| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml.tmp |
Type : HTML document, ASCII text, with very long lines MD5 : 16a323e4079efe52170b7e98251221c4 SHA-1 : b58352cdf991b0f9273b6480072c05ea49ce2640 SHA-256 : ad073604b0d75f2ee1e2087622ff453c7da7351692a8defa02da635f06f5720a SHA-512 : d5a82f2cc6357f3f8d30676aeb5f315941fe229f88671582763a7bc7ac28c5d53ec1f3f7afa7491601e7714afe305c8a8093ded6d9bab1b71e1aff0ffbf9a1f2 Size : 775.69 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml |
Type : XML document text MD5 : d641e69c175f3569cc5224f0ae6c8532 SHA-1 : bdb60a90bbd7ba9e06a0c3e5b85214a6365e88b5 SHA-256 : 9ea7b89c98c1aea877c001f244d914227a19b66c8749d903be6cc480680d4838 SHA-512 : ff2bfea54166e15e44f8feabfe611a190db81020e6cb53f4a515b8eda837909738fb5b2ecc35ee92082d43072c51fb9ca36a764bb7d8adb646aa9ac260009afe Size : 151.489 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\truste_setup.bmp |
Type : PC bitmap, Windows 3.x format, 49 x 67 x 24 MD5 : 7dad5f1ce516dab93e03984c69ead67b SHA-1 : 8d41b1e975e48570d4322573601741a0a9592f06 SHA-256 : 5660638da026bcab9e4c016b53a748976a4fb7f02d91790052087046061f8783 SHA-512 : bee5dd5b794fc3a5158a912b3a28c211e8930ee7f9d63493e60b7142ce2d5ae3a8bec4ae7214f1adf1e3044de654761ded24446385976af198b8e0f54082fb7d Size : 9.97 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\PublisherLogoDefault.bmp |
Type : PC bitmap, Windows 3.x format, 240 x 100 x 8 MD5 : 34ab06f8925e32be2b7f6e5faaf3f9af SHA-1 : cccbef48cb0dc9cdeebf23adf69aa9c80521d623 SHA-256 : f7e42e7eeaa0dfb3392d6fbad5315a8be5464bc0fa1e025e6241600a5a661f9e SHA-512 : 3fc901f6f910f0b0ae701976666d4006a432e4cf5a6aecceba8cca90b4b32b80e6c31e6f22308bdf52bb2e1b6bdd71d961129eb53b1e1dd74febc0718bf3b1d6 Size : 24.136 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\tbBit1.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 3eb411149b29c5854da31c3c5d3c823f SHA-1 : 594e0844207add0dbd163e1afb7696baa25cb961 SHA-256 : 95c4201d1d9cb8d5924548a2902621353f8762441883f1f52bce9238cea40648 SHA-512 : e1bd4c13c0cc49979f711e86fef77f42a1f74c497dc92a3344ab608c7107e92b8cb3fae8bda7020fd5ef491f1b985dc767cb2ac34a245bcbe2c09284fb91b5e5 Size : 3236.128 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu5EAA.tmp.ToolbarService.exe |
Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : be4d8d4c01b655ca06acfef1d20b8168 SHA-1 : fdf4adb3654ac8e84a67513864636a36359c2b31 SHA-256 : d87a65313bc1b48ceea554ad003edb7947151863056e2040879c741fc2c32f5c SHA-512 : fa79b4add24dd6105c53101357d213cf7afa4eb426ad1a2ca30c794cefb166440eac5dff9530c7443d37d5572f72c366591096741e43fdd75f2e4b5717b08e6e Size : 350.496 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@scorecardresearch[1].txt |
Type : ASCII text MD5 : 78ffcee742749b0853e4d20a1c468e34 SHA-1 : 18249ee8ddd32c79a937b8785edf482df1f561cf SHA-256 : 7f96be4a1f8fccd0a82b6bc825b88d2b9ce46691ba5db8ff7b023c7e59ee45dc SHA-512 : 1d27def5d1d798b7fb9fbc2fb663d891565b8aa8e8867be9a7a362b84f04c1308eb7b95b48c0d4010f61455e57df6ab6916cb4050470f624ad7129c74531949a Size : 0.114 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___feeds_reuters_com_reuters_topNews.xml |
Type : XML document text MD5 : ac7571b2b50d38586886fdeca60b13c5 SHA-1 : 2d39ac6494b8ae181e2cc1e5151963b348671468 SHA-256 : f816ee7565841a6e73ba45d94bd7487b401dd37d02a9c449919cd6e1cd5d4099 SHA-512 : 03701b49b82a091b3bb4d8c07ec5e6a63a11398597229baea94e72eb140c8c89f5f3b8db4fed185169b97675bcd04a3dbee78880c74d6f25bed62f76bf5259ba Size : 22.415 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\animate-custom[1].css |
