Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
taskbarsystem.exe

Overview

General Information

Sample Name:taskbarsystem.exe
Analysis ID:592050
MD5:fa22ea3bcf63f1bfb0773dc5771b32ac
SHA1:fd4893dfa4445626a797aaf520a4d7f3c76da1b8
SHA256:7f414d8546d87b96cd55148442265f31b6ab25bba3769cc0165ec2d66dabed9a
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Multi AV Scanner detection for dropped file
Obfuscated command line found
Uses 32bit PE files
PE file contains strange resources
Drops PE files
PE file contains sections with non-standard names
Found dropped PE file which has not been started or loaded

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
  • System is start
  • taskbarsystem.exe (PID: 1796 cmdline: "C:\Users\alfredo\Desktop\taskbarsystem.exe" MD5: FA22EA3BCF63F1BFB0773DC5771B32AC)
    • taskbarsystem.tmp (PID: 1744 cmdline: "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe" MD5: 9551767A6C00FC0A87EAEB6C4CF9CBFD)
  • cleanup
No yara matches

There are no malicious signatures, click here to show all signatures.

Source: Process startedAuthor: frack113: Data: Command: "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe" , CommandLine: "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe" , CommandLine|base64offset|contains: , Image: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp, NewProcessName: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp, OriginalFileName: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp, ParentCommandLine: "C:\Users\alfredo\Desktop\taskbarsystem.exe" , ParentImage: C:\Users\alfredo\Desktop\taskbarsystem.exe, ParentProcessId: 1796, ProcessCommandLine: "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe" , ProcessId: 1744

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmpVirustotal: Detection: 9%Perma Link
Source: taskbarsystem.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: taskbarsystem.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 172.67.195.61:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: taskbarsystem.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: stats.taskbarsystem.com
Source: unknownHTTPS traffic detected: 172.67.195.61:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: taskbarsystem.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Source: taskbarsystem.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: unknownProcess created: C:\Users\alfredo\Desktop\taskbarsystem.exe "C:\Users\alfredo\Desktop\taskbarsystem.exe"
Source: C:\Users\alfredo\Desktop\taskbarsystem.exeProcess created: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe"
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp
Source: classification engineClassification label: sus26.winEXE@2/18@1/11
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow found: window name: TNewStaticText
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Please note that Taskbar system contains SDK ( owned by https://globalhop.net/) with proxy leveraging functionality. By installing Taskbar system you agree to share part of your internet resources. So Globalhop and its clients might route internet traffic through your device as an exit point to internet (Imagine how VPN would be used but just on a greater scale for companies).By installing Taskbar system you agree to HYPERLINK https://taskbarsystem.com/privacy/ Privacy Policy and HYPERLINK https://taskbarsystem.com/licence/ End User Licensing Agreement. You may uninstall the application using "Add/remove Programs".I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: taskbarsystem.exeStatic file information: File size 5928824 > 1048576
Source: taskbarsystem.exeStatic PE information: certificate valid
Source: taskbarsystem.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation

barindex
Source: C:\Users\alfredo\Desktop\taskbarsystem.exeProcess created: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp "C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp" /SL5="$20386,5206136,1060864,C:\Users\alfredo\Desktop\taskbarsystem.exe"
Source: taskbarsystem.exeStatic PE information: section name: .didata
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Countly.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-M4TV9.tmpJump to dropped file
Source: C:\Users\alfredo\Desktop\taskbarsystem.exeFile created: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-44CDC.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0MEPP.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\SharpRaven.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-RG9J5.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\sdk.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\System.Threading.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpFile created: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-H38B1.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Countly.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-M4TV9.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-44CDC.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0MEPP.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\SharpRaven.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-RG9J5.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\System.Threading.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\sdk.dll (copy)Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpDropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-H38B1.tmpJump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpProcess information queried: ProcessInformation
Source: C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager2
System Owner/User Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS2
System Information Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Remote System Discovery
SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
taskbarsystem.exe1%VirustotalBrowse
taskbarsystem.exe4%ReversingLabs
SourceDetectionScannerLabelLink
C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp\_isetup\_setup64.tmp0%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp\_isetup\_setup64.tmp0%MetadefenderBrowse
C:\Users\alfredo\AppData\Local\Temp\is-6TOSR.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp0%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp2%ReversingLabs
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmp9%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmp3%MetadefenderBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\is-0770A.tmp11%ReversingLabsByteCode-MSIL.PUA.TaskbarSystem
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Countly.dll (copy)0%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Countly.dll (copy)0%MetadefenderBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Countly.dll (copy)0%ReversingLabs
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll (copy)0%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll (copy)0%MetadefenderBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll (copy)0%ReversingLabs
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\SharpRaven.dll (copy)0%VirustotalBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\SharpRaven.dll (copy)0%MetadefenderBrowse
C:\Users\alfredo\AppData\Local\Programs\Taskbar system\SharpRaven.dll (copy)0%ReversingLabs
No Antivirus matches
SourceDetectionScannerLabelLink
stats.taskbarsystem.com0%VirustotalBrowse
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
stats.taskbarsystem.com
172.67.195.61
truefalseunknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
172.67.195.61
stats.taskbarsystem.comUnited States
13335CLOUDFLARENETUSfalse
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:592050
Start date and time:2022-03-18 14:19:11 +01:00
Joe Sandbox Product:CloudBasic
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:taskbarsystem.exe
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Number of analysed new started processes analysed:19
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Detection:SUS
Classification:sus26.winEXE@2/18@1/11
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 20.190.159.4, 20.190.159.23, 40.126.31.69, 20.190.159.2, 20.190.159.64, 40.126.31.71, 40.126.31.73, 20.190.159.0
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, login.live.com, login.msa.msidentity.com, www.tm.a.prd.aadg.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):112640
Entropy (8bit):6.258980466280452
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Antivirus:
  • Antivirus: Virustotal, Detection: 0%, Browse
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^.........." ..0.................. ........... ....................... ............@.....................................O...................................8...T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........8.............................................................{....*"..}....*J.(.....s....(....*N.(......s....o....*.0...........(....-..o....9.....(....-..*.o....-..*.(....o........o....o....(....-..(....o........o....o....( ...*..+A.(.....o!....o.....o!...o"...-..(.....o!....o.....o!...o....*..X...(....o....2..*..{....*"..}....*..{....*"..}....*V.(......(......(....*..(....*..0...........(....-..o....,9.(....-..*.o....-..*.(.....o....o#...-..(.....o....o$...*.(.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):475136
Entropy (8bit):6.032338173466497
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Antivirus:
  • Antivirus: Virustotal, Detection: 0%, Browse
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............" ..0..6..........vT... ...`....... ...............................E....@................................."T..O....`..d...........................TS..8............................................ ............... ..H............text...L5... ...6.................. ..`.rsrc...d....`.......8..............@..@.reloc...............>..............@..B................VT......H........ ..D2...................R........................................(....*..(....*..{....*"..}....*..(&...*:.(&.....}....*"..('...*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{*...*>..}*.....(....*..{+...*>..}+.....(....*..{%...*"..}%...*..0...........{&......(....-..*..(....*6..s....}&...*.0...........{'......(....-..*..(....*6..s....}'...*.0...........{(......(....-..*..(....*6..s....}(...*.0...........{)......(....-.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):74240
Entropy (8bit):5.981707703937726
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Antivirus:
  • Antivirus: Virustotal, Detection: 0%, Browse
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....h..........." ..0..............6... ...@....... ....................................@..................................6..O....@..\....................`.......6..8............................................ ............... ..H............text........ ...................... ..`.rsrc...\....@......................@..@.reloc.......`....... ..............@..B.................6......H.......P^..............................................................F.r...p(....t:...*.~....*..( ...*Vr...p(!...u.........*..0..M........("....({...,.r...ps#...z...s$...}......{....(....}......{....(....%-.&r...pr...ps%...z}......{....o&...}......{....(....}......{....(....}....rQ..p......%..{....o'....%..{....o(....%..(.....^....%..(.....%..(.....()......s$...}....r...p......%..{....o'....%..{....o(....%..(.....^....%..(.....()......s$...}.......r...pr...p.s*...z*...A...
