[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : CAMILO Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : CAMILO\Camilo UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2018-01-03 17:13:06 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 142 Objects scanned . . . : 1 983 523 Files scanned . . . . : 87 230 Remnants scanned . . : 583 590 files / 1 312 703 keys Malware _____________________________________________________________________ C:\Users\Camilo\AppData\Roaming\Football Superstars\BLAT.EXE Size . . . . . . . : 115 200 bytes Age . . . . . . . : 1091.9 days (2015-01-07 19:52:37) Entropy . . . . . : 6.4 SHA-256 . . . . . : AECA4A77D617DA84296B5F857B2821333FE4B9663E8DF74EF5A25A7882693E5E Product . . . . . : Blat Publisher . . . . : http://www.blat.net/ Description . . . : A Win32 command line eMail tool Version . . . . . : 2.6.2 Copyright . . . . : No copyright at all LanguageID . . . . : 1033 > Kaspersky . . . . : not-a-virus:Client-SMTP.Win32.Blat.a Fuzzy . . . . . . : 100.0 Suspicious files ____________________________________________________________ C:\Users\Camilo\Downloads\FRST64.exe Size . . . . . . . : 2 393 088 bytes Age . . . . . . . : 0.2 days (2018-01-03 13:17:46) Entropy . . . . . : 7.6 SHA-256 . . . . . : E75D6315E3F1C5661033A160C8A1B9042183DBBD1CE08A634C36AE8DBDFF7744 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -5.4s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0021f5 -5.1s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0021f7 -5.0s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0021f8 -3.1s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0001b1 -2.3s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0001b2 -1.4s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0001b3 0.0s C:\Users\Camilo\Downloads\FRST64.exe 5.9s C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0001b4 C:\Users\Camilo\Music\FRST64.exe Size . . . . . . . : 2 411 520 bytes Age . . . . . . . : 397.2 days (2016-12-02 11:45:36) Entropy . . . . . : 7.6 SHA-256 . . . . . : CA3D6E4694110D6B901EA2F0F0A8FF522AEB59661D690E71AB548FCE68392EBF Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\Camilo\OneDrive\Documents\FRST64.exe Size . . . . . . . : 2 411 520 bytes Age . . . . . . . : 397.2 days (2016-12-02 11:26:46) Entropy . . . . . : 7.6 SHA-256 . . . . . : CA3D6E4694110D6B901EA2F0F0A8FF522AEB59661D690E71AB548FCE68392EBF Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Cookies _____________________________________________________________________ C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:66172283.log.optimizely.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.adform.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.businessclick.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.programattik.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.advertising.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adx.adform.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:cw.addthis.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:default.atemda.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dh.serving-sys.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dlx.addthis.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dynamicyield.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:philips.112.2o7.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:samsung-poland.demdex.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:secure-assets.rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:switchadhub.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-secure.rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.spots.im C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\0E3Q7Q2Z.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\1S5166UH.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\Low\9KU1GXCQ.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\Low\ITF3T936.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\Low\U61NCYDA.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\UV364WDY.txt C:\Users\Camilo\AppData\Local\Microsoft\Windows\INetCookies\YQG5O7GQ.txt [/code]