Type : ASCII text, with CRLF line terminators MD5 : ac808bca941bd589d6fcadd666724e00 SHA-1 : b51f9319686f9e659457bf38d0b922081549c701 SHA-256 : e1527abc6da6cc596ed9a1cb181682161040950c3fd3d2b405f5387d1a71f270 SHA-512 : e3e19fb5505f3edfef421a7f701bf5263282e48ec2f1595ef999b192f7d524572baac6888d20c13549c9fadfcbc5567b9fc86a9eb4415cdfb60524c19cf70d95 Size : 11.469 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsf28F7.tmp.tbBitT.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 3d45f0adf444c9239497923162027417 SHA-1 : ebeafe724cb934442795775b3af373c6c25b2f52 SHA-256 : 87d4e79cb8517bcb2698208ea682e34cce4dc809058187066964cdaff1619c5d SHA-512 : 1119dd21ca9c033d3cfe5c5b5447859ddee02a69a6cbf8e587a77d47e1ea26280351bd4f53b24eeeadea9baa45d5d15c0949e07a53375afd439087ad7909a04f Size : 4401.448 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.tbccint[2].txt |
Type : ASCII text MD5 : fef364101d7a7e6716c58b4628ef7dc2 SHA-1 : 34da83a440082bded5c96700fecc2dfa6bf6f1af SHA-256 : 0cb68acf697b497a34d49abcf86f98e40da24ef1a9cd1711939cd6198b5e751f SHA-512 : 1edc268a559e0995db61c3abed1e8ae360e2f1fc6a67b0434cb981fc6835a96dcd130ddf562d054018b9c544044f87cc2ae38350560142c561403ac45fddc1c3 Size : 0.217 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@services.apps.conduit[1].txt |
Type : ASCII text MD5 : 4c1f57acb1f48ff17a81c9ee486a15ea SHA-1 : 9eb616c7229e24f59681e8aa1c29b5610d6eb686 SHA-256 : 08c4b692e3982a00133d30c2a6a8580bedcf1104f2357a8f49a0abf6a5afb0af SHA-512 : 8393ac7a0c086b1dc0138ca637d89dd2774a9b72bcc77338685770c24aceb41046bb5769fc605fa24e3738267d1ba1b17cec2f73219f357d70849b26dab70de9 Size : 0.226 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\setup_top.bmp |
Type : PC bitmap, Windows 3.x format, 726 x 101 x 24 MD5 : dfc82ca862605fad9f49b709d471b333 SHA-1 : f103e2e37aeb722006eb94f5c3384544ce2b371f SHA-256 : 837e5fa5e53935779ddb98e1dff3bac342f0c54623b3ddc0b2aa7d05b3f5f178 SHA-512 : 2ee8708eea45b8e2acb6543113eaa9ef0758e2dfc2c721239f097aef4ed4447ac406a9948ccc306f445956aaacd08d53e4bf451180dedf8e2cda950a975da690 Size : 220.234 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\alerts_icon.bmp |
Type : PC bitmap, Windows 3.x format, 19 x 21 x 24 MD5 : c4f797bb9543992727b1de0008f5e042 SHA-1 : 2abf095ac3ed12ba8b3164d5d0b62d8cc9ce4170 SHA-256 : 11a1e21e3f8c92de518cb3c89a79d2e547ec1102611d79b96db77ee97b7ec539 SHA-512 : 8d6db84fbdce606d21823f9f8d03f8cfce4f6c6f6c5690c70b7599530a10f5cc53299e2207f7bd91517fc9259321e493f408563fbea1d79a0edfe8bf4b0de77f Size : 1.316 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml.tmp |
Type : HTML document, ASCII text, with very long lines MD5 : be6415826b35f161f2389ee3fb4ddda6 SHA-1 : bbd8676db048852caa7bb7316855ccb71a87d9ca SHA-256 : a13d60fb76eaa29e8cc6e950ccddd65cd4dc5c40d27e6b8309697fd68fee3bf0 SHA-512 : e3b4be64a8e90c81e9cbc0af48a5546e13159570049c271d7ab5b6cfa1d489e8b541033d5ed047145dbeaa99f63d968b7c5efe85f0e40defb52bdb19565917e0 Size : 775.682 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@search.conduit[1].txt |
Type : ASCII text MD5 : d6042df124369a44743ae32133a7c7bd SHA-1 : 1bd38976053693e6a4a55917fde781950b7ca580 SHA-256 : cd57c440799bd2b4f43ebc529ff8e3c0ee0695a0c2bd92b7d7a8c79662929527 SHA-512 : acb59ed1bbf970238c2f5f2d1e869db0550eb4125497d34058a3e3c3f7ef8a51a630c80c26737d1811725a6717161601bee9986e1bda4e00ce226ee167028008 Size : 0.161 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.cpccint[2].txt |
