[code] HitmanPro 3.8.0.292 www.hitmanpro.com Computer name . . . . : DESKTOP-58EIPAQ Windows . . . . . . . : 10.0.0.16299.X64/4 User name . . . . . . : DESKTOP-58EIPAQ\Home UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2018-03-09 12:33:01 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 7 Traces . . . . . . . : 89 Objects scanned . . . : 1,823,369 Files scanned . . . . : 68,176 Remnants scanned . . : 429,077 files / 1,326,116 keys Malware _____________________________________________________________________ C:\Users\Home\AppData\Local\Temp\1075281\1Dl9rfLqyz7B.exe Size . . . . . . . : 59,535 bytes Age . . . . . . . : 0.7 days (2018-03-08 18:36:11) Entropy . . . . . : 7.3 SHA-256 . . . . . : D052BF5807566CE9D446DB74DEFB96F0A46DFC000EF5D24DB0206B48DC09B2C9 > Kaspersky . . . . : not-a-virus:HEUR:AdWare.NSIS.Dotdo.gen Fuzzy . . . . . . : 112.0 Forensic Cluster -20.1s C:\Users\Home\AppData\Local\Temp\1075281\ -19.8s C:\Users\Home\AppData\Local\Temp\1075281\dlreport 0.0s C:\Users\Home\AppData\Local\Temp\1075281\1Dl9rfLqyz7B.exe 0.1s C:\Users\Home\AppData\Local\Temp\nsvB76C.tmp\ 0.1s C:\Users\Home\AppData\Local\Temp\nsvB76C.tmp\9cyewcl3.exe 1.2s C:\Users\Home\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\9cyewcl3.exe.log C:\Users\Home\Downloads\Adobe Acrobat Pro DC 2017.009.20044 Ml\Painter\adobe.snr.patch.v2.0-painter.exe Size . . . . . . . : 601,600 bytes Age . . . . . . . : 53.9 days (2018-01-14 15:22:27) Entropy . . . . . : 8.0 SHA-256 . . . . . : 256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4 Product . . . . . : Universal Adobe Patcher Publisher . . . . : PainteR Description . . . : Universal Adobe Patcher Version . . . . . : 2.0.0.0 LanguageID . . . . : 1049 > HitmanPro . . . . : App/Generic-HN Fuzzy . . . . . . : 108.0 C:\Users\Home\Downloads\Adobe Acrobat Pro DC 2017.009.20044 Ml\X-Force\xf-acrodc2015.exe Size . . . . . . . : 111,104 bytes Age . . . . . . . : 53.9 days (2018-01-14 15:02:29) Entropy . . . . . : 7.8 SHA-256 . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF > HitmanPro . . . . : App/Generic-LK Fuzzy . . . . . . : 114.0 C:\Users\Home\Downloads\Sony Vegas Pro 16.0 Build 459 (x64) +Crack\Setup.exe Size . . . . . . . : 8,859,173 bytes Age . . . . . . . : 0.8 days (2018-03-08 18:13:24) Entropy . . . . . : 8.0 SHA-256 . . . . . : E4A434736B83085B56980A1A11994C7F2B8699B770B930D3B1175C2F3EEFBC69 > Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.Generic Fuzzy . . . . . . : 111.0 C:\Users\Public\Desktop\Aktivator!!!\Re-LoaderByR@1n.exe Size . . . . . . . : 1,392,259 bytes Age . . . . . . . : 78.4 days (2017-12-21 02:48:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : 5F5A97FD1EA82BCB87215A804574A51ECCD399B0290FBC6CFE6DDD708DE92DAA Needs elevation . : Yes Product . . . . . : Re-Loader By R@1n Publisher Description . . . : Activator Version . . . . . : 1.6.3.0 LanguageID . . . . : 0 > Bitdefender . . . : Gen:Variant.Strictor.100857 > Kaspersky . . . . : Trojan.MSIL.Inject.djbg > HitmanPro . . . . : App/Generic-DP Fuzzy . . . . . . : 111.0 C:\Windows\KMS-R@1n.exe Size . . . . . . . : 26,112 bytes Age . . . . . . . : 78.5 days (2017-12-21 00:03:53) Entropy . . . . . : 5.5 SHA-256 . . . . . : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE Service . . . . . : KMS-R@1n Running processes : 2920 > HitmanPro . . . . : Troj/KMS-A Fuzzy . . . . . . : 119.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\KMS-R@1n\ Network Ports 0.0.0.0:1688 C:\WINDOWS\KMS-R@1nHook.dll Size . . . . . . . : 4,096 bytes Age . . . . . . . : 78.5 days (2017-12-21 00:03:53) Entropy . . . . . : 3.4 SHA-256 . . . . . : 5197323DDEE0141CA9C433D3860E5E7B0193C0821D9E5278D8E5F6EA0523C322 > HitmanPro . . . . : Troj/KMS-A Fuzzy . . . . . . : 108.0 Suspicious files ____________________________________________________________ C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\amd64_microsoft-windows-i..ell-serviceprovider_31bf3856ad364e35_10.0.16299.248_none_ce9680a74a4b944c\windows.immersiveshell.serviceprovider.dll Size . . . . . . . : 524,800 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:40:45) Entropy . . . . . : 6.2 SHA-256 . . . . . : AD59368A1C623F7E1637F2DB18EDA787474A833FD709CA07701E6B28D7753F19 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows.ImmersiveShell.ServiceProvider Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.16299.248_none_c975bf6514e4bbc3\Windows.Media.BackgroundMediaPlayback.dll Size . . . . . . . : 943,104 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:40:44) Entropy . . . . . : 6.4 SHA-256 . . . . . : AB369F708D716DAFA5047C4057557D405E78C910049C9C7C840495BB92087D1D Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows Media BackgroundMediaPlayback DLL Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.16299.248_none_c975bf6514e4bbc3\Windows.Media.Playback.BackgroundMediaPlayer.dll