Edit tour

Windows Analysis Report
https://github.com/frankwick/t/raw/main/tinytask.exe

Overview

General Information

Sample URL:https://github.com/frankwick/t/raw/main/tinytask.exe
Analysis ID:1322068
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Queries the volume information (name, serial number etc) of a device
Drops PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality to simulate mouse events

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cmd.exe (PID: 7272 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • wget.exe (PID: 7324 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • tinytask.exe (PID: 7528 cmdline: C:\Users\user\Desktop\download\tinytask.exe MD5: 8FD3551654F0F5281DDBD7E32CB73054)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\Desktop\download\tinytask.exeVirustotal: Detection: 16%Perma Link
Source: unknownHTTPS traffic detected: 192.30.255.113:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,3_2_00403B09
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: wget.exe, 00000002.00000002.1621595336.0000000000100000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.drString found in binary or memory: https://github.com/frankwick/t/raw/main/tinytask.exe
Source: wget.exe, 00000002.00000002.1621867674.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankwick/t/raw/main/tinytask.exeROC
Source: wget.exe, 00000002.00000002.1621867674.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankwick/t/raw/main/tinytask.exeVEW
Source: wget.exe, 00000002.00000002.1621856211.0000000001015000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621271341.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621284943.0000000001014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankwick/t/raw/main/tinytask.exey
Source: cmdline.out.0.drString found in binary or memory: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe
Source: wget.exe, 00000002.00000002.1621867674.0000000001115000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeV
Source: wget.exe, 00000002.00000003.1609715184.0000000001011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeZ
Source: wget.exe, 00000002.00000002.1621814188.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621296179.0000000000FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exex
Source: wget.exe, 00000002.00000003.1609715184.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621148867.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1621856211.0000000001015000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621271341.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621284943.0000000001014000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1609715184.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://render.githubusercontent.com
Source: tinytask.exe.2.drString found in binary or memory: https://www.tinytask.net
Source: unknownDNS traffic detected: queries for: github.com
Source: global trafficHTTP traffic detected: GET /frankwick/t/raw/main/tinytask.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /frankwick/t/main/tinytask.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: raw.githubusercontent.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 192.30.255.113:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,3_2_00401489
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,3_2_004034C6
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00402148 mouse_event,keybd_event,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,MapVirtualKeyA,keybd_event,SetKeyboardState,GetAsyncKeyState,GetKeyState,VkKeyScanA,VkKeyScanA,VkKeyScanA,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,keybd_event,VkKeyScanA,MapVirtualKeyA,keybd_event,Sleep,GetCursorPos,GetKeyState,GetTickCount,SetTimer,KillTimer,GetTickCount,SetWindowTextA,InvalidateRect,DefWindowProcA,3_2_00402148
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe"
Source: unknownProcess created: C:\Users\user\Desktop\download\tinytask.exe C:\Users\user\Desktop\download\tinytask.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" Jump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: classification engineClassification label: mal56.win@5/2@2/2
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00ADA52D push eax; iretd 2_2_00ADA539
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\tinytask.exeJump to dropped file
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00401000 GetModuleHandleA,GetModuleFileNameA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetSystemMetrics,GetSystemMetrics,GetPrivateProfileIntA,GetPrivateProfileIntA,KiUserCallbackDispatcher,SetRect,GetDC,RectVisible,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,LoadIconA,RegisterClassExA,MessageBoxA,CreateWindowExA,ShowWindow,UpdateWindow,GetModuleHandleA,GetModuleFileNameA,PostMessageA,GetMessageA,KiUserCallbackDispatcher,TranslateMessage,DispatchMessageA,3_2_00401000
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_0040392F GetPrivateProfileIntA,GetPrivateProfileStringA,GetSystemMetrics,LoadImageA,GetObjectA,GetSystemMetrics,MessageBoxA,WritePrivateProfileStringA,DeleteObject,GetModuleHandleA,LoadImageA,DeleteObject,DeleteObject,GetObjectA,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,3_2_0040392F
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00402D18 GetPrivateProfileStringA,WritePrivateProfileStringA,GetWindowLongA,SetWindowLongA,SetWindowPos,InvalidateRect,UpdateWindow,DefWindowProcA,3_2_00402D18
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,3_2_00403B09
Source: C:\Users\user\Desktop\download\tinytask.exeAPI call chain: ExitProcess graph end nodegraph_3-1178
Source: wget.exeBinary or memory string: Hyper-V RAW
Source: wget.exe, 00000002.00000002.1621744965.0000000000AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_0040424C GetProcessHeap,HeapAlloc,3_2_0040424C
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" > cmdline.out 2>&1
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,3_2_004034C6
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,3_2_004034C6
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\download\tinytask.exeCode function: 3_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,3_2_00401489
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter
Path Interception1
Process Injection
1
Masquerading
21
Input Capture
111
Security Software Discovery
Remote Services21
Input Capture
Exfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information
Security Account Manager13
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1322068 URL: https://github.com/frankwic... Startdate: 09/10/2023 Architecture: WINDOWS Score: 56 20 raw.githubusercontent.com 2->20 22 github.com 2->22 28 Multi AV Scanner detection for domain / URL 2->28 7 tinytask.exe 2->7         started        10 cmd.exe 2 2->10         started        signatures3 process4 signatures5 30 Multi AV Scanner detection for dropped file 7->30 12 wget.exe 2 10->12         started        16 conhost.exe 10->16         started        process6 dnsIp7 24 github.com 192.30.255.113, 443, 49738 GITHUBUS United States 12->24 26 raw.githubusercontent.com 185.199.110.133, 443, 49739 FASTLYUS Netherlands 12->26 18 C:\Users\user\Desktop\download\tinytask.exe, PE32 12->18 dropped file8

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://github.com/frankwick/t/raw/main/tinytask.exe0%Avira URL Cloudsafe
https://github.com/frankwick/t/raw/main/tinytask.exe1%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\user\Desktop\download\tinytask.exe8%ReversingLabs
C:\Users\user\Desktop\download\tinytask.exe17%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe0%Avira URL Cloudsafe
https://raw.githubusercontent.com/frankwick/t/main/tinytask.exex0%Avira URL Cloudsafe
https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeZ0%Avira URL Cloudsafe
https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeV0%Avira URL Cloudsafe
https://www.tinytask.net0%Avira URL Cloudsafe
https://render.githubusercontent.com0%Avira URL Cloudsafe
https://render.githubusercontent.com0%VirustotalBrowse
https://www.tinytask.net1%VirustotalBrowse
https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe8%VirustotalBrowse

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
192.30.255.113
truefalse
    high
    raw.githubusercontent.com
    185.199.110.133
    truefalse
      unknown
      NameMaliciousAntivirus DetectionReputation
      https://raw.githubusercontent.com/frankwick/t/main/tinytask.exefalse
      • 8%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      https://github.com/frankwick/t/raw/main/tinytask.exefalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeZwget.exe, 00000002.00000003.1609715184.0000000001011000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://raw.githubusercontent.com/frankwick/t/main/tinytask.exexwget.exe, 00000002.00000002.1621814188.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621296179.0000000000FDB000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://render.githubusercontent.comwget.exe, 00000002.00000003.1609715184.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621148867.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1621856211.0000000001015000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621271341.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621284943.0000000001014000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1609715184.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        unknown
        https://github.com/frankwick/t/raw/main/tinytask.exeVEWwget.exe, 00000002.00000002.1621867674.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          https://raw.githubusercontent.com/frankwick/t/main/tinytask.exeVwget.exe, 00000002.00000002.1621867674.0000000001115000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://github.com/frankwick/t/raw/main/tinytask.exeywget.exe, 00000002.00000002.1621856211.0000000001015000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621271341.0000000001011000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1621284943.0000000001014000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            https://github.com/frankwick/t/raw/main/tinytask.exeROCwget.exe, 00000002.00000002.1621867674.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              https://www.tinytask.nettinytask.exe.2.drfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              192.30.255.113
              github.comUnited States
              36459GITHUBUSfalse
              185.199.110.133
              raw.githubusercontent.comNetherlands
              54113FASTLYUSfalse
              Joe Sandbox Version:38.0.0 Ammolite
              Analysis ID:1322068
              Start date and time:2023-10-09 11:27:17 +02:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 3m 53s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:urldownload.jbs
              Sample URL:https://github.com/frankwick/t/raw/main/tinytask.exe
              Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.win@5/2@2/2
              EGA Information:
              • Successful, ratio: 50%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 25
              • Number of non-executed functions: 13
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target wget.exe, PID 7324 because there are no executed function
              • Not all processes where analyzed, report is missing behavior information
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Windows\SysWOW64\cmd.exe
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):1002
              Entropy (8bit):5.1752700239413105
              Encrypted:false
              SSDEEP:24:k8to1xePnSMGhMovkOMGh9MGjMGYvMGjMGG6xePgD/IBbyij2KbyiEv:jSisOs+x6x562bHqKbHG
              MD5:EE186579C7090E381A53BD3D95CC9568
              SHA1:6D6A7A8EE9C90A74BB0E6629DF0A58D11B8013DA
              SHA-256:E5BBACEA3108CE9AF13483D6BD682B4FBEED4587A6FA73A7045066DC43492D6B
              SHA-512:0AF712F72195EDEA679452C567B93F83D3C0ECD9767F4ED8E50D8E40CAFBFD3FB9AB672536883E3FDB49D61B63619F2FAD97AF0A9D2F1AB6315FE39CDDC006C6
              Malicious:false
              Reputation:low
              Preview:--2023-10-09 11:28:01-- https://github.com/frankwick/t/raw/main/tinytask.exe..Resolving github.com (github.com)... 192.30.255.113..Connecting to github.com (github.com)|192.30.255.113|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe [following]..--2023-10-09 11:28:02-- https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe..Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.111.133, .....Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 36352 (36K) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/tinytask.exe'.... 0K .......... .......... .......... ..... 100% 474K=0.07s....2023-10-09 11:28:03 (474 KB/s) - 'C:/Users/user/Desktop/download/tinytask.exe' saved [36352/36352]..
              Process:C:\Windows\SysWOW64\wget.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):36352
              Entropy (8bit):6.577308655111805
              Encrypted:false
              SSDEEP:768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW
              MD5:8FD3551654F0F5281DDBD7E32CB73054
              SHA1:9B1C9722847CD57CD11E4DE80CD9E8197C3C34CD
              SHA-256:75E06AC5B7C1ADB01AB994633466685E3DCEF31D635EBA1734FE16C7893FFE12
              SHA-512:A716F535E363FC1225B1665E1C24693E768D13699EA37BDF57EFFE4FEA24B4B30A2181174F66C35E749B9C845B07F82EECBF282EE5972DE0426F847293D46B4B
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 8%
              • Antivirus: Virustotal, Detection: 17%, Browse
              Reputation:low
              Preview:MZ......................@...................................X...........!..L.!?...$.....PE..L......].................8...Z.......F.......P....@..........................................................................R..x....p...=...........................................................................P...............................text....7.......8.................. ..`.rdata.......P.......:..............@..@.data........`.......F..............@....rsrc....=...p...>...P..............@..@................U...t...SVWj.3.Y3..}..].j..Y.}..]..]..}. ........j?3.Y....... .....j?f..Y3........u..f..].]..]..]...h3..Y.....;.~...P.......u.P.3...8`@.......u....j@...P.p5..Y..j@.S.+..;..j@.Y..a@........m@.........l@.h....VS...P@.P...P@....t.V..2..Y.H....t!...l@....l@...t.;.|....u.. .3.I..h.a@.V.:3.....P@.YYVj.h.a@.W..@`@..E.P.E.P..'..YYj...pQ@..+.j...E..+.....+.M...pQ@..+.V.u..E..+.h.`@.....+.W.M...V.E..u.h.`@.W..H..E.Q.M.Q.RP.E.QP..tQ@..E.Pj...xQ@.P...P@...u..E.E.E.E.Vj.h.`@
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 23
              • 443 (HTTPS)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Oct 9, 2023 11:28:02.295542002 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.295582056 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:02.295667887 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.303250074 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.303284883 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:02.714164019 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:02.714274883 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.716301918 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.716330051 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:02.716748953 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:02.717591047 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:02.758501053 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.226404905 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.226675034 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.226778984 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:03.226810932 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.226835012 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.226953030 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:03.233022928 CEST49738443192.168.2.4192.30.255.113
              Oct 9, 2023 11:28:03.233037949 CEST44349738192.30.255.113192.168.2.4
              Oct 9, 2023 11:28:03.406431913 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.406482935 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:03.406569958 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.408310890 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.408332109 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:03.753249884 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:03.753499031 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.754534960 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.754565954 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:03.754992962 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:03.755947113 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:03.802447081 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295145988 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295322895 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295411110 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295499086 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295504093 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.295578003 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.295625925 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.300225019 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.300309896 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.300409079 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.300472975 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.300534010 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.305712938 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.311043024 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.311121941 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.311146975 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.316502094 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.316575050 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.316590071 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.321927071 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.322010040 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.322022915 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.327889919 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.327976942 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.328010082 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.333026886 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.333111048 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.333139896 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.338622093 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.338701010 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.338725090 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.349380970 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.349457026 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.349489927 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.354805946 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.354878902 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.354902029 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.360157013 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.360234022 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.360265970 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.363055944 CEST44349739185.199.110.133192.168.2.4
              Oct 9, 2023 11:28:04.363133907 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.376337051 CEST49739443192.168.2.4185.199.110.133
              Oct 9, 2023 11:28:04.376378059 CEST44349739185.199.110.133192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Oct 9, 2023 11:28:02.124610901 CEST6334853192.168.2.41.1.1.1
              Oct 9, 2023 11:28:02.287672997 CEST53633481.1.1.1192.168.2.4
              Oct 9, 2023 11:28:03.240005970 CEST5177353192.168.2.41.1.1.1
              Oct 9, 2023 11:28:03.403170109 CEST53517731.1.1.1192.168.2.4
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 9, 2023 11:28:02.124610901 CEST192.168.2.41.1.1.10x90d6Standard query (0)github.comA (IP address)IN (0x0001)false
              Oct 9, 2023 11:28:03.240005970 CEST192.168.2.41.1.1.10x6ab8Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 9, 2023 11:28:02.287672997 CEST1.1.1.1192.168.2.40x90d6No error (0)github.com192.30.255.113A (IP address)IN (0x0001)false
              Oct 9, 2023 11:28:03.403170109 CEST1.1.1.1192.168.2.40x6ab8No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
              Oct 9, 2023 11:28:03.403170109 CEST1.1.1.1192.168.2.40x6ab8No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
              Oct 9, 2023 11:28:03.403170109 CEST1.1.1.1192.168.2.40x6ab8No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
              Oct 9, 2023 11:28:03.403170109 CEST1.1.1.1192.168.2.40x6ab8No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
              • github.com
              • raw.githubusercontent.com
              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.2.449738192.30.255.113443C:\Windows\SysWOW64\wget.exe
              TimestampkBytes transferredDirectionData
              2023-10-09 09:28:02 UTC0OUTGET /frankwick/t/raw/main/tinytask.exe HTTP/1.1
              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
              Accept: */*
              Accept-Encoding: identity
              Host: github.com
              Connection: Keep-Alive
              2023-10-09 09:28:03 UTC0INHTTP/1.1 302 Found
              Server: GitHub.com
              Date: Mon, 09 Oct 2023 09:28:03 GMT
              Content-Type: text/html; charset=utf-8
              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
              Access-Control-Allow-Origin: https://render.githubusercontent.com
              Location: https://raw.githubusercontent.com/frankwick/t/main/tinytask.exe
              Cache-Control: no-cache
              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
              X-Frame-Options: deny
              X-Content-Type-Options: nosniff
              X-XSS-Protection: 0
              Referrer-Policy: no-referrer-when-downgrade
              2023-10-09 09:28:03 UTC0INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 63
              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubc


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1192.168.2.449739185.199.110.133443C:\Windows\SysWOW64\wget.exe
              TimestampkBytes transferredDirectionData
              2023-10-09 09:28:03 UTC3OUTGET /frankwick/t/main/tinytask.exe HTTP/1.1
              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
              Accept: */*
              Accept-Encoding: identity
              Host: raw.githubusercontent.com
              Connection: Keep-Alive
              2023-10-09 09:28:04 UTC3INHTTP/1.1 200 OK
              Connection: close
              Content-Length: 36352
              Cache-Control: max-age=300
              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
              Content-Type: application/octet-stream
              ETag: "f5125bc3b9a70d854c16fe67bc787cf7fb5771f21f50293d3e1e6821ea25a683"
              Strict-Transport-Security: max-age=31536000
              X-Content-Type-Options: nosniff
              X-Frame-Options: deny
              X-XSS-Protection: 1; mode=block
              X-GitHub-Request-Id: 2542:04E4:3DAC6A:4E5B38:6523C7A3
              Accept-Ranges: bytes
              Date: Mon, 09 Oct 2023 09:28:04 GMT
              Via: 1.1 varnish
              X-Served-By: cache-sna10745-LGB
              X-Cache: MISS
              X-Cache-Hits: 0
              X-Timer: S1696843684.973439,VS0,VE227
              Vary: Authorization,Accept-Encoding,Origin
              Access-Control-Allow-Origin: *
              Cross-Origin-Resource-Policy: cross-origin
              X-Fastly-Request-ID: 20620485bfcaa6975d500183586497c37d3eeffc
              Expires: Mon, 09 Oct 2023 09:33:04 GMT
              Source-Age: 0
              2023-10-09 09:28:04 UTC4INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 3f 0d 0d 0a 24 00 00 00 00 00 50 45 00 00 4c 01 04 00 02 00 c0 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 38 00 00 00 5a 00 00 00 00 00 00 80 46 00 00 00 10 00 00 00 50 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 00 00 00 02 00 00 d0 e4 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 52 00 00 78 00 00 00 00 70 00 00 e0 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii: MZ@X!L!?$PEL]8ZFP@Rxp=
              2023-10-09 09:28:04 UTC5INData Raw: 00 00 59 8b f8 eb 02 33 ff 8d 85 8c fe ff ff 85 c0 74 2f 8a 8c 35 8c fe ff ff 8d 84 35 8c fe ff ff 84 c9 74 1d 80 f9 22 75 15 8b cf 2b ce 51 8d 48 01 51 50 e8 fe 2f 00 00 83 c4 0c 4f eb d4 46 eb d1 8d 85 8c fe ff ff 53 50 e8 dd 1b 00 00 e9 94 00 00 00 80 3d 1d 6d 40 00 00 0f 84 87 00 00 00 8d 85 8c fd ff ff 68 ff 00 00 00 50 53 ff 15 a8 50 40 00 50 ff 15 ac 50 40 00 ff 35 10 6a 40 00 8d 85 8c fd ff ff 50 e8 9f 1b 00 00 85 c0 75 07 33 c0 e9 88 00 00 00 b8 4c 60 40 00 8b c8 85 c9 74 07 50 e8 0c 32 00 00 59 0f b6 c0 a3 04 6a 40 00 b8 44 60 40 00 8b c8 85 c9 75 08 89 1d 0c 60 40 00 eb 0c 50 e8 ea 31 00 00 59 a3 0c 60 40 00 53 68 03 80 00 00 68 11 01 00 00 ff 35 e0 69 40 00 ff 15 94 51 40 00 8b 35 98 51 40 00 53 53 8d 45 9c 53 50 ff d6 3b c3 74 22 83 f8 ff 74
              Data Ascii: Y3t/55t"u+QHQP/OFSP=m@hPSP@PP@5j@Pu3L`@tP2Yj@D`@u`@P1Y`@Shh5i@Q@5Q@SSESP;t"t
              2023-10-09 09:28:04 UTC7INData Raw: 40 00 0f 84 39 16 00 00 56 ff 75 08 ff 15 30 51 40 00 56 ff 75 08 e8 e7 1b 00 00 e9 21 16 00 00 3d ed 03 00 00 0f 85 35 02 00 00 38 1d 1b 6d 40 00 8b 3d 1c 51 40 00 be 00 80 00 00 75 24 6a 52 ff d7 66 85 c6 74 1b 6a 11 ff d7 66 85 c6 74 12 6a 10 ff d7 66 85 c6 74 09 6a 12 ff d7 66 85 c6 75 36 80 3d 1b 6d 40 00 01 75 09 6a 2c ff d7 66 85 c6 75 24 80 3d 1b 6d 40 00 08 75 09 6a 77 ff d7 66 85 c6 75 12 80 3d 1b 6d 40 00 0c 75 14 6a 7b ff d7 66 85 c6 74 0b 53 68 02 80 00 00 e9 87 00 00 00 38 1d 1c 6d 40 00 75 24 6a 50 ff d7 66 85 c6 74 1b 6a 11 ff d7 66 85 c6 74 12 6a 10 ff d7 66 85 c6 74 09 6a 12 ff d7 66 85 c6 75 36 80 3d 1c 6d 40 00 01 75 09 6a 2c ff d7 66 85 c6 75 24 80 3d 1c 6d 40 00 08 75 09 6a 77 ff d7 66 85 c6 75 12 80 3d 1c 6d 40 00 0c 75 3c 6a 7b ff
              Data Ascii: @9Vu0Q@Vu!=58m@=Q@u$jRftjftjftjfu6=m@uj,fu$=m@ujwfu=m@uj{ftSh8m@u$jPftjftjftjfu6=m@uj,fu$=m@ujwfu=m@u<j{
              2023-10-09 09:28:04 UTC8INData Raw: 40 00 53 53 8d 04 80 c1 e0 02 50 ff 35 f0 69 40 00 53 57 e8 62 20 00 00 6a 5c 57 88 1d 18 6b 40 00 e8 00 27 00 00 83 c4 20 3b c3 74 03 8d 78 01 be 18 6b 40 00 57 56 e8 93 25 00 00 59 59 56 ff 35 e0 69 40 00 ff 15 f4 50 40 00 e9 8f 10 00 00 8d 85 a8 fe ff ff 68 ff 00 00 00 50 53 ff 15 a8 50 40 00 50 ff 15 ac 50 40 00 53 8d 85 a8 fe ff ff 57 50 ff 15 84 50 40 00 85 c0 75 10 68 30 00 01 00 57 68 a8 65 40 00 e9 8a 02 00 00 53 68 80 00 00 00 6a 04 53 6a 03 68 00 00 00 c0 57 ff 15 88 50 40 00 53 50 89 45 fc ff 15 8c 50 40 00 3b c3 89 45 ec 0f 84 3f 01 00 00 05 00 10 00 00 6a 01 50 e8 5f 23 00 00 59 8b f0 59 53 53 53 ff 75 fc ff 15 90 50 40 00 8d 45 ec 53 50 ff 75 ec 56 ff 75 fc ff 15 94 50 40 00 89 5d f0 39 5d f0 6a 05 0f 95 c0 48 83 e0 1c 83 c0 24 0f be c0 50
              Data Ascii: @SSP5i@SWb j\Wk@' ;txk@WV%YYV5i@P@hPSP@PP@SWPP@uh0Whe@ShjSjhWP@SPEP@;E?jP_#YYSSSuP@ESPuVuP@]9]jH$P
              2023-10-09 09:28:04 UTC9INData Raw: 00 ff 75 08 ff 15 30 51 40 00 ff 15 58 50 40 00 2b 05 f8 69 40 00 38 1d 18 6b 40 00 89 1d 08 6a 40 00 a3 fc 69 40 00 b8 18 6b 40 00 75 05 b8 1c 61 40 00 50 ff 75 08 ff 15 f4 50 40 00 a1 f0 69 40 00 3b c3 0f 84 33 0b 00 00 8b 15 f4 69 40 00 8b ca f7 d9 8d 72 ff 1b c9 23 ce 89 4d f0 7e 25 8d 34 89 8b 3c b0 8d 34 b0 3b fb 74 18 81 ff 01 02 00 00 75 08 8b 76 10 3b 75 08 74 08 49 3b cb 89 4d f0 7f db 3b cb 74 08 8b d1 89 15 f4 69 40 00 8b ca 83 c2 03 3b ca 89 4d ec 73 2c eb 05 a1 f0 69 40 00 8d 0c 89 6a 14 53 8d 04 88 50 e8 8f 1e 00 00 8b 4d ec a1 f4 69 40 00 83 c4 0c 41 83 c0 03 89 4d ec 3b c8 72 d6 6a 01 53 ff 75 08 ff 15 fc 50 40 00 e9 a3 0a 00 00 a1 08 6a 40 00 3d 02 80 00 00 0f 84 93 0a 00 00 39 1d f0 69 40 00 75 10 a1 00 6a 40 00 0d 40 00 01 00 50 e9 a9
              Data Ascii: u0Q@XP@+i@8k@j@i@k@ua@PuP@i@;3i@r#M~%4<4;tuv;utI;M;ti@;Ms,i@jSPMi@AM;rjSuP@j@=9i@uj@@P
              2023-10-09 09:28:04 UTC11INData Raw: 40 00 f6 d8 1b c0 68 13 80 00 00 24 f8 83 c0 08 50 ff 75 f8 ff d6 a0 1c 6d 40 00 68 b4 63 40 00 fe c8 68 14 80 00 00 f6 d8 1b c0 24 f8 83 c0 08 50 ff 75 f8 ff d6 a0 1c 6d 40 00 68 b0 63 40 00 2c 08 68 15 80 00 00 f6 d8 1b c0 24 f8 83 c0 08 50 ff 75 f8 ff d6 a0 1c 6d 40 00 68 ac 63 40 00 2c 0c 68 16 80 00 00 f6 d8 1b c0 24 f8 83 c0 08 50 ff 75 f8 ff d6 53 53 57 ff 75 f8 ff d6 68 40 63 40 00 68 0e 80 00 00 6a 02 ff 75 f8 ff d6 53 53 57 ff 75 fc ff d6 a1 00 6a 40 00 68 30 63 40 00 f7 d8 1b c0 68 17 80 00 00 83 e0 08 50 ff 75 fc ff d6 a1 14 6a 40 00 68 20 63 40 00 f7 d8 1b c0 68 18 80 00 00 24 f8 83 c0 08 50 ff 75 fc ff d6 a0 1e 6d 40 00 68 08 63 40 00 f6 d8 1b c0 68 1a 80 00 00 83 e0 08 50 ff 75 fc ff d6 68 f0 62 40 00 68 1b 80 00 00 a0 1e 6d 40 00 f6 d8 1b
              Data Ascii: @h$Pum@hc@h$Pum@hc@,h$Pum@hc@,h$PuSSWuh@c@hjuSSWuj@h0c@hPuj@h c@h$Pum@hc@hPuhb@hm@
              2023-10-09 09:28:04 UTC12INData Raw: 50 40 00 56 ff 15 90 51 40 00 e9 aa 00 00 00 6a 01 53 53 68 1c 62 40 00 53 53 ff 15 bc 50 40 00 83 f8 20 0f 87 90 00 00 00 68 30 00 01 00 68 1c 61 40 00 68 f4 61 40 00 e9 fc fc ff ff 8d 85 a8 fe ff ff 68 28 61 40 00 50 e8 5b 15 00 00 59 be eb 03 00 00 59 53 6a 0a 56 ff 75 08 ff 15 d0 50 40 00 6a 09 33 c0 59 8d 7d ac f3 ab 53 c7 45 a8 28 00 00 00 ff 15 a8 50 40 00 89 45 b0 8d 85 a8 fe ff ff 8b 7d 08 89 45 b4 a1 00 6a 40 00 89 7d ac 0d 80 00 01 00 c7 45 b8 80 66 40 00 89 45 bc 8d 45 a8 50 c7 45 c0 a1 0f 00 00 ff 15 f0 50 40 00 56 57 ff 15 30 51 40 00 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 6c 51 40 00 5f 5e 5b c9 c2 10 00 cc 1c 40 00 1d 1d 40 00 48 21 40 00 62 24 40 00 1d 1d 40 00 e4 26 40 00 94 2a 40 00 a3 2a 40 00 ae 2a 40 00 bd 2a 40 00 cc 2a 40 00 db
              Data Ascii: P@VQ@jSShb@SSP@ h0ha@ha@h(a@P[YYSjVuP@j3Y}SE(P@E}Ej@}Ef@EEPEP@VW0Q@uuuulQ@_^[@@H!@b$@@&@*@*@*@*@*@
              2023-10-09 09:28:04 UTC13INData Raw: 3c a0 74 4a f6 db 0f b6 f0 1b db 6a 00 81 c3 01 01 00 00 56 89 5d e0 ff 15 e0 50 40 00 8b d8 8b 45 f8 8b fb c1 e7 08 0b fe eb 2c f6 db 1b db 81 c3 02 02 00 00 eb 0a f6 db 1b db 81 c3 05 02 00 00 8b 45 f8 8b 7d f4 89 5d e0 8b d8 eb 09 8b 45 f8 8b 5d e8 8b 7d e4 83 7d e0 00 75 34 8b 4d f4 85 c9 0f 84 99 00 00 00 85 c0 0f 84 91 00 00 00 8d 14 08 3a 15 20 6d 40 00 0f 84 82 00 00 00 8b d8 02 c1 c7 45 e0 00 02 00 00 8b f9 a2 20 6d 40 00 ff 15 54 51 40 00 8b 0d f4 69 40 00 8b 15 f0 69 40 00 8d 0c 89 89 44 8a 10 a1 f4 69 40 00 8b 0d f0 69 40 00 8b 55 e0 8d 04 80 89 14 81 a1 f4 69 40 00 8b 0d f0 69 40 00 8d 04 80 89 7c 81 04 a1 f4 69 40 00 8b 0d f0 69 40 00 8d 04 80 89 5c 81 08 ff 15 58 50 40 00 8b 0d f4 69 40 00 8b 15 f0 69 40 00 8d 0c 89 89 44 8a 0c ff 05 f4 69
              Data Ascii: <tJjV]P@E,E}]E]}}u4M: m@E m@TQ@i@i@Di@i@Ui@i@|i@i@\XP@i@i@Di
              2023-10-09 09:28:04 UTC15INData Raw: 75 ec ff 75 f8 ff d6 ff 75 fc 8b 35 04 50 40 00 ff d6 ff 75 f8 ff d6 8b 45 e8 5e 5f 5b c9 c3 55 8b ec 81 ec 1c 01 00 00 53 57 33 db 33 c0 8d 7d e8 89 5d e4 ab ab ab ab ab 6a 3f 33 c0 59 8d bd e5 fe ff ff 88 9d e4 fe ff ff 39 5d 08 f3 ab 66 ab aa 0f 84 9d 01 00 00 39 5d 0c 0f 84 94 01 00 00 56 68 18 6c 40 00 8d 85 e4 fe ff ff 68 ff 00 00 00 50 68 20 6e 40 00 bf 1c 61 40 00 68 48 62 40 00 57 ff 15 a0 50 40 00 38 9d e4 fe ff ff 8b 35 70 51 40 00 0f 84 93 00 00 00 68 50 20 00 00 53 53 8d 85 e4 fe ff ff 53 50 53 c6 05 1e 6d 40 00 01 ff 15 60 51 40 00 3b c3 89 45 fc 74 29 8d 4d e4 51 6a 18 50 ff 15 18 50 40 00 83 7d ec 0a 7c 16 8b 45 e8 6a 07 99 59 f7 f9 83 f8 0a 7c 08 53 ff d6 39 45 e8 7e 41 a1 00 6a 40 00 0d 30 20 01 00 50 8d 85 e4 fe ff ff 50 68 34 67 40 00
              Data Ascii: uuu5P@uE^_[USW33}]j?3Y9]f9]Vhl@hPh n@a@hHb@WP@85pQ@hP SSSPSm@`Q@;Et)MQjPP@}|EjY|S9E~Aj@0 PPh4g@
              2023-10-09 09:28:04 UTC16INData Raw: 00 00 59 33 f6 ff 75 08 ff 15 9c 50 40 00 8b 45 18 3b c3 74 05 8b 4d fc 89 08 8b c6 eb 0b ff 75 08 ff 15 9c 50 40 00 33 c0 5f 5e 5b c9 c3 55 8b ec 81 ec 10 02 00 00 80 a5 f4 fe ff ff 00 53 56 57 6a 40 33 c0 59 8d bd f5 fe ff ff f3 ab 80 a5 f0 fd ff ff 00 6a 40 66 ab aa 59 33 c0 8d bd f1 fd ff ff 33 f6 f3 ab 66 ab aa 8b 45 08 89 75 fc 3b c6 89 75 f8 0f 84 e6 01 00 00 80 38 00 0f 84 dd 01 00 00 8d 8d f4 fe ff ff 51 50 e8 b5 02 00 00 8d 85 f4 fe ff ff 59 85 c0 59 74 20 80 bd f4 fe ff ff 00 74 17 8d 85 f4 fe ff ff 50 e8 b3 04 00 00 0f be 84 05 f3 fe ff ff 59 eb 02 33 c0 83 f8 5c 75 65 33 ff 80 bd f4 fe ff ff 00 0f 84 c7 01 00 00 81 ff 04 01 00 00 0f 8d bb 01 00 00 80 bc 3d f4 fe ff ff 5c 8d 9c 3d f4 fe ff ff 75 20 83 ff 01 7e 1b 80 bc 3d f3 fe ff ff 3a 74 11
              Data Ascii: Y3uP@E;tMuP@3_^[USVWj@3Yj@fY33fEu;u8QPYYt tPY3\ue3=\=u ~=:t
              2023-10-09 09:28:04 UTC17INData Raw: 5f 5e c3 8b 4c 24 04 85 c9 74 13 80 39 00 74 0e 8d 41 01 8a 10 40 84 d2 75 f9 2b c1 48 c3 33 c0 c3 8b 44 24 04 85 c0 74 1d 8b 4c 24 08 85 c9 74 15 8a 11 56 88 10 8d 70 01 41 84 d2 74 07 8a 11 88 16 46 eb f4 5e c3 57 8b 7c 24 08 85 ff 74 3c 8b 54 24 0c 85 d2 74 34 8b 4c 24 10 85 c9 56 8b f7 74 24 8a 02 88 07 47 42 84 c0 74 03 49 75 f3 85 c9 74 13 49 74 10 8b d1 c1 e9 02 33 c0 f3 ab 8b ca 83 e1 03 f3 aa 8b c6 5e 5f c3 8b c7 5f c3 8b 44 24 04 85 c0 74 21 8b 54 24 08 85 d2 74 19 80 38 00 8b c8 74 06 41 80 39 00 75 fa 53 8a 1a 88 19 41 42 84 db 75 f6 5b c3 56 8b 74 24 08 85 f6 75 0a 8b 44 24 0c f7 d8 1b c0 5e c3 8b 54 24 0c 85 d2 74 21 57 8a 0a 0f b6 06 0f b6 f9 2b c7 75 08 84 c9 74 04 46 42 eb ec 85 c0 5f 7d 05 83 c8 ff 5e c3 7e 03 6a 01 58 5e c3 56 8b 74 24
              Data Ascii: _^L$t9tA@u+H3D$tL$tVpAtF^W|$t<T$t4L$Vt$GBtIutIt3^__D$t!T$t8tA9uSABu[Vt$uD$^T$t!W+utFB_}^~jX^Vt$
              2023-10-09 09:28:04 UTC19INData Raw: 00 00 dc 59 00 00 ec 59 00 00 f8 59 00 00 06 5a 00 00 16 5a 00 00 22 5a 00 00 2e 5a 00 00 40 5a 00 00 56 5a 00 00 6c 5a 00 00 7c 5a 00 00 f4 57 00 00 e4 57 00 00 d2 57 00 00 be 57 00 00 b4 57 00 00 ac 57 00 00 a0 57 00 00 8c 57 00 00 7e 57 00 00 6c 57 00 00 5e 57 00 00 4e 57 00 00 3e 57 00 00 30 57 00 00 1c 57 00 00 08 57 00 00 5c 58 00 00 00 00 00 00 76 5b 00 00 8a 5b 00 00 00 00 00 00 f9 ff ff ff f0 ff ff ff f0 ff ff ff f0 ff ff ff f0 ff ff ff f0 3f ff ff f0 07 ff ff f0 01 ff ff f0 00 ff ff 10 00 7f ff 00 00 7f ff 00 00 7f ff 80 00 7f ff c0 00 7f ff c0 00 7f ff e0 00 7f ff e0 00 ff ff f0 00 ff ff f0 00 ff ff f8 01 ff ff f8 01 ff ff f8 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
              Data Ascii: YYYZZ"Z.Z@ZVZlZ|ZWWWWWWWW~WlW^WNW>W0WWW\Xv[[?