Type : ASCII text MD5 : 20aba50f202d2e27b5e2c95b342ff25f SHA-1 : 02d65a6d463cdccc118f02f6dc1843a841316da7 SHA-256 : 3886565aec16a47076f325fc29ca5de38a0f1ed72f21fdc5cb50b2bc94d98690 SHA-512 : 7bc6a21fcf097414a1212f6d16e9575f63e3f925f3aeceeae02df8253c3de45244500128d96f9a8b2e7d729fe91c727a45b5aeb1f4b4c4657e2c5bdbc1a9005d Size : 0.218 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@social.conduit[2].txt |
Type : ASCII text MD5 : 510c174c238e054101f9285161ab18a5 SHA-1 : eb12d39fcc414397b12895403db933aca59c2671 SHA-256 : 3de7fb840209b0037dd7ae6b9fd57a4b20e944b8b3f8f8d3ea033578639743d5 SHA-512 : 8fdce203b49c86d9b6ea8e4909b5b9944170912162e581408d6ee6bd7c80a8c0bdf4164569e1a942c43d67233a68442137cf5a26c1d791c876865ec93ae6ad6c Size : 0.219 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6FE1609B-3EC0-11E8-9C49-080027CB305F}.dat |
Type : Composite Document File V2 Document, No summary info MD5 : 1f3a679596b498dda1327928805802ae SHA-1 : 3ac4d876f2aa7a157db6761c261ea2480968225c SHA-256 : 7aaad7982e049fcc078f943dd3cc00f05ccb9e2958159e2156f1663cf4eb3811 SHA-512 : a71a4e0b4e2ea36e427c5474389247457f3f4043d199f9cae1432505614f7066c0bd842e0640f7d6b3f43360be1595054b448e52a278663e7947d5e2dca58274 Size : 5.632 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@search.conduit[1].txt |
Type : ASCII text MD5 : 7d5e3490b40f0b546dff345ac31e45d9 SHA-1 : 0a17281e1803f44739887e681a9e91ad39d7260d SHA-256 : a33114fbe950dc9bf47b06a60b3323308782861d5026fa6f0bad7d66ca5f7539 SHA-512 : ba3f936938d1863a855e7616da8ceb5c585709f9fbe88a2c7105a98a062b0affebec914892bf52099c8c45f1b42b35ceaff518a659bffa1b963ed44280e6fb98 Size : 0.159 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___worldpress_org_feeds_topstories_xml.xml |
Type : XML document text MD5 : ae62af67e41121130c050a0ad248e5b4 SHA-1 : 460be5ac36fb9b7bbcef69eaf2190a97c9f7b953 SHA-256 : 45b1013514bd9d8505cb36026a8d118b77ce16f228400d10c9c38c21340ed1f0 SHA-512 : 581eff053b8adb680e4c9afd43a92a0f18884703bb08b355264b54a1f7d6dc3cc3819bf1afae3e6ae329b54eccdfe8a1db2e35691579e92c3f79288421a8dd09 Size : 10.237 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[1].txt |
Type : ASCII text MD5 : 8a3bf852dee21728d1ad612007ad6f5e SHA-1 : 8ba4df6fd292bb445a6be9f24bfe9548e8709a96 SHA-256 : a7dc13dc9779946038565169c9b30716da2f2672deea3bce2023d75d0f9fb318 SHA-512 : e2dd0a3dd2b4a5827e1cfc8f1bd96eb09e2f4058fdcc27977510c1d0cb29ae776312ebb402c59500fb200280bdee42d088b71b6c29148c1be48d0aaa3b8b5769 Size : 0.359 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@social.tbccint[1].txt |
Type : ASCII text MD5 : 9ea5315f29c2c34c355b7a2cf7a3db58 SHA-1 : 03f66ddb908403aa25c68009bf9696bda9cf38c6 SHA-256 : 8b8efd9513dd27df7447c49598977496310a1bba5700545e25b7dc44da31816d SHA-512 : d8447506ad0445092accba31f21b60eac6e965054424c24cc4c4e15e8b870271bd9b3adb85ac936413e248816cac90079dc5429c015a15b690e4130da7cac30e Size : 0.219 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[2].txt |
Type : ASCII text MD5 : 02e9ad773c60fcff339fc93c478d72f3 SHA-1 : b81bdf32f3966660b0150a0461064a5d8d7dab08 SHA-256 : 6799673247158e976d2a74410d558afd6d20c58a6e892c37573f2d217fe0bd6b SHA-512 : e48fc9cbc771553488f5a56d62efd1bb20821c44b0685ee9eecc6901141300395a039fe62af4d6f23f8154366a19d39d1e003341baf1039265ecedc8d564e076 Size : 0.357 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[2].txt |
Type : ASCII text MD5 : 810d9ae1da794069ca62bb3526f8e743 SHA-1 : 6b43b317b70a5f3e003c2736fdd4af5d82f129b4 SHA-256 : e1965664edf8f1f53647868e3665791b5868e9541d3b3b9ff63569b16d77a734 SHA-512 : ebd04e9ab4827a7957483e46643d299de7c87ebe7dfdd07acc1bc8fec0f391d4d21ebba2a6de85d8df2b240e366885fcf02f53cd6c946f3d9c05cc5a94c0e6eb Size : 0.219 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\search_icon.bmp |
