Bang5Tao Ads

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank:	13,016
Threat Level:	20 % (Normal)
Infected Computers:	21,044

First Seen:	September 10, 2015
Last Seen:	October 28, 2025
OS(es) Affected:	Windows

The Bang5Tao Chinese browser plug-in from B5MSoft Ltd. is promoted as a search enhancer, and it may travel bundled with free media players like iQIYI and DAUM Pot Player. The Bang5Tao browser plugin may change your default search engine and homepage to Baidu.com and slow down your Internet browser. Security investigators recognize the Bang5Tao plugin as adware that may run as a background service on your system named b5t.exe. The Bang5Tao adware may redirect you to sponsored websites and offer you to purchase goods in Chinese online stores that may not be welcomed by non-mandarin speakers. Additionally, the Bang5Tao adware may reroute your Internet traffic through the servers of advertisers and collect Internet usage statistics like your browsing and download history.

The Bang5Tao adware may change your DNS settings and use DOM storage data to facilitate behavioral marketing. Security investigators note that the ads by Bang5Tao may appear as banners, pop-up windows, floating ad-boxes and might not be safe. The Bang5Tao adware may register several runtime DLL files in Windows and affect Internet Explorer, Google Chrome and Mozilla Firefox. Moreover, users that are infected with the Bang5Tao adware may be provided with links to suspicious websites that may host the Parite cyber threat. The Bang5Tao adware is similar to the Eye Perform adware and may place its main executable in the AppData folder to avoid security scans. The Bang5Tao can run on 32-bit and 64-bit Windows systems, and you should use a renowned anti-spyware utility to clean your machine.

