . . . . : 360.cn Description . . . : 360 GS§~“^ Version . . . . . : 1.0.0.1034 RSA Key Size . . . : 2048 LanguageID . . . . : 2052 Authenticode . . . : Valid Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\sbqh\Bind.exe (SBQH) Size . . . . . . . : 53 248 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:55) Entropy . . . . . : 4.3 SHA-256 . . . . . : 828F934C1445D3A2EF5B687A91FEDB38010B3BD53508F30148D864183B5DBF98 Product . . . . . : Bind Publisher . . . . : Description . . . : Bind Version . . . . . : 1.0.0.1 LanguageID . . . . : 2052 Fuzzy . . . . . . : 8.0 C:\Program Files (x86)\sbqh\sbqh.ini (SBQH) C:\Program Files (x86)\sbqh\unins000.dat (SBQH) C:\Program Files (x86)\sbqh\unins000.exe (SBQH) Size . . . . . . . : 1 283 273 bytes Age . . . . . . . : 707.0 days (2016-08-25 18:18:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : 369C4183738964CE7D9E9936474448701DDB8F290FADBFCEA3AD03E6B22E34CF Fuzzy . . . . . . : -2.0 C:\Users\User\AppData\Local\PunkBuster\BC2\pb\pbcl.dll (App/Punkbust-B) Size . . . . . . . : 891 962 bytes Age . . . . . . . : 947.9 days (2015-12-28 21:16:35) Entropy . . . . . : 7.6 SHA-256 . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616 Fuzzy . . . . . . : 29.0 C:\Users\User\AppData\Local\PunkBuster\BF3\pb\pbcls.dll (App/Punkbust-B) Size . . . . . . . : 963 480 bytes Age . . . . . . . : 1518.0 days (2014-06-06 18:11:01) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\ (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\chrome.manifest (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\chrome\content\ (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\chrome\content\main.xul (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\chrome\skin\ (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\chrome\skin\icon.png (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\install.rdf (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\modules\ (VeggyAddon) C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\extensions\veggy@veggyAddon.com\modules\XCipher.js (VeggyAddon) HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0\ (BoxoreOU) HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine\ (BoxoreOU) HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu) HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu) HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart) HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart) Cookies _____________________________________________________________________ C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:2103950122.log.optimizely.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:50136351.log.optimizely.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adobe.tt.omtrdc.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lvbetpartners.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bmwag.tt.omtrdc.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:creative-serving.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:cw.addthis.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dh.serving-sys.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dlx.addthis.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:eus.rubiconproject.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:hearstugo.112.2o7.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:igodigital.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mscom.demdex.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:omtrdc.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-secure.rubiconproject.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.uadx.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Janas_\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\Janas_\AppData\Roaming\Mozilla\Firefox\Profiles\hwhwvktg.default\cookies.sqlite:doubleclick.net C:\Users\Janas_\AppData\Roaming\Mozilla\Firefox\Profiles\hwhwvktg.default\cookies.sqlite:everesttech.net C:\Users\Janas_\AppData\Roaming\Mozilla\Firefox\Profiles\hwhwvktg.default\cookies.sqlite:mookie1.com C:\Users\Janas_\AppData\Roaming\Mozilla\Firefox\Profiles\hwhwvktg.default\cookies.sqlite:rubiconproject.com C:\Users\Janas_\AppData\Roaming\Mozilla\Firefox\Profiles\hwhwvktg.default\cookies.sqlite:www.googleadservices.com C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\A455ZPQ4\ad.doubleclick[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\B237T6ZL\cdn.w55c[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\BWI2HSJ2\ads.bittorrent[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\EE3JM0CG\googleads.g.doubleclick[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\HC83ZC66\ams1.ib.adnxs[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\HC83ZC66\cdn.w55c[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\HC83ZC66\ds.serving-sys[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\HC83ZC66\fra1-ib.adnxs[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXEX3NE\a.rfihub[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXEX3NE\ad.doubleclick[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXEX3NE\secure-ds.serving-sys[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\KCVYUHU1\googleads.g.doubleclick[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\KCVYUHU1\googleads.g.doubleclick[2].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\PR1YWXHV\ams1.ib.adnxs[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\PR1YWXHV\p191.atemda[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\U2POCUZ8\bh.contextweb[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\U2POCUZ8\fra1.ib.adnxs[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\WLTJVS6T\ads.yahoo[1].xml C:\Users\User\AppData\Local\Microsoft\Internet Explorer\DOMStore\YK2J49SF\secure-ds.serving-sys[1].xml C:\Users\User\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7MSGIC67\ads.techero[1].xml C:\Users\User\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RGP5U12E\connexity[1].xml C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:abmr.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ad.360yield.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ad.mediawayss.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ad.prv.pl C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ad.velgid.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:addthis.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adnxs.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ads.businessclick.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adscale.de C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adserver.linux.pl C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adsrvr.org C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adsymptotic.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:adx.adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:atemda.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:basebanner.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:bidswitch.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:bluekai.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:bs.serving-sys.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:casalemedia.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:contextweb.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:cw.addthis.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:demdex.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:dotomi.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:dpm.demdex.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:everesttech.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:eyeviewads.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:googleadservices.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:ih.adscale.de C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:lijit.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:match.adsby.bidtheatre.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:match.rundsp.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:mathtag.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:mookie1.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:openx.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:outbrain.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:pixel.rubiconproject.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:postrelease.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:pubmatic.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:rfihub.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:rlcdn.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:rubiconproject.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:scorecardresearch.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:serving-sys.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:simpli.fi C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:sitescout.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:stats.grupapino.pl C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:taboola.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:tap2-cdn.rubiconproject.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:tidaltv.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:track.adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:turn.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:w55c.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:www.googleadservices.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5ffixg.default\cookies.sqlite:yieldlab.net [/code]