Type : PC bitmap, Windows 3.x format, 20 x 18 x 24 MD5 : fa93f4e50e397208dbe6da745cec0c57 SHA-1 : 3abb3039a4da9a2571df06d4408b1301e394e26e SHA-256 : 16d8cd6bb34d0295db30a18e12bb3a4220f2b3e356a7b5506cc4804fc0748f1b SHA-512 : b54e25bda3eae8d387cd618b4c6c64a4f70465fd56293b0bdec883c3abadd6c1a0d06fb2ae08657f2c297c177b4febc8c8093ac79b778d6982af08488bbfd15e Size : 1.136 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\nsDialogs.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 4ccc4a742d4423f2f0ed744fd9c81f63 SHA-1 : 704f00a1acc327fd879cf75fc90d0b8f927c36bc SHA-256 : 416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6 SHA-512 : 790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb Size : 9.728 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___rss_cbc_ca_lineup_latest_xml.xml |
Type : XML document text MD5 : ec2d7478cc9c7bc4de86718bf62b28b3 SHA-1 : fc5961dcad690731db35803d172b61abf3954482 SHA-256 : 64b7b9ee01e9e686ffc88b4d149746155041dd69d4a89d29655a3c364f7e8438 SHA-512 : 92fe579706eb0cc8d59cd29ec6ffb0f934bf90cc07b2a17d6802ebfe35cd61b6c15e415012e74849aa1b8dd1ce71641007e66011dc4122cb3b7fb5bf2262bf4a Size : 5.038 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@services.apps.tbccint[1].txt |
Type : ASCII text MD5 : e2e5857dbdcf47603d13404072f51297 SHA-1 : 5c8429c5276087f3c6dc0e74c54a16599e965e84 SHA-256 : bfaae2274e439b517db5f33d5f128bd59573cd58f51b5eb8d2f83b1982e992d3 SHA-512 : 5fb610209f628a30bc5cdaf702c99530c272805b323cc959481ccf3d23fa38555d31b13b44340118c8b154235eead1e5cb42a17f23a0759464d140bf34a472f9 Size : 0.226 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@services.apps.conduit[2].txt |
Type : ASCII text MD5 : ae40cebdfb5bec847a119f467eb26be1 SHA-1 : 55139d66497b7c0b38a41e7caff0aa4ff38b4c00 SHA-256 : d373f5d6bf39239c52acf69b1e1ac4c955353c3d9223e918b110b4fb94e3049d SHA-512 : 84fd1d31e55f3dfcf7a093d639563dcb143e843022ca1d018c73fa7f1f6169b9799ca6781d765b022c989905bf539d9e9a2dd82fb0653a422d1cbc2f48dfd3f0 Size : 0.226 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\BitTorrentBar2\nsj4AA4.tbBit0.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : d2b7c6c7f95030e66500a15489542adb SHA-1 : 7148ac44c7fe0cb8d30a12acb28171ae1f609c20 SHA-256 : 742be6154a9de7cb52de8d78edccd3333cd7cfe740a65c7bed150472a5c69c23 SHA-512 : 4ecca9abb811998cdc28b57b5253fe75236e36692d2212ddc8dee21c30c8f39c0caff996618b243ce7bf9bdda4d527ed35aa8f0ef54354a51eea9067d41ebb3d Size : 5371.168 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[2].txt |
Type : ASCII text MD5 : dd69b85c178d98e1383a767426202446 SHA-1 : 420f4274b8a7d0ec7bf9ec6357cef6960700dbba SHA-256 : 983e9f67ebfb0bd02111eb91a58244dacacec4f22e79c1e8ae1d7c4dfda817c4 SHA-512 : 8c42dfc3fdd6f662fa152f24da64beb23a141ca4221c9a5a25246cd6c180419184d9de5d81e56b355f36e78bfb047330293729e7f8a0c33614f48fcb5f0d866d Size : 0.357 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.conduit[1].txt |
Type : ASCII text MD5 : 691e5723d174d8e55ce0f99e01816db2 SHA-1 : a4846647bf393f19b21558d15af90388000b311e SHA-256 : 46703bb9be2b2a0ff07e9fa108a15c5952fb6cf8481e9dfbd7f4b0c6392981e0 SHA-512 : dfcf623df586ac4f503a3d706b5eda0dbd4be9cc3f49b4dadd526da5e2e13fe9f9157c066298eda1bca0e3fd6c5e99bc9197ee75a50c5db20ae80a60f6d30472 Size : 0.217 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@services.apps.tbccint[2].txt |