Table of Contents

SpyHunter Detects & Remove Bang5Tao Ads

File System Details

Bang5Tao Ads may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	b5tservice.exe	7492655675372d76cc0a111ad59b31b3	105
Name: b5tservice.exe MD5: 7492655675372d76cc0a111ad59b31b3 Size: 578.36 KB (578368 bytes) Detections: 105 Type: Executable File Path: c:\Users\<username>\appdata\local\b5t\share\b5tservice.exe Group: Malware file Last Updated: July 5, 2022
2.	B5TService.exe.tmp32bef	a0052533714a9ece9b939047537a420a	69
Name: B5TService.exe.tmp32bef MD5: a0052533714a9ece9b939047537a420a Size: 684.87 KB (684872 bytes) Detections: 69 Path: C:\C\Users\<username>\AppData\Local\B5T\Share\B5TService.exe.tmp32bef Group: Malware file Last Updated: May 2, 2022
3.	B5TShoppingAssistant64.dll	aee069e0959d08ce057ae5bb038f4a08	63
Name: B5TShoppingAssistant64.dll MD5: aee069e0959d08ce057ae5bb038f4a08 Size: 1.04 MB (1040712 bytes) Detections: 63 Type: Dynamic link library Path: F:\dick E\Users\<username>\AppData\Local\Temp\342c9\6.0.5.3\B5TShoppingAssistant64.dll Group: Malware file Last Updated: February 6, 2024
4.	ascroll.exe	028425b755ede72b7a01af1e87135b25	59
Name: ascroll.exe MD5: 028425b755ede72b7a01af1e87135b25 Size: 187 KB (187000 bytes) Detections: 59 Type: Executable File Path: %APPDATA%\25074415 Group: Malware file Last Updated: July 16, 2018
5.	JSPopup.exe	ebf4dfdaaf3214cc9205a1bef418eb00	35
Name: JSPopup.exe MD5: ebf4dfdaaf3214cc9205a1bef418eb00 Size: 280.39 KB (280392 bytes) Detections: 35 Type: Executable File Path: %LOCALAPPDATA%\B5T\ShoppingAssistant Group: Malware file Last Updated: November 8, 2022
6.	B5TChecker.exe	17759e69993e2c3da979272902736e46	32
Name: B5TChecker.exe MD5: 17759e69993e2c3da979272902736e46 Size: 1.07 MB (1078088 bytes) Detections: 32 Type: Executable File Path: F:\dick E\Users\<username>\AppData\Local\Temp\342c9\6.0.5.3\B5TChecker.exe Group: Malware file Last Updated: February 6, 2024
7.	B5TMini.exe	6bf4bca0f89e061fcd2e49c06c400aa1	26
Name: B5TMini.exe MD5: 6bf4bca0f89e061fcd2e49c06c400aa1 Size: 788.8 KB (788808 bytes) Detections: 26 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\B5TMini.exe Group: Malware file Last Updated: August 17, 2022
8.	AutoInstallPlugins.exe	8f3d05e14f6586b5443068ddf5cc7528	25
Name: AutoInstallPlugins.exe MD5: 8f3d05e14f6586b5443068ddf5cc7528 Size: 974.66 KB (974664 bytes) Detections: 25 Type: Executable File Path: %LOCALAPPDATA%\B5T\ShoppingAssistant Group: Malware file Last Updated: November 8, 2022
9.	Mini.exe	259e95fae043a5a1572fcf48f8bd6ecc	23
Name: Mini.exe MD5: 259e95fae043a5a1572fcf48f8bd6ecc Size: 500.55 KB (500552 bytes) Detections: 23 Type: Executable File Path: %LOCALAPPDATA%\B5T\ShoppingAssistant Group: Malware file Last Updated: March 8, 2020
10.	B5TAdatperChrm.exe	62756f4a364f6b0852849be9f47e74aa	19
Name: B5TAdatperChrm.exe MD5: 62756f4a364f6b0852849be9f47e74aa Size: 290.63 KB (290632 bytes) Detections: 19 Type: Executable File Path: C:\Users\<username>\AppData\Local\B5T\ShoppingAssistant\NaMsgHost\B5TAdatperChrm.exe Group: Malware file Last Updated: June 22, 2022
11.	B5TPopup.exe	2b6b50f368bb6b488d6f0e76fb61071c	19
Name: B5TPopup.exe MD5: 2b6b50f368bb6b488d6f0e76fb61071c Size: 796.99 KB (796992 bytes) Detections: 19 Type: Executable File Path: C:\Users\<username>\AppData\Local\B5T\6.0.5.8\B5TPopup.exe Group: Malware file Last Updated: July 5, 2022
12.	B5TUpdate.exe	f9d5e6f552713243c041242bd37eff47	18
Name: B5TUpdate.exe MD5: f9d5e6f552713243c041242bd37eff47 Size: 106.1 KB (106104 bytes) Detections: 18 Type: Executable File Path: %LOCALAPPDATA%\B5T\ShoppingAssistant\3.4.1 Group: Malware file Last Updated: October 13, 2017
13.	B5TAdaptorChrm.exe	42e81dcf48d2caba3b0d53bf69f9cd6f	14
Name: B5TAdaptorChrm.exe MD5: 42e81dcf48d2caba3b0d53bf69f9cd6f Size: 776 KB (776008 bytes) Detections: 14 Type: Executable File Path: C:\Users\<username>\AppData\Local\B5T\6.0.3\NaMsgHost\B5TAdaptorChrm.exe Group: Malware file Last Updated: June 27, 2021
14.	B5TBubble.exe	bce21ec9272215517571a005dd08c204	8
Name: B5TBubble.exe MD5: bce21ec9272215517571a005dd08c204 Size: 793.92 KB (793920 bytes) Detections: 8 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\B5TBubble.exe Group: Malware file Last Updated: February 10, 2022
15.	B5TShoppingAssistant.dll	c30e13ad1dab31db85ec808aa863733f	6
Name: B5TShoppingAssistant.dll MD5: c30e13ad1dab31db85ec808aa863733f Size: 769.85 KB (769856 bytes) Detections: 6 Type: Dynamic link library Path: C:\Documents and Settings\<username>\B5TTmp\6.0.5.7\B5TShoppingAssistant.dll Group: Malware file Last Updated: July 5, 2022
16.	jywebHelper.dll	695f411b0db42fd91473fec7cdf85920	4
Name: jywebHelper.dll MD5: 695f411b0db42fd91473fec7cdf85920 Size: 370.29 KB (370296 bytes) Detections: 4 Type: Dynamic link library Path: %APPDATA%\3428964 Group: Malware file Last Updated: July 16, 2018
17.	jyueservice.exe	59e6417f8d7c6edb0c8f6dcfcd66adaf	1
Name: jyueservice.exe MD5: 59e6417f8d7c6edb0c8f6dcfcd66adaf Size: 312.95 KB (312952 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\96584187 Group: Malware file Last Updated: December 31, 2016

More files

Registry Details

Bang5Tao Ads may create the following registry entry or registry entries:

CLSID

{260669B1-FC2C-41C0-BAA2-6EF3BB188660}

{49037283-B545-42CB-9A9A-27661E5E8C9D}

{50C04C40-4BD9-45A0-9423-7A473E5493F2}

{73CBCCED-2D9F-4ABB-904A-DA8C08B341F4}

File name without path

http_t.b5m.com_0.localstorage

http_t.b5m.com_0.localstorage-journal

HKEY..\..\..\..{RegistryKeys}

Software\B5MSoft\B5T

SOFTWARE\B5TService

SOFTWARE\Classes\b5m_app_extension.ShopAssist

Software\Classes\B5MSoft.Bang5TaoPlugin

Software\Classes\B5MSoft.Bang5TaoPlugin.1

SOFTWARE\Classes\Wow6432Node\AppID\b5m_app_extension.DLL

SOFTWARE\Google\Chrome\NativeMessagingHosts\com.b5t.chrome.namsg.b5t

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FEACEAD-DF16-43F3-8C0E-C60EC5277EA9}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4F4BB3-82A5-4145-82E0-DA8886E3EAA0}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69E48444-5D4C-4741-960A-3D117D062906}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C02014-DFC0-45FC-A679-993156DE9759}