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):387408
Entropy (8bit):6.245055544213165
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.RM...........!................N.... ........@.. .......................@......>,....@.....................................O.......................P.... ......t................................................ ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........R..X...................P ......................................QN..u...I..k.i.(..7[..-.J.C.H....................O.,.gi...FuSH.. .A../...##K4%t.]..-o.b.xA..*......2^s....6.k|.u.T...*.*.*.*V.r...p(@...,.r9..p*.**.(A.....R*..(B...*&..(B...R*"..(C...*"..(D...**...(C...R*..(E...*r.(E....-.r...psF...z..}G...*....0.. ........{G...oH..........{G.....o.....*..{....*"..}....*F.r...p(....(M...*"..(M...*&...(N...*:.(......(....*>..(......(....*B...(......(....*&...(O
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):919184
Entropy (8bit):1.9927697535703082
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1...............0..\...p.......z... ........@.. ....................... .......G....@.................................6z..O.......xl...............8...........y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc...xl.......n...^..............@..@.reloc..............................@..B................jz......H........N...m...........................................................0..3........r...p..s......,.(.......,..o........(R....oS.....*.....................$$.......0..........()...(......(*....*..................0..........(5...o6...(......(5...o7....*....................0..".......sA....(....sy...(.......,..o.....*...................(...........s....o ..........s!...("....(#...($....(%...*Z(R....o&...t....oS...*Z(R....o'...oS...((...*..()...*.~....-.r[..p.....(*...o+...s,..
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):919184
Entropy (8bit):1.9927697535703082
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:true
Antivirus:
  • Antivirus: Virustotal, Detection: 9%, Browse
  • Antivirus: Metadefender, Detection: 3%, Browse
  • Antivirus: ReversingLabs, Detection: 11%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1...............0..\...p.......z... ........@.. ....................... .......G....@.................................6z..O.......xl...............8...........y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc...xl.......n...^..............@..@.reloc..............................@..B................jz......H........N...m...........................................................0..3........r...p..s......,.(.......,..o........(R....oS.....*.....................$$.......0..........()...(......(*....*..................0..........(5...o6...(......(5...o7....*....................0..".......sA....(....sy...(.......,..o.....*...................(...........s....o ..........s!...("....(#...($....(%...*Z(R....o&...t....oS...*Z(R....o'...oS...((...*..()...*.~....-.r[..p.....(*...o+...s,..
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):74240
Entropy (8bit):5.981707703937726
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....h..........." ..0..............6... ...@....... ....................................@..................................6..O....@..\....................`.......6..8............................................ ............... ..H............text........ ...................... ..`.rsrc...\....@......................@..@.reloc.......`....... ..............@..B.................6......H.......P^..............................................................F.r...p(....t:...*.~....*..( ...*Vr...p(!...u.........*..0..M........("....({...,.r...ps#...z...s$...}......{....(....}......{....(....%-.&r...pr...ps%...z}......{....o&...}......{....(....}......{....(....}....rQ..p......%..{....o'....%..{....o(....%..(.....^....%..(.....%..(.....()......s$...}....r...p......%..{....o'....%..{....o(....%..(.....^....%..(.....()......s$...}.......r...pr...p.s*...z*...A...
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):112640
Entropy (8bit):6.258980466280452
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^.........." ..0.................. ........... ....................... ............@.....................................O...................................8...T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........8.............................................................{....*"..}....*J.(.....s....(....*N.(......s....o....*.0...........(....-..o....9.....(....-..*.o....-..*.(....o........o....o....(....-..(....o........o....o....( ...*..+A.(.....o!....o.....o!...o"...-..(.....o!....o.....o!...o....*..X...(....o....2..*..{....*"..}....*..{....*"..}....*V.(......(......(....*..(....*..0...........(....-..o....,9.(....-..*.o....-..*.(.....o....o#...-..(.....o....o$...*.(.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):1740
Entropy (8bit):4.95649663761305
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="TaskbarSystem.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <startup>.. <supportedRuntime version="v2.0.50727" />.. <supportedRuntime version="v4.0" />.. </startup>.. <userSettings>.. <TaskbarSystem.Properties.Settings>.. <setting name="Active" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="Current" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="CustomColor" serializeAs="String">.. <value>Black</value>..
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):387408
Entropy (8bit):6.245055544213165
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.RM...........!................N.... ........@.. .......................@......>,....@.....................................O.......................P.... ......t................................................ ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........R..X...................P ......................................QN..u...I..k.i.(..7[..-.J.C.H....................O.,.gi...FuSH.. .A../...##K4%t.]..-o.b.xA..*......2^s....6.k|.u.T...*.*.*.*V.r...p(@...,.r9..p*.**.(A.....R*..(B...*&..(B...R*"..(C...*"..(D...**...(C...R*..(E...*r.(E....-.r...psF...z..}G...*....0.. ........{G...oH..........{G.....o.....*..{....*"..}....*F.r...p(....(M...*"..(M...*&...(N...*:.(......(....*>..(......(....*B...(......(....*&...(O
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):475136
Entropy (8bit):6.032338173466497
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............" ..0..6..........vT... ...`....... ...............................E....@................................."T..O....`..d...........................TS..8............................................ ............... ..H............text...L5... ...6.................. ..`.rsrc...d....`.......8..............@..@.reloc...............>..............@..B................VT......H........ ..D2...................R........................................(....*..(....*..{....*"..}....*..(&...*:.(&.....}....*"..('...*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{*...*>..}*.....(....*..{+...*>..}+.....(....*..{%...*"..}%...*..0...........{&......(....-..*..(....*6..s....}&...*.0...........{'......(....-..*..(....*6..s....}'...*.0...........{(......(....-..*..(....*6..s....}(...*.0...........{)......(....-.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):14318734
Entropy (8bit):6.346407401864903
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h3._.n..>8.....!...".X-...j..............p-....n................................."........ .......................[.7....pi...............................i.4M..........................4.Y.....................\qi. ............................text...xW-......X-.................`.``.data...H....p-......^-.............@.`..rdata...(..P1...(..41.............@.`@.bss....L.....Z.......................`..edata..7.....[.......Y.............@.0@.idata.......pi......~g.............@.0..CRT....,.....i.......g.............@.0..tls..........i.......g.............@.0..reloc..4M....i..N....g.............@.0B/4............l.......j.............@.@B/19.....4.....m.......j.............@..B/35...........n.......l.............@..B/51......~(...r...(..Hp.............@..B/63.....M).......*.................@..B/77..........0.....................@..B/89..........P..........
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):14318734
Entropy (8bit):6.346407401864903
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h3._.n..>8.....!...".X-...j..............p-....n................................."........ .......................[.7....pi...............................i.4M..........................4.Y.....................\qi. ............................text...xW-......X-.................`.``.data...H....p-......^-.............@.`..rdata...(..P1...(..41.............@.`@.bss....L.....Z.......................`..edata..7.....[.......Y.............@.0@.idata.......pi......~g.............@.0..CRT....,.....i.......g.............@.0..tls..........i.......g.............@.0..reloc..4M....i..N....g.............@.0B/4............l.......j.............@.@B/19.....4.....m.......j.............@..B/35...........n.......l.............@..B/51......~(...r...(..Hp.............@..B/63.....M).......*.................@..B/77..........0.....................@..B/89..........P..........