Type : ASCII text MD5 : 851db8fb1f6755af5d0d2d581e904898 SHA-1 : e1a00c5f0f67e8e8aa795b28d6d2ecbc1ef1837b SHA-256 : af065007c6a9d6ee855d956d595828d34312391a825c16092846ad8f76cae243 SHA-512 : 663b7f2175b756c61327d5f6ddf97588433da8933737cc390c43c3663adb5a272271399051e16aecedcfe6ac316b4f1b3d8d8793b12a917707775966e45beeac Size : 0.226 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml |
Type : XML document text MD5 : abed9037e1f5337b08965b67c21f0184 SHA-1 : 57165cc37f9f23abc112dd142743c981a8ff77d0 SHA-256 : 14c09941fd04ec1ba2e8505dcff0369155b3603823e981508d059c7e517d9590 SHA-512 : d157bb0977656a3c385cb72e19895d85088c03d2b1c83dff7ffd6d1148e309322241e4b787215d2bf28527ec05aec08358510349bc716e39d95dccc534b92dda Size : 16.549 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@social.tbccint[2].txt |
Type : ASCII text MD5 : 36a382b6efd034cde94d466fa355be68 SHA-1 : 977f6631c93ed098ecebf875f056591c38ee89cc SHA-256 : 82f59bba07e5d1c1dc1cc76e93b4311cc6f2ac609dadd3aa7f2a925cce7212f1 SHA-512 : 8218dac36e7d4253b4233639e80e0bebd9f66245a3cd480a4e74126a7708fc2e45bf535467211c786480f54b319f387c8e801dcf8a54b1b9fc697da310c4981e Size : 0.219 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\home_icon.bmp |
Type : PC bitmap, Windows 3.x format, 24 x 20 x 24 MD5 : 8a0c3378d7c31243c0b2263224d7e3d5 SHA-1 : 072e222c1e42302c33e366d0b272a7b8e87f9434 SHA-256 : 56df65c805ae5b7ccaf1cb8ae871475998cb30af4722f8dbeefbb2b5cee8c4af SHA-512 : 422d682d52c980adb8e530dcac88d692021c1e80aa8b1e550422861f7eeb71c6371cf23af60201b359c98b6a8ec971d0909f7d5dd6d81d0e3ceded4c11598858 Size : 1.496 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.conduit[2].txt |
Type : ASCII text MD5 : d5b0926fc07e6c75c5792bc5e3f6fcae SHA-1 : 4790bb337ca99c196d54cf31b120d26dea1fa2a2 SHA-256 : 95987382f099b3f74308d331559aac226093e14c9a399570cddf6cd421d2a5dc SHA-512 : 9c5bbaa96098d48729975aead2191a00c501a142f5ae5a9dddf560d42839e41bac85c4bc9e2a07975eb9722b3261bd46947ad5fc085b28dd4b985b156eb45bdb Size : 0.218 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[1].txt |
Type : ASCII text MD5 : 43d220f0145ac925a51c5ac0e1cd9829 SHA-1 : c8d5bb20ac8151c4d5a3ad05781fbc09e9c52266 SHA-256 : 8890e3784ef8587caf3a406e9b998406a5fd3a1ff47bea9e28f871d75cabfc37 SHA-512 : 84fec8750fb0f2f11868f548de06b62e97eb735fd421e26dc7beb0e9c22b8c416af244ca2e189c97ea744e5b072f0eecfeaa6957e533bbcdc79bc4783c553227 Size : 0.358 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@search.conduit[3].txt |
Type : ASCII text MD5 : 2e24ba599b9ee5afb29b7de6b134b81a SHA-1 : 9c1493baceadddb058fc8a362832b9b3b2a362a7 SHA-256 : f6993d23e7fe10d7f244a866757a317b1917853da84014edc3377dd0e069219b SHA-512 : 132ef9b39cd6e0508d452686bbd6ac3f941cafcaa103d55f6405cf6d918cd824c8664a01f31754cd7a463343cc093b9ebf25d01b0fd81c91480b6248b05f6db9 Size : 0.164 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml.tmp |
Type : HTML document, ASCII text, with very long lines MD5 : 8f3365cfac1d758ff703bdce27bb9f5d SHA-1 : 4fdf61257e04816fe897826f6106e64bb12f80a0 SHA-256 : 419fa283337ac0abab620dc1e8566aaa384882ce2d37ab7890d6f5754dd3f409 SHA-512 : 87d08ddb593400876437b0f358ac9f4b6afd00b080d99e2927496a0b1ca2ef3b2e436ef18778e7a8ebe616fc93d133c19403e8acd7324c358b4dae6d5c7a24c4 Size : 774.666 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\System.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : bf712f32249029466fa86756f5546950 SHA-1 : 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e SHA-256 : 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af SHA-512 : 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4 Size : 11.264 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.tbccint[1].txt |