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b5m.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\t.b5m.com

SOFTWARE\Microsoft\Tracing\B5TClient_RASAPI32

SOFTWARE\Microsoft\Tracing\B5TClient_RASMANCS

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58d47fff-63ef-572e-843f-e5dd6aa0005d}

SOFTWARE\MozillaPlugins\B5MSoft.com/Bang5TaoPlugin

SOFTWARE\Wow6432Node\B5TService

SOFTWARE\Wow6432Node\Classes\AppID\b5m_app_extension.DLL

SOFTWARE\Wow6432Node\Microsoft\Tracing\B5TClient_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\B5TClient_RASMANCS

SYSTEM\ControlSet001\Services\B5TService

Directories

Bang5Tao Ads may create the following directory or directories:

%ALLUSERSPROFILE%\B5TTmp

%LOCALAPPDATA%\B5T

%LOCALAPPDATA%\jyrili

%LOCALAPPDATA%\jyrl

%PROGRAMFILES%\B5TService

%PROGRAMFILES(x86)%\B5TService

%USERPROFILE%\AppData\LocalLow\B5T

%USERPROFILE%\AppData\LocalLow\B5TUpdate

%UserProfile%\Local Settings\Application Data\B5T

%localappdata%\fanqianbao

Analysis Report

General information

Family Name:	Adware.Bang5Tao
Signature status:	Root Not Trusted

Known Samples

MD5: 5d1c9e93f67c34b9ca531d3e18d1600f

SHA1: 6d92de7a605b03e8362835c32ef035a2da8cfa17

SHA256: 0FD2AFB20E8B8B0ADC46D9E830C1F7400749B3D757F3AA9F49C5D70FADEB3E5F

File Size: 1.77 MB, 1769544 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Company Name	koushuidang.cn
File Description	口水党Native Message模块
File Version	1.2.0.8
Internal Name	TCAdaptorChrm.exe
Legal Copyright	Copyright(C) 2011-2016 KouShuiDang Network Technology Co. Ltd.
Original Filename	TCAdaptorChrm.exe
Product Name	口水党Native Message模块
Product Version	1.2.0.8

Digital Signatures

Signer	Root	Status
Shanghai Ban Ru Tech Co. Ltd.	Certification Authority of WoSign	Root Not Trusted

Block Information

Total Blocks:	5,626
Potentially Malicious Blocks:	279
Whitelisted Blocks:	3,846
Unknown Blocks:	1,501

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 x 0 0 ? ? ? 0 0 x 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? 0 0 0 ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? 0 x x x 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 x 0 0 ? ? ? ? 0 ? ? ? ? ? ? x 0 x ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? x ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? x x ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 ? 1 ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x ? ? ? ? ? 0 x ? ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? x 0 ? 0 x 0 0 x x x 0 x x 0 x x x x x x 0 x ? 0 0 0 0 0 ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? 0 ? ? ? ? 0 0 ? ? ? x x ? ? ? ? 0 0 0 x x x 0 0 ? 0 0 0 0 ? 0 0 0 0 x 0 ? ? ? x ? x x ? ? 0 ? ? ? x ? ? x 0 ? 0 ? 0 ? 0 0 0 ? x ? x ? ? ? ? ? ? x ? x x 0 x ? ? 0 x 0 0 0 ? 0 ? ? 0 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? ? ? x ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? x x x x ? ? 0 ? ? ? ? 0 ? 0 x 0 x ? 0 x ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? x 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? 0 x x 0 x 0 x x 0 x ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 0 0 ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? x x 0 ? ? ? ? 0 ? 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 x 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? x x ? ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 x ? 0 x 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 x ? ? ? ? x 0 0 x 0 ? ? ? ? ? ? ? ? ? ? 0 x 0 x x x x x x 0 ? ? 0 x x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 ? 0 0 0 0 ? ? 0 0 0 x 0 2 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bin	Synchronize,Write Attributes
c:\users\user\appdata\locallow\tucao\setting\tucao1.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\tucao\setting\tucao1.ini	Generic Write,Read Attributes
c:\users\user\appdata\locallow\tucao\setting\tucao2.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\tucao\setting\tucao2.ini	Generic Write,Read Attributes
c:\users\user\appdata\locallow\tucao\setting\tucao3.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\tucao\setting\tucao3.ini	Generic Write,Read Attributes
c:\users\user\downloads\ØËx-"	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\appsids::values100	jJA/f14jz7plOFxqVed6SzBUA5iHF5EFerG5	RegNtPreCreateKey
HKCU\software\tucao\st::state2		RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges
Network Info Queried	GetAdaptersInfo
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReceiveResponse WinHttpSendRequest

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Bang5Tao Ads

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Bang5Tao Ads

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Pixnapping Android Flaw

My Weather Tab Browser Extension

Plasma (XPL) Allocation Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen