[code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : VAIO Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : VAIO\Piotr Chmielewski UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-09-21 23:54:33 Scan mode . . . . . . : Normal Scan duration . . . . : 22m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 181 Objects scanned . . . : 3 328 545 Files scanned . . . . : 101 343 Remnants scanned . . : 1 062 460 files / 2 164 742 keys Malware _____________________________________________________________________ C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\setupfa_4435[1].exe Size . . . . . . . : 4 611 909 bytes Age . . . . . . . : 5.5 days (2016-09-16 11:29:06) Entropy . . . . . : 8.0 SHA-256 . . . . . : E3BE1CF0E13989041382A32F69754BA41A3E63D4F707971ABAAE61E473A2A33B Needs elevation . : Yes > Bitdefender . . . : Trojan.GenericKD.3532460 > Kaspersky . . . . : Trojan.Win32.Yakes.qtpu > HitmanPro . . . . : Mal/Generic-S Fuzzy . . . . . . : 119.0 Forensic Cluster -31.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\4CDEEBDFA3585C9C.dat -30.1s C:\Windows\System32\WDI\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{eda5b455-5698-4b04-8f51-306610b3dfb0}\ -29.7s C:\Windows\System32\WDI\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{eda5b455-5698-4b04-8f51-306610b3dfb0}\snapshot.etl -14.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\lst[1].htm -12.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\X5C0Z2A8.txt -11.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\9PA21KP6.txt 0.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\setupfa_4435[1].exe 3.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Profiles\ 3.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Profiles\Velose.default\ 10.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\8E3643506D0252C0DE12299B2F710DB8 12.5s C:\Windows\Prefetch\CLEBALY.EXE-75A5D9D6.pf 21.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5E3BA5393CADF664BB0BF4A64532679A 35.7s C:\Windows\Prefetch\F7FD.TMP-4C64EEE2.pf 37.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\7213ABBC6F41BDDE55DCEE5A7A79AF49 38.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\ 38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\0A22E433-91FB-40E6-B0AB-B2E27A77A0C7 39.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\64F2059BF2436F4F199033C21FD9F5CB 42.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{510A94E4-A265-472F-9663-7EA00149EEEC} 46.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\51477_a[1].xml 47.1s C:\Windows\Prefetch\F800.TMP-B1817CE1.pf 47.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\51490_a[1].xml 57.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\MaoHaWiFiSetup_262[1].exe 59.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\06\5F9184E259659E1E.dat 59.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\RandomDelJiheReg[1].exe 60.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9D326AD242DB40DD6C4BD7044F26EABB 61.7s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\main.lock 62.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\84\2CBF108FECC80A7C.dat 64.5s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\main.db-journal 64.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\734A5245FD234F1E.dat 66.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\84F703CCC2E061C1.dat 66.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9E3DF53A9DD7081D9632655D286DAC2A 66.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\D64E994449B6B419.dat 66.9s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\statistics.lock 67.0s C:\Windows\Prefetch\NEWAUTOTIME_51477.TMP-B10C7679.pf 67.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C17FD60213214B1A7722D96B00E24992 67.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\97\D2CF000BB44C5CDD.dat 67.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\59\9637C25F465613EB.dat 67.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\5F9850743DA7229F.dat 68.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\7BEF98221EE2FE726527284EF5D95D64 68.1s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\eascache.lock 69.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\B84B0D82CA2C631A.dat 69.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\B5D0C2CBDAB41930.dat 70.0s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\eascache.db-journal 70.3s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\bistats.lock 70.7s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\keyval.lock 71.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\F125BE656A5F9342.dat 72.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\EA020EA273CA1657.dat 72.9s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\bistats.db-journal 75.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\7AB5D6472FF9C937.dat 76.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\A87D79177A75BE85.dat 76.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\media_cache_v3\asyncdb\cache_db.db-wal 76.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\media_cache_v3\asyncdb\cache_db.db-shm 76.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\05D6B9DA1E594FDD.dat 77.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\A92BC11AA1044353.dat 77.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C8AF9F7ADD3D0C0D.dat 78.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\emo_cache_v2\asyncdb\cache_db.db-wal 78.6s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\emo_cache_v2\asyncdb\cache_db.db-shm 79.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\18\0975416E8C8163D6.dat 80.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\11DD8A6B72C8E32F.dat 80.5s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\storage_db\asyncdb\storage_db.db-wal 80.5s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\media_messaging\storage_db\asyncdb\storage_db.db-shm 80.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\jg51490[1].exe 81.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\8A04D2A5CEEA1A01.dat 82.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\44\2B92EF5C4BC42434.dat 82.