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:data
Category:dropped
Size (bytes):9080
Entropy (8bit):3.9898254273835287
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:Inno Setup Uninstall Log (b)....................................{C40E1200-5BEC-410C-B3C5-F7B475729D42}..........................................................................................Taskbar system..........................................................................................................................x#..!...............................................................................................................o..............................5.8.5.9.4.8......a.l.f.r.e.d.o......C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.T.a.s.k.b.a.r. .s.y.s.t.e.m....................... ..........0...IFPS....'........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TDOTNETVE
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:data
Category:dropped
Size (bytes):23487
Entropy (8bit):3.2740823534345593
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:Inno Setup Messages (6.0.0) (u).....................................r[........Y.C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4...C.o.m.p.i.l.e.d. .w.i.t.h. .I.n.n.o. .S.c.r.i.p.t. .S.t.u.d.i.o. .F.r.e.e. .....h.t.t.p.:././.w.w.w...k.y.m.o.t.o...o.r.g...A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):6144
Entropy (8bit):4.720366600008286
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Antivirus:
  • Antivirus: Virustotal, Detection: 0%, Browse
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
Process:C:\Users\alfredo\Desktop\taskbarsystem.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2866320
Entropy (8bit):6.058396404739907
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:true
Antivirus:
  • Antivirus: Virustotal, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:low
Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....m^..................%...........%.......%...@..........................p,.......+...@......@....................'.......&..5...0'..4............+..8................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc....4...0'..6...N&.............@..@............. (......:'.............@..@........................................................
Process:C:\Users\alfredo\AppData\Local\Temp\is-R7UCI.tmp\taskbarsystem.tmp
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Mar 18 21:21:17 2022, mtime=Fri Mar 18 21:21:17 2022, atime=Wed Dec 9 17:34:42 2020, length=919184, window=hide
Category:dropped
Size (bytes):1347
Entropy (8bit):4.879576017765195
Encrypted:false
SSDEEP:
MD5:D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:false
Reputation:low
Preview:L..................F.... ...m..|.;...f.|.;....|.Y...........................>.:..DG..Yr?.D..U..k0.&...&.......4.]x\...........jG..;......t...CFSF..1......RDy..AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......RDyrTp...........................w.i.A.p.p.D.a.t.a...B.P.1.....rTy...Local.<.......RDyrTy...............................L.o.c.a.l.....Z.1.....rTy...Programs..B......rTy.rTy.....Xa.....................b..P.r.o.g.r.a.m.s.....f.1.....rT....TASKBA~1..N......rT..rT......2l....................=...T.a.s.k.b.a.r. .s.y.s.t.e.m.....p.2......QU. .TASKBA~1.EXE..T......rT..rT......Gl........................T.a.s.k.b.a.r.S.y.s.t.e.m...e.x.e.......w...............-.......v............n@ .....C:\Users\alfredo\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe..A.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.T.a.s.k.b.a.r. .s.y.s.t.e.m.\.T.a.s.k.b.a.r.S.y.s.t.e.m...e.x.e.6.C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.T.a.s.k.b.a.r.
File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.78573574960863
TrID:
  • Win32 Executable (generic) a (10002005/4) 98.45%
  • Inno Setup installer (109748/4) 1.08%
  • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
  • Win16/32 Executable Delphi generic (2074/23) 0.02%
  • Generic Win/DOS Executable (2004/3) 0.02%
File name:taskbarsystem.exe
File size:5928824
MD5:fa22ea3bcf63f1bfb0773dc5771b32ac
SHA1:fd4893dfa4445626a797aaf520a4d7f3c76da1b8
SHA256:7f414d8546d87b96cd55148442265f31b6ab25bba3769cc0165ec2d66dabed9a
SHA512:477abee07fd343dce7d3b17749a0db420c2fcadd3065ab0af90c13b988f8b7032a9efc0a0b47a303c7c7edf0df2d4d40e5b2d15d16b70eed6feb9539fc998163
SSDEEP:98304:AEq8+D0tnfpsz4uanSnxgZHxDZUKj4zyGEBHDW2vGCXL0eTGoFFgJPHD:N+DUxS4XnSniZ5ZFCjWHTAVo/oj