Size . . . . . . . : 941,568 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:41:02) Entropy . . . . . : 6.4 SHA-256 . . . . . : 9383D1C7062BD509727EBC0F090B33383348FA6D5E2DA8560086F5ACAC49B57B Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows Media Playback BackgroundMediaPlayer DLL Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\amd64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.16299.248_none_b142346015618a7b\Windows.Security.Authentication.Web.Core.dll Size . . . . . . . : 837,632 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:41:34) Entropy . . . . . : 6.2 SHA-256 . . . . . : ACB0D461FF9D08827126961B0D0E71B90C9C0AF4E937FDF5404164CD376C3594 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Token Broker WinRT API Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\amd64_netfx4-system.direc..s.accountmanagement_b03f5f7f11d50a3a_4.0.15522.132_none_86aad4c826c7083b\System.DirectoryServices.AccountManagement.dll Size . . . . . . . : 296,216 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:41:01) Entropy . . . . . : 6.0 SHA-256 . . . . . : 91FA857B0A78BFAD710EE82A7ACFBD05D5F8D37F5E88D58590E87273EC9F0FBA Product . . . . . : Microsoft® .NET Framework Publisher . . . . : Microsoft Corporation Description . . . : .NET Framework Version . . . . . : 4.7.2633.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_10.0.16299.248_en-us_9a8b8dc32cf3244e\Microsoft.GroupPolicy.Reporting.Resources.dll Size . . . . . . . : 541,184 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:40:53) Entropy . . . . . : 4.8 SHA-256 . . . . . : 99DD66AB4300EB3A39AF5EE481440E4DE97CEFD603A7888C491BF1F20B3A0110 Product . . . . . : Microsoft (R) Windows (R) Operating System Publisher . . . . : Microsoft Corporation Description . . . : Version . . . . . : 10.0.16299.248 Copyright . . . . : Copyright (c) Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\msil_system.directoryser..s.accountmanagement_b77a5c561934e089_4.0.15522.132_none_a6466e6519dc5104\System.DirectoryServices.AccountManagement.dll Size . . . . . . . : 296,216 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:41:01) Entropy . . . . . : 6.0 SHA-256 . . . . . : 91FA857B0A78BFAD710EE82A7ACFBD05D5F8D37F5E88D58590E87273EC9F0FBA Product . . . . . : Microsoft® .NET Framework Publisher . . . . : Microsoft Corporation Description . . . : .NET Framework Version . . . . . : 4.7.2633.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.16299.248_none_d3ca69b749457dbe\Windows.Media.BackgroundMediaPlayback.dll Size . . . . . . . : 621,568 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:40:36) Entropy . . . . . : 6.8 SHA-256 . . . . . : 0F333CE6D3909CB021915C8AF9048FC7EF0E0AB1F6FC72E7F870A0DD01451153 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows Media BackgroundMediaPlayback DLL Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. C:\Windows\SoftwareDistribution\Download\4926e9697c06ac567a282a77f001ab77\Package_for_RollupFix~~AMD64~~16299.251.1.4\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.16299.248_none_d3ca69b749457dbe\Windows.Media.Playback.BackgroundMediaPlayer.dll Size . . . . . . . : 620,544 bytes Age . . . . . . . : 0.6 days (2018-03-08 21:40:59) Entropy . . . . . : 6.8 SHA-256 . . . . . : FD2B3651F241D56ECFA470EE4D89097955A358B2D6E1B8CAA6ACACBF2BEBF180 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows Media Playback BackgroundMediaPlayer DLL Version . . . . . : 10.0.16299.248 Copyright . . . . : © Microsoft Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 22.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. Cookies _____________________________________________________________________ C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:2446361612.log.optimizely.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:2558120894.log.optimizely.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:50136351.log.optimizely.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:adobe.tt.omtrdc.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:criteo-partners.tremorhub.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:cw.addthis.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:kijiji.demdex.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.d2.sc.omtrdc.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:px.demdex.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:rogers.demdex.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.knlob.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Home\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YEVMDDVP\a3698060313.cdn.optimizely[1].xml C:\Users\Home\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AO7LIOUI\connexity[1].xml C:\Users\Home\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D3EFA4Z7\connexity[1].xml [/code]