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\ActionCenterCache\{FDC89533-CAA8-41AE-A083-3311E08B7762}.png 82.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\177E35D7AAA453D75F36ED92537AD22C 83.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\A1159C672E54C275.dat 83.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\ 83.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A482EE728905940E.dat 83.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\6421329F868096C0.dat 83.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\0CE4782EFF927B47.dat 83.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\2FBD3086634FFF25.dat 87.2s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\thmanager\thumbcache.ldb 88.5s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\mmanager\mediacache.ldb 88.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\A91013B30D50DDF1.dat 90.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\32\ 90.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\32\3713912410C9E04C.dat 90.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx 91.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\50\C1D6B10E1D003DF2.dat 91.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\50\ 91.8s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\msn.lock 92.5s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\msn.db-journal 93.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\51477[1].xml 95.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\AD6049DC71F9D26D.dat 99.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\J3NZ3OL7.txt 100.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\B7D0E5F884B43C7A.dat 102.0s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\statistics.db-journal 109.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\06\ 109.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\06\5F9184E259659E1E.dat 109.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\ext[1].htm 112.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\pop[1].htm 116.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\f[1].txt 128.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\avatar[1].jpg 130.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\43\ 130.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\43\080DCCAE9122FE33.dat 131.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C342A2A37FB52EA810914DCDFF52E899 131.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\43\080DCCAE9122FE33.dat 131.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\92\58C4E56999B36C18.dat 132.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\38\9FBDC6B6651B8DE2.dat 132.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\16F9E1224278B521B7581F8DE3E9ED6A 133.2s C:\Windows\Logs\SIH\SIH.20160916.113104.635.1.etl 134.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\CAD44256DA0FB1FFAE04519A74B86053 135.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\92\58C4E56999B36C18.dat 135.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\6ACC2861A43229D97661937BB3C8408E 136.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\966EAF56822A11187CF9B9DCE24EC228 136.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\f[1].txt 136.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\6449CE373B39C3F730DC0022DCA39B15 137.5s C:\Windows\Prefetch\AUTOTIME.EXE-35F889DB.pf 137.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1BD1F24CD33665F0054CD56BA4A306A8 138.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\8AA81A3FA7F6797FF83EEF940A607DA2 140.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\error[1] 142.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1B3F3CB5E8090BE49493847B1FEB4417 144.5s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_57D12D2676060783F3A819A307B45D2C 144.5s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_57D12D2676060783F3A819A307B45D2C 146.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\countrycodeDMA2HOME.json 146.4s C:\Users\Piotr Chmielewski\AppData\Roaming\Skype\pchmielewski93\keyval.db-journal 160.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\EAF14DE8804F602A26CE2052441BB888 179.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2016-9-16.932.7244.1.odlsent 181.7s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_FFB041E5DA33851BAB4CF5171917CC69 181.7s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_FFB041E5DA33851BAB4CF5171917CC69 182.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\ads[1].htm 182.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\stat[1].gif 182.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\f[2].txt 183.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\02\ 183.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\02\734A5245FD234F1E.dat 200.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\f[2].txt 200.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\f[3].txt 202.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\icon[1].png 202.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\en[1].png 202.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\pixel[1].htm 203.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\push[1].htm 205.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\countrycodeE6S7HUOQ.json 205.7s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F12703B35B1F82C21160A92376087C84_313E6B316EFFE568616A721B4D9E42B0 205.7s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F12703B35B1F82C21160A92376087C84_313E6B316EFFE568616A721B4D9E42B0 206.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\HJW19HTL.txt 206.6s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 206.9s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A574ED5927B3CEC9626151D220C7448 207.