Type : ASCII text MD5 : dd4edd773ae1b7a3ce1e9b8e9142b586 SHA-1 : 0ee3eb7b79c7e888e83c9484064ee202b259fc7c SHA-256 : 518521acd8a9e8565214843fcb40f1497f7fe95e477a46dc46fe9d704759bd43 SHA-512 : cb9d5ca653de5ff2dd839185e87c67367331b4f7ffc88d71b1175f609fdad1f306397df43f5115f0bcf5c4fe1c37aae96cdf415d84433de1c486cade012e0c3b Size : 0.217 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@apps.cpccint[1].txt |
Type : ASCII text MD5 : 7734b88de8c303d11005adfdb21cdd26 SHA-1 : 34164ee2a181064b212ada405b9d5e261cd87941 SHA-256 : 1c94fd873d7b1c5930856fc53c76da0e1a1175f78550c1e9b47628da627cba86 SHA-512 : 49dd547f3451da2346b6e86a7165dd8024f5f6cd419215c6bf14d236e5046c535961286bc3aa25d99c3002a482fbde7c9d5e9d2e989eadb182cdee334eff7112 Size : 0.217 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@storage.stgbssint[1].txt |
Type : ASCII text MD5 : 404b46ea42005a40deeb2f01cd1ee888 SHA-1 : e1b66aa3ae794b2443189c4dd9a92eaf72efb7d2 SHA-256 : 22dca975d26430425d8b51d3438228361fca15b69d98a90f656791711a073ea9 SHA-512 : 9286453baa2301d1719020437794f1895b1ef4d46b0272b6ffdd40f8d051a0b82c97c2e47e55aede7a4395751ac9b839aa44f78b0d0da0cd056ba2bef1254b86 Size : 0.124 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@search.conduit[3].txt |
Type : ASCII text MD5 : b7e47ff29dbee82cb8297cb56e79fbe6 SHA-1 : 24320350033b96ed499b1bebeb498fc1c40697f6 SHA-256 : d988154e340671121956b784455c0de8d0d4c855b4ef7c2eadf590ed5fcec6ef SHA-512 : 7fa1094b8dea5f9f1f7692c93492f6ab7a0bc2e206ae44be82a554854f9de6dc324736406eb69a4544177f15879fc9f039533312fad4928472ecddee023822c8 Size : 0.162 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@social.conduit[1].txt |
Type : ASCII text MD5 : d6e065027bab23ccead87b337a920f4e SHA-1 : 8ac5cfbf14d79c28ae97e86f8069bdfc802552e6 SHA-256 : aa587fafe0a1f091f8ce74b3490c991320c7de77e3a04be7a412837b44281dcf SHA-512 : 68b4bf008349419140570586c0467dd628985343640456b78236f45c539bf8988b0df726473f3d76bd33a1cd1d5d66f5b08175f75520e713f6ce969ad313fcb0 Size : 0.219 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\license.txt |
Type : Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators MD5 : 7ae4e62f7e0b731a3193abfa2a8a5f44 SHA-1 : 8742d66b038c77b5816f05333a199601abf7a22e SHA-256 : a18697b6eefe70cfa1d960d4e2edfbe1a7540b7cd31716a94fac3363de57552e SHA-512 : 8d2dde55ca6db06de08f026318fd7b5bc6b95dc1b2c7e54744e19ef2924a3785ee144fbc8726cd5d62543da41acba475b96c8a16eb7a3f87a4a75224271419bd Size : 18.9 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nso498A.tmp\nsUtils.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 171ba3288223173eb5a1a5e440bb5b89 SHA-1 : a262058e83179a203697951bd59772d08cc74878 SHA-256 : 4a143646832a887c8b4bbf27a58890f3c4d46bb78d21ba240b4e1cdf24f20903 SHA-512 : f812668a35cb6df2ca5b7ef09deeb3a18341bd3807bba313d4f6d2182980b45848b018cee7564cf56f863e69b8a36787f60513ae5d8091e5d1eb0df1a5ed0082 Size : 314.656 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nso498A.tmp\System.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 4cf3a81ab4579b30117c8a39a489d51d SHA-1 : 61af475e11e4e79e6a11e761fcb540d9c5eec0e9 SHA-256 : 29f4a1c87161643e0ed5c46b46786d9a48437ec5dc6b99f4ff14037429e6e20a SHA-512 : 885d131304afbe92b9b0a16830b6b34c6b78e44f972c20aad63cf3695a400f2d82cf217753da2a2e5e399fdd5dd3306a257e9501a86884cad853e01ee125a664 Size : 11.264 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\f[1].txt |