File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
Icon Hash:00c4969696c4e001
Entrypoint:0x4b5eec
Entrypoint Section:.itext
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x5E6D1B8D [Sat Mar 14 17:59:41 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:5a594319a0d69dbc452e748bcf05892e
Signature Valid:true
Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 8/2/2020 5:00:00 PM 7/7/2021 5:00:00 AM
Subject Chain
  • CN=Globalhop Ltd TOO, O=Globalhop Ltd TOO, L=Almaty, C=KZ
Version:3
Thumbprint MD5:3809E917BD04B367FF13BF954C3E72F3
Thumbprint SHA-1:D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5
Thumbprint SHA-256:C37609CC35FCC90457CEBD4946CB4A8D4534065B6D3C487D9737065DA369F3A3
Serial:0DF8654B1E252E5E8C71E0CBA3666FFE
Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 004B10D8h
call 00007F267C296625h
xor eax, eax
push ebp
push 004B65DEh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 004B659Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [004BE634h]
call 00007F267C338D37h
call 00007F267C33888Eh
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F267C2AC098h
mov edx, dword ptr [ebp-14h]
mov eax, 004C1D3Ch
call 00007F267C291217h
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [004C1D3Ch]
mov dl, 01h
mov eax, dword ptr [004237A4h]
call 00007F267C2AD0FFh
mov dword ptr [004C1D40h], eax
xor edx, edx
push ebp
push 004B6546h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F267C338DBFh
mov dword ptr [004C1D48h], eax
mov eax, dword ptr [004C1D48h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F267C33F3BAh
mov eax, dword ptr [004C1D48h]
mov edx, 00000028h
call 00007F267C2AD9F4h
mov edx, dword ptr [004C1D48h]
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x48e00.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x5a3ee80x3890
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000xb36040xb3800False0.344847612726data6.35432911534IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.itext0xb50000x16840x1800False0.544596354167data5.97090156552IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data0xb70000x37a40x3800False0.361049107143data5.04216206778IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.bss0xbb0000x6da00x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata0xc20000xf360x1000False0.3681640625data4.89870464796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.didata0xc30000x1a40x200False0.345703125data2.75636286825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.edata0xc40000x9a0x200False0.2578125data1.87222286659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata0xc60000x5d0x200False0.189453125data1.38389437522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0xc70000x48e000x48e00False0.0310221912521data1.35701040177IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_ICON0xc74c80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xc79300x10a8dBase III DBT, version number 0, next free block index 40EnglishUnited States
RT_ICON0xc89d80x25a8dBase III DBT, version number 0, next free block index 40EnglishUnited States
RT_ICON0xcaf800x42028dBase III DBT, version number 0, next free block index 40EnglishUnited States
RT_STRING0x10cfa80x360data
RT_STRING0x10d3080x260data
RT_STRING0x10d5680x45cdata
RT_STRING0x10d9c40x40cdata
RT_STRING0x10ddd00x2d4data
RT_STRING0x10e0a40xb8data
RT_STRING0x10e15c0x9cdata
RT_STRING0x10e1f80x374data
RT_STRING0x10e56c0x398data
RT_STRING0x10e9040x368data
RT_STRING0x10ec6c0x2a4data
RT_RCDATA0x10ef100x10data
RT_RCDATA0x10ef200x2c4data
RT_RCDATA0x10f1e40x2cdata
RT_GROUP_ICON0x10f2100x3edataEnglishUnited States
RT_VERSION0x10f2500x584dataEnglishUnited States
RT_MANIFEST0x10f7d40x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
DLLImport
kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dllInitCommonControls
version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dllNetWkstaGetInfo, NetApiBufferFree
advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW
NameOrdinalAddress
TMethodImplementationIntercept30x454058
__dbk_fcall_wrapper20x40d0a0
dbkFCallWrapperAddr10x4be63c
DescriptionData
LegalCopyrightCopyright 2020 Taskbar system
FileVersion1.0.0.0
CompanyNameTaskbar system
CommentsThis installation was built with Inno Setup.
ProductNameTaskbar system
ProductVersion1.0.0.0
FileDescriptionTaskbar system Setup
OriginalFileName
Translation0x0000 0x04b0
Language of compilation systemCountry where language is spokenMap
EnglishUnited States