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\sbhK2lTE[1].js 208.0s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_952DA1197BFDF4F6A3488E5BAB1BF8E5 208.0s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_952DA1197BFDF4F6A3488E5BAB1BF8E5 208.3s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9BC2FFC5D9591E1BD3545230E9B7CC36_6359064686E730147FC3BF10DB602252 208.3s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9BC2FFC5D9591E1BD3545230E9B7CC36_6359064686E730147FC3BF10DB602252 208.6s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F26E3145BFBE06D5364B992A0B71D714_E6ADA7A27C490EB721BA503F4405AB29 208.6s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F26E3145BFBE06D5364B992A0B71D714_E6ADA7A27C490EB721BA503F4405AB29 210.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\5-ES_ACCOUNTING_PHASE2_2016_OUTBOUND__FINANCE3_300x250[1].jpg 212.6s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_E644D9E214E148005F1D4BFB9A8ECF7B 212.6s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_E644D9E214E148005F1D4BFB9A8ECF7B 213.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E8F253959121E089B0D4AA8B6682E44B_B76233A3DB47A89B0A8BF903AF404987 213.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E8F253959121E089B0D4AA8B6682E44B_B76233A3DB47A89B0A8BF903AF404987 215.5s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_0EEA4824454A6D0530EF4C0F6C3F7354 215.5s C:\Users\Piotr Chmielewski\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_0EEA4824454A6D0530EF4C0F6C3F7354 216.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3CD99F6CD2961AEFAF9D21EA27618F63_C57F5A0749FC1E2110F9DB5292BA8D3C 217.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3CD99F6CD2961AEFAF9D21EA27618F63_C57F5A0749FC1E2110F9DB5292BA8D3C 217.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B18C72BA0B1A93578E6698C361385449_C49BCE52C42A31DDECFD4B3FC83D9EE6 217.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B18C72BA0B1A93578E6698C361385449_C49BCE52C42A31DDECFD4B3FC83D9EE6 222.7s C:\Windows\INF\netsstpa.PNF 223.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\zrt_lookup[1].htm 235.3s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx 241.7s C:\ProgramData\Microsoft\dot3svc\Profiles\Interfaces\{98F19C69-0E8C-494B-B641-278E0C37F94D}\ 241.7s C:\ProgramData\Microsoft\dot3svc\Profiles\Interfaces\{98F19C69-0E8C-494B-B641-278E0C37F94D}\{324F254F-04BB-474D-8BA8-B6477002E270}.xml 241.7s C:\ProgramData\Microsoft\dot3svc\Profiles\Interfaces\ 241.7s C:\ProgramData\Microsoft\dot3svc\Profiles\ 241.7s C:\ProgramData\Microsoft\dot3svc\ 245.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\o_network.exe.log 246.8s C:\Windows\INF\netrasa.PNF C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\yomz[2].exe Size . . . . . . . : 490 744 bytes Age . . . . . . . : 5.5 days (2016-09-16 12:53:10) Entropy . . . . . : 7.8 SHA-256 . . . . . : E40CFACDC8F094AF2C852F6DBB0BE5C4E92A77027A1CBE1058E585F33E67481B RSA Key Size . . . : 2048 Authenticode . . . : Valid > Bitdefender . . . : Gen:Variant.Graftor.303717 > HitmanPro . . . . : App/Generic-DP Fuzzy . . . . . . : 109.0 Suspicious files ____________________________________________________________ C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\FRST64[2].exe Size . . . . . . . : 2 402 816 bytes Age . . . . . . . : 1.1 days (2016-09-20 21:28:51) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6A2B54CE7265DB20CF5C157A700F731EB8AC9615F4C2DB14151498DCEEAA56E3 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\FRST64[2].exe Size . . . . . . . : 2 400 256 bytes Age . . . . . . . : 2.0 days (2016-09-19 23:46:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6F3ACEC7F83AFBB175899B64F7C51C5CA1335F499FCDA1481198449A5F985211 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\VYQPW9B7\FRST64[2].exe 0.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\FRST64[2].exe C:\Users\Piotr Chmielewski\Downloads\FRST-OlderVersion\FRST64 (1).exe Size . . . . . . . : 2 399 232 bytes Age . . . . . . . : 3.0 days (2016-09-18 22:42:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3EE9D23F575FED89ACB77F84CF32ED652198267BB5EC53FE0B4F057852F43BA5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Piotr Chmielewski\Downloads\FRST-OlderVersion\FRST64 (2).exe Size . . . . . . . : 2 400 256 bytes Age . . . . . . . : 2.0 days (2016-09-19 23:45:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6F3ACEC7F83AFBB175899B64F7C51C5CA1335F499FCDA1481198449A5F985211 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Piotr Chmielewski\Downloads\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 400 256 bytes Age . . . . . . . : 4.9 days (2016-09-17 02:38:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6F3ACEC7F83AFBB175899B64F7C51C5CA1335F499FCDA1481198449A5F985211 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -29.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\NIALV5NZ.txt -24.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\gn[1].gif -23.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\gn[1].gif -22.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\2FXODIMJ.txt -22.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\82[1].htm -22.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\videojs.ima[1].css -22.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\style[2].css -22.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\video-js[1].css -22.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\videojs.ads[1].css -22.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\bleep[1].js -21.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\Moat1x1[1].png -21.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\pixel[1].gif -21.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\7hJiiEHoEeWRqiIAC39GJQ[1].htm -21.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\check[1].htm -21.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\ima3[1].js -21.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\player[1].js -21.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\videojs.ima[1].js -21.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\how-to-install-poster[1].png -21.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\activeview[1].gif -21.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\activeview[2].gif -21.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\video[1].js -21.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\videojs.ads[1].js -20.