Type : ASCII text, with no line terminators MD5 : 4c92b20a326d48c29f3fdeacec413f28 SHA-1 : f5ad31b21386e81e2e0fe12e5762bab39ddef710 SHA-256 : be04ee6479e67725d2dcd744cdacd0cc551e96d3a5318d0e6339fce3b0547839 SHA-512 : 5c9e3c8ee1a358be381e70800fef5f73820e70086efe235cea6fdca1e32668f6d5952ad065e5544df9041892934164bc5da1c7e5ac8238f5a23a50183b6e49c2 Size : 0.115 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\BitTorrentBar2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}.cpi |
Type : Microsoft Cabinet archive data, 178858 bytes, 3 files MD5 : 2593ae0f033d5bceb23969e71ba8b50a SHA-1 : 3e694845dc53f08ac299ca23da974c55f4b62e20 SHA-256 : 36420a4e62b637498c58938a38d79af45b05cd21cf0ea847a912da138fe7b6a5 SHA-512 : bbcbe6aa6f644d00d219d727589384377ae58d0118e566c08b3f98e9193043640cf9b21eb28fe2ce062c6390b48f7f913b2de6e3c7897d54ee039ea55d845de7 Size : 186.578 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\nsu28B7.tmp\license_uni.txt |
Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators MD5 : a63efffef7d089e0a4eb20aef0de7ebf SHA-1 : 24f5b721baff744495bf9fd2acf3d9ce80551e49 SHA-256 : 3678571ed7e5474dec2cefe9721d7449f8fb807bd68c7bc40fe0c287f4f5e26d SHA-512 : ada164c596a95e111eacbf47e47f7d34a4fc83e88fdb5331ddab42f875ceef2af2d8ff2666d4cc9be935b23bd94ed89e76a41bebea0c2d6baa974ccfc922cbae Size : 37.942 Kilobytes. |
| Match Rules |
|---|
| File Name: | None |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 267ef53ea1a203e5181a3ab0d7ad860085834b19 |
| MD5: | 4693fd2fba5e6d8a8c15699152edddaf |
| First Seen Date: | 2018-04-12 00:15:41.240484 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2018-08-07 15:15:17.355397 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 6 |
| trid | [[41.0, u'Win32 Executable MS Visual C++ (generic)'], [36.3, u'Win64 Executable (generic)'], [8.6, u'Win32 Dynamic Link Library (generic)'], [5.9, u'Win32 Executable (generic)'], [2.6, u'OS/2 Executable (generic)']] |
| compilation time stamp | 0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC] |
| LegalCopyright | Conduit Ltd. |
| FileDescription | BitTorrentBar2 Toolbar |
| FileVersion | 6.8.11.4 |
| CompanyName | Conduit |
| Translation | 0x0000 0x0000 |
| entry point | 0x403883 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 2151456 |
| ssdeep | |
| sha256 | 39a8831ca5858e191ca1da41b6d065145e9daf05e1351ca45c6ed15d6c7452ee |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash | be41bf7b8cc010b614bd36bbca606973 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x6dae | 0x6e00 | 6.50852956314 | 00499a6f70259150109c809d6aa0e6ed |
| .rdata | 0x8000 | 0x2a62 | 0x2c00 | 4.39053502099 | 07990aaa54c3bc638bb87a87f3fb13e3 |
| .data | 0xb000 | 0x67ebc | 0x200 | 1.43086025975 | 014871d9a00f0e0c8c2a7cd25606c453 |
| .ndata | 0x73000 | 0x329000 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 0x39c000 | 0xe40 | 0x1000 | 4.10848221943 | b8053a3ea607bb216bdbb83103a4fef9 |
| .reloc | 0x39d000 | 0xf32 | 0x1000 | 5.0350036709 | 1773d06731e6b6560afc389d53b9ae5c |
-
KERNEL32.dll
- SetFileTime
- CompareFileTime
- SearchPathW
- GetShortPathNameW
- GetFullPathNameW
- MoveFileW
- SetCurrentDirectoryW
- GetFileAttributesW
- GetLastError
- CreateDirectoryW
- SetFileAttributesW
- Sleep
- GetTickCount
- GetFileSize
- GetModuleFileNameW
- GetCurrentProcess
- CopyFileW
- ExitProcess
- GetWindowsDirectoryW
- GetTempPathW
- GetCommandLineW
- SetErrorMode
- lstrcpynA
- CloseHandle
- lstrcpynW
- GetDiskFreeSpaceW
- GlobalUnlock
- GlobalLock
- CreateThread
- LoadLibraryW
- CreateProcessW
- lstrcmpiA
- CreateFileW
- GetTempFileNameW
- lstrcatW
- GetProcAddress
- LoadLibraryA
- GetModuleHandleA
- OpenProcess
- lstrcpyW
- GetVersionExW
- GetSystemDirectoryW
- GetVersion
- lstrcpyA
- RemoveDirectoryW
- lstrcmpA
- lstrcmpiW
- lstrcmpW
- ExpandEnvironmentStringsW
- GlobalAlloc
- WaitForSingleObject
- GetExitCodeProcess
- GlobalFree
- GetModuleHandleW
- LoadLibraryExW
- FreeLibrary
- WritePrivateProfileStringW
- GetPrivateProfileStringW
- WideCharToMultiByte
- lstrlenA
- MulDiv
- WriteFile
- ReadFile
- MultiByteToWideChar
- SetFilePointer
- FindClose
- FindNextFileW
- FindFirstFileW
- DeleteFileW
- lstrlenW
-
USER32.dll
- GetAsyncKeyState
- IsDlgButtonChecked
- ScreenToClient
- GetMessagePos
- CallWindowProcW
- IsWindowVisible
- LoadBitmapW
- CloseClipboard
- SetClipboardData
- EmptyClipboard
- OpenClipboard
- TrackPopupMenu
- GetWindowRect
- AppendMenuW
- CreatePopupMenu
- GetSystemMetrics
- EndDialog
- EnableMenuItem
- GetSystemMenu
- SetClassLongW
- IsWindowEnabled
- SetWindowPos
- DialogBoxParamW
- CheckDlgButton
- CreateWindowExW
- SystemParametersInfoW
- RegisterClassW
- SetDlgItemTextW
- GetDlgItemTextW
- MessageBoxIndirectW
- CharNextA
- CharUpperW
- CharPrevW
- wvsprintfW
- DispatchMessageW
- PeekMessageW
- wsprintfA
- DestroyWindow
- CreateDialogParamW
- SetTimer
- SetWindowTextW
- PostQuitMessage
- SetForegroundWindow
- ShowWindow
- wsprintfW
- SendMessageTimeoutW
- LoadCursorW
- SetCursor
- GetWindowLongW
- GetSysColor
- CharNextW
- GetClassInfoW
- ExitWindowsEx
- IsWindow
- GetDlgItem
- SetWindowLongW
- LoadImageW
- GetDC
- EnableWindow
- InvalidateRect
- SendMessageW
- DefWindowProcW
- BeginPaint
- GetClientRect
- FillRect
- DrawTextW
- EndPaint
- FindWindowExW
-
GDI32.dll
- SetBkColor
- GetDeviceCaps
- DeleteObject
- CreateBrushIndirect
- CreateFontIndirectW
- SetBkMode
- SetTextColor
- SelectObject
-
SHELL32.dll
- SHBrowseForFolderW
- SHGetPathFromIDListW
- SHGetFileInfoW
- ShellExecuteW
- SHFileOperationW
- SHGetSpecialFolderLocation
-
ADVAPI32.dll
- RegEnumKeyW
- RegOpenKeyExW
- RegCloseKey
- RegDeleteKeyW
- RegDeleteValueW
- RegCreateKeyExW
- RegSetValueExW
- RegQueryValueExW
- RegEnumValueW
-
COMCTL32.dll
- ImageList_AddMasked
- ImageList_Destroy
- None
- ImageList_Create
-
ole32.dll
- CoTaskMemFree
- OleInitialize
- OleUninitialize
- CoCreateInstance
-
VERSION.dll
- GetFileVersionInfoSizeW
- GetFileVersionInfoW
- VerQueryValueW
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 3785176, u'sha256': u'fa38c19f3e9ff3140b9a653ac955d2677b857080342bd200120b7447ba662287', u'type': u'data', u'size': 744}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 3785920, u'sha256': u'4d3e102d142256cfff78342a603b41ab4318b5d8a59377e2f7f5dc1b4c723706', u'type': u'data', u'size': 480}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 3786400, u'sha256': u'2bf0937151f0150eaf671e145d86a2a8a986519646c185b7bf95cef23afc014e', u'type': u'data', u'size': 248}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 3786648, u'sha256': u'18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01', u'type': u'data', u'size': 238}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 3786888, u'sha256': u'c914a0ae7093e6d85946fe32540dee4047660be2114a5d823fe8f545b69c2568', u'type': u'MS Windows icon resource - 1 icon, 32x32, 16 colors', u'size': 20}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 3786912, u'sha256': u'da549e248424d0596b1f449c02cc1ed14100cb518ead63479f02c61d7453f488', u'type': u'data', u'size': 472}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 3787384, u'sha256': u'dcafe7f3c92e74965a00b611e1cbff922273b3d4a491f079faaa1b4915040d12', u'type': u'XML 1.0 document, ASCII text, with very long lines, with no line terminators', u'size': 968}