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\collect[2] -20.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\nsgpt[1].js -19.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\set[1].gif -19.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\client[1].js -19.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\fDIQV6DY0.txt -18.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\bridge3.144.0_en[1].htm -18.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\client.pl.min[1].json -18.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\ads[2].htm -18.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\windows-icon-hover[1].png -18.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\px[1].gif -18.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\px[3].gif -17.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\segments[1].js -17.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\getad[2].js -17.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\cfg[1].js -17.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\{_atf__%20true,%20_left__%20155,%20_top__%20216,%20_wh__%20643,%20_ww__%201366,%20_sx__%200,%20_sy__%200,%20_ah__%2090,%20_aw__%20728,%20_hf__%20true,%20_vs__%20_visi[1].htm -16.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\{_atf__%20true,%20_left__%20155,%20_top__%20216,%20_wh__%20643,%20_ww__%201366,%20_sx__%200,%20_sy__%200,%20_ah__%2090,%20_aw__%20728,%20_hf__%20true,%20_vs__%20_visi[1].gif -16.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\mobile_unified_button_icon_white[1].png -16.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\share[1] -16.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\css[1].css -16.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\ads[3].htm -16.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\17781760327879757842[1].gif -16.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\m[1].gif -15.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\B9JRHHEV.htm -15.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\UDI8XZ06.txt -15.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\px[2] -15.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7QQ6FE5B.txt -15.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\MY92QV8L.gif -15.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\ads[1].xml -15.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\6U5TS3DE.txt -15.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\PuwvqkdbcqU-fCZ9Ed-b7RsxEYwM7FgeyaSgU71cLG0[1].woff -15.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\ca-pub-3622156405313063[1].js -15.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\557151233[1].dat -15.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\ZU06T4MX.htm -15.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\SMGUBEIX.gif -14.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\gn[2].gif -14.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\973HCN6A.txt -13.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\3T440EKU.txt -13.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\cookie[1] -12.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\{_adCsm__%20[{_vfrd__2},{_lteu___0.02_,_ltut___0.02_,_ltpq___0.03_,_ltvd___0.06_,_lths___0.09_,_ltpm___0.08_,_ltfm___0.26_,_csmTot___117.87_},{_vdr__2001.85,_tdr__200[1].htm -12.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\{_adCsm__%20[{_vfrd__2},{_lteu___0.02_,_ltut___0.02_,_ltpq___0.03_,_ltvd___0.06_,_lths___0.09_,_ltpm___0.08_,_ltfm___0.26_,_csmTot___117.87_},{_vdr__2001.85,_tdr__200[1].gif -12.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Q47KORPJ.txt -11.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\iframe_api[1].js -10.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\c_100[1].png -9.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\www-widgetapi[1].js -9.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\gn[1].gif -8.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\embed[1].htm -8.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\{_adCsm__%20[{_vdr__5016.17,_tdr__5016.17},{_vdr__8549.67,_tdr__8549[1].htm -8.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\www-embed-player-vfl7h3Cel[1].css -8.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\www-embed-player[1].js -8.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\{_adCsm__%20[{_vdr__5016.17,_tdr__5016.17},{_vdr__8549.67,_tdr__8549[1].gif -7.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\base[1].js -7.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\FRST64[1].exe -6.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\-AVV05qI_H8sU0XxDznfxQII8xb1NysKSug4v65PDfM[2].js -5.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\oOeFwZNlrTefzLYmlVV1UD8E0i7KZn-EPnyo3HZu7kw[1].woff -5.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\OLffGBTaF0XFOW1gnuHF0dIh4imgI8P11RFo6YPCPC0[1].woff -5.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\dFWsweFqlD8ExfyN7Gh_GPesZW2xOQ-xsNqO47m55DA[1].woff -5.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\ad_status[1].js 0.0s C:\Users\Piotr Chmielewski\Downloads\FRST-OlderVersion\FRST64.exe 0.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\activeview[1].gif 0.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\44393791-4146-46c9-8642-4544adc11438[1].mp4 0.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\44393791-4146-46c9-8642-4544adc11438[1].dat 3.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\{_adCsm__%20[{_vdr__16797.2,_tdr__16797[1].htm 3.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\{_adCsm__%20[{_vdr__16797.2,_tdr__16797[1].gif 21.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\1[1].htm 21.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\497289d176c92ebac825b65dee8397f1[1].css 22.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\toolslib[1].png 22.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\5257c9914fe31c35a02cb6d09885d47f[1].js 22.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\glyphicons-halflings-regular[1].eot 22.6s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\fontawesome-webfont[2].eot 22.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\opensans-semibold-webfont[1].eot 22.8s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\ca-pub-3185555181872133[1].js 23.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\flags16[1].png 23.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\placeholder_en_3x2[1].png 23.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\adsENQ5M31I.htm 24.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\adview[6].htm 24.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\ads[7].htm 24.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\adview[5].htm 37.7s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\img[1].gif 39.4s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\T36PG31K\FRST.txt 68.9s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F84HTJK1\piwik[1].js 69.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\73ZZLUM0.txt 69.1s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\piwik[1].gif 70.5s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TSZNQAOH\adperf_launch_1.0.0_scrambled[1].js 72.2s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Q5RMX7A6.txt 86.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1GDIN7E3\docbrows[1] 86.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9GSPO6E7\page[1] C:\Users\Piotr Chmielewski\Downloads\FRST64.exe Size . . . . . . . : 2 402 816 bytes Age . . . . . . . : 1.1 days (2016-09-20 21:27:43) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6A2B54CE7265DB20CF5C157A700F731EB8AC9615F4C2DB14151498DCEEAA56E3 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.3s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\MB0EWQ0B\FRST64[1].exe 0.0s C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCache\IE\TN3MW1CL\FRST64[1].exe 0.0s C:\Users\Piotr Chmielewski\Downloads\FRST64.exe Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}\ (OtherSearch) HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}\ (OtherSearch) HKLM\SOFTWARE\Clients\Corner Sunshine\ (CornerSunshine) HKLM\SOFTWARE\WOW6432Node\Clients\Corner Sunshine\ (CornerSunshine) HKLM\SOFTWARE\WOW6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) HKU\S-1-5-21-2351160239-3609625897-3084254237-1001\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) HKU\S-1-5-21-2351160239-3609625897-3084254237-1001\SOFTWARE\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) Cookies _____________________________________________________________________ C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\04G0N3AL.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\0KVSY96D.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\0VBM3GYK.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\1N0L4553.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\2CVM2YV1.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\31WVDI7R.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\32CW56MQ.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\3IIQ77QY.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\3UBRLYCQ.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\4AIGPSKV.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\5PXBMWRB.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\5PZMGVEC.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\5R82DCJ0.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\6478615W.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\66TYLB7C.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\6NQW7R3G.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\6SKABG42.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\71SBL3OW.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\7FB9BLX8.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\7H129GRR.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\7PU2OZI4.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\8M7GD00U.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\8U5R1K2X.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\8Y1KNE3R.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\918OS28O.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\A37SL2IG.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\AWFJBLOD.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\BTIQWQ1C.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\DF2R81RR.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\EAGZAW0P.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\EOTF28YV.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\G2ZWCS23.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\HJW19HTL.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\I1MA1643.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\JX6OE9G4.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\KCDEWX3P.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\LFN0JVMQ.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\02XUJYLK.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\03EM3O3C.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\06GFFN7W.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\0KJK0TZB.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\14ERK1MG.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\15UCC8PS.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\1DEPTS2F.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\2FIQPS4Y.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\2FZ8S2E9.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\2XH5Q56H.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\36Z72BAD.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\3FB7JPJ6.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\3T440EKU.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\40LR3H5B.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\4N06YS3U.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\52BQFXNT.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\53QWGV7Y.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\5AV16W7J.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\5FYWJS1K.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\5IA3HAGC.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\5RF3ZUR0.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\62Q66GXO.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\6IRLUV21.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\6U5TS3DE.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7FWRFMO4.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7QQ6FE5B.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7QURQVW8.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7QZD4LOF.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\7Y8GB2EU.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\864TJVHB.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\8LVFWP3J.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\8MZ5AQW9.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\8PY97FX0.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\8SM8VOFH.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\9699NJS4.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\973HCN6A.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\9M6KZZY7.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\AL65R4WG.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\B00ATC0T.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\CINEVBA8.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\COP1EDS5.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\CX3BTNH1.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\E5IR0113.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\E7LLJF5C.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\FFK1T30W.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\FLDT51SG.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\G69S919H.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\GNEMZJKS.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\GQNO1L1F.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\HU4IFXM1.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\I23WDK3I.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\IZFP5YMG.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\JALPZR87.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\JCAO5E8N.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\JFZ1VS38.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\K7JTJRKC.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\LL7EFDBY.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\LM6W0PN7.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\LMEZFL0O.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\MUD37Y2P.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\N3IO9PFI.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\N4CA7K07.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\OU52C5CA.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\P7DCQGZQ.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\PM6JCIHV.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\PMMPHK78.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Q5RMX7A6.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\RL59A4AN.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\S0TAC7JP.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\S8CQGR0A.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\SI2ZO1AC.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\SPLPK9LS.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\SQQ37V4Q.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\SXATO4XV.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\SZUA754U.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\T878KDFN.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\T8HGD8RB.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\TPQI0LAF.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\TQX22Y1C.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\TTZS5DJO.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\TXJ66D6T.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\UA3MTXA0.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\UDI8XZ06.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\URPIOHE6.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\UZHH260K.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\VIWQPV2T.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\WVHOPSU3.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\X4KWQLKS.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\X88JH8UH.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\XA68V4N1.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Y1C9Q5NF.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Y88YLM04.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\YDWOD380.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\Z22JX8PU.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Low\ZM5M4J97.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\MBJ35HAH.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\OMBH8XKW.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Q73QZ24P.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Q7QULCSY.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Q8LTTG4J.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\Q9U2QHE7.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\R0XDBG63.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\RJF5MOIP.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\SBOJZ5V0.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\UBNA9TY2.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\UHCCA7QL.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\UVV6ISX1.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\UYR3YEPP.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\VJTCYY4T.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\VWD1MAUY.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\VZL7VZ5K.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\WHJQECI9.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\WIWE9J58.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\WR9Z4SAA.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\X39Q0DYR.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\YNK17WWE.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\YO56PZI7.txt C:\Users\Piotr Chmielewski\AppData\Local\Microsoft\Windows\INetCookies\ZSONVKOR.txt [/code]