              2023-10-09 09:28:04 UTC20INData Raw: 63 65 73 73 48 65 61 70 00 00 a2 01 48 65 61 70 52 65 41 6c 6c 6f 63 00 9f 01 48 65 61 70 46 72 65 65 00 00 a3 01 48 65 61 70 53 69 7a 65 00 00 7d 00 45 78 69 74 50 72 6f 63 65 73 73 00 50 01 47 65 74 53 74 61 72 74 75 70 49 6e 66 6f 41 00 ca 00 47 65 74 43 6f 6d 6d 61 6e 64 4c 69 6e 65 41 00 4b 45 52 4e 45 4c 33 32 2e 64 6c 6c 00 00 95 00 44 69 73 70 61 74 63 68 4d 65 73 73 61 67 65 41 00 00 82 02 54 72 61 6e 73 6c 61 74 65 4d 65 73 73 61 67 65 00 00 2a 01 47 65 74 4d 65 73 73 61 67 65 41 00 de 01 50 6f 73 74 4d 65 73 73 61 67 65 41 00 00 91 02 55 70 64 61 74 65 57 69 6e 64 6f 77 00 00 6a 02 53 68 6f 77 57 69 6e 64 6f 77 00 00 59 00 43 72 65 61 74 65 57 69 6e 64 6f 77 45 78 41 00 be 01 4d 65 73 73 61 67 65 42 6f 78 41 00 f3 01 52 65 67 69 73 74 65 72 43
              Data Ascii: cessHeapHeapReAllocHeapFreeHeapSize}ExitProcessPGetStartupInfoAGetCommandLineAKERNEL32.dllDispatchMessageATranslateMessage*GetMessageAPostMessageAUpdateWindowjShowWindowYCreateWindowExAMessageBoxARegisterC
              2023-10-09 09:28:04 UTC21INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 1e 00 00 00 1c 00 00 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 36 33 35 32 00 23 00 05 00 00 00 40 40 40 40 40 00 00 00 24 24 24 24 24 00 00 00 53 74 61 72 74 75 70 20 46 61 69 6c 75 72 65 3a 20 43 72 65 61 74 65 57 69 6e 64 6f 77 00 00 00 53 74 61 72 74 75 70 20 46 61 69 6c 75 72 65 3a 20 52 65 67 69 73 74 65 72 43 6c 61 73 73 00 00 54 69 6e 79 54 61 73 6b 43 6c 61 73 73 00 00 00 70 6c 61 79 5f 6b 65 79 00 00 00 00 72 65 63 6f 72 64 5f 6b 65 79 00 00 68 69 64 65 5f 63 61 70 74 69 6f 6e 73 00 00 00 74 6f 70 6d 6f 73 74 00 73 70 65 65 64 5f 63 75 73 74 6f 6d 00 00 00 00 73 70 65 65 64 00 00 00 77 69 6e 64 6f 77 5f 79 00 00 00 00 77
              Data Ascii: 136352#@@@@@$$$$$Startup Failure: CreateWindowStartup Failure: RegisterClassTinyTaskClassplay_keyrecord_keyhide_captionstopmostspeed_customspeedwindow_yw
              2023-10-09 09:28:04 UTC23INData Raw: 53 70 65 65 64 3a 09 20 25 64 25 73 78 0a 20 20 52 65 70 65 61 74 20 4c 6f 6f 70 73 3a 09 20 25 64 00 00 00 4b 42 00 00 20 4d 42 00 2f 32 00 00 20 20 43 6f 6d 70 69 6c 65 20 45 72 72 6f 72 0a 0a 00 00 00 25 30 35 64 00 00 00 00 55 6e 61 62 6c 65 20 74 6f 20 77 72 69 74 65 20 66 69 6c 65 00 00 00 00 2e 65 78 65 00 00 00 00 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 2a 2e 65 78 65 29 00 2a 2e 65 78 65 00 41 6c 6c 20 46 69 6c 65 73 20 28 2a 2e 2a 29 00 2a 2e 2a 00 00 00 00 00 2e 72 65 63 00 00 00 00 52 65 63 6f 72 64 69 6e 67 20 46 69 6c 65 73 20 28 2a 2e 72 65 63 29 00 2a 2e 72 65 63 00 41 6c 6c 20 46 69 6c 65 73 20 28 2a 2e 2a 29 00 2a 2e 2a 00 00 00 53 54 41 54 49 43 00 00 74 69 6e 79 74 61 73 6b 2e 6e 65 74 00 00 00 00 45 44 49 54 00 00 00 00 53 65 74
              Data Ascii: Speed: %d%sx Repeat Loops: %dKB MB/2 Compile Error%05dUnable to write file.exeProgram Files (*.exe)*.exeAll Files (*.*)*.*.recRecording Files (*.rec)*.recAll Files (*.*)*.*STATICtinytask.netEDITSet
              2023-10-09 09:28:04 UTC24INData Raw: 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 68 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 b8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 c8 01 00 00 c8 8e 00 00 72 19 00 00 00 00 00 00 00 00 00 00 e0 71 00 00 a8 0e 00 00 00 00 00 00 00 00 00 00 88 80 00 00 a8 08 00 00 00 00 00 00 00 00 00 00 30 89 00 00 68 05 00 00 00 00 00 00 00 00 00 00 98 8e 00 00 30 00 00 00 00 00 00 00 00 00 00 00 40 a8 00 00 70
              Data Ascii: hxrq0h0@p
              2023-10-09 09:28:04 UTC25INData Raw: 1c 1a 1d 1c 1c 1d 1c 1d 1c 1d 1c 1c 1c 1c 1b 1e 1c 27 ae 00 00 00 00 00 00 00 00 00 00 2c 03 04 06 05 05 06 05 05 06 05 06 09 09 06 09 09 0b 09 0b 0a 0b 0b 0b 0b 0b 0b 0b 0b 0b 0e 0e 0e 0e 0e 0d 0c 07 1b 00 00 00 00 00 00 00 00 69 04 17 65 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6a 6b 6b 6a 6b 6a 6a 21 15 07 26 00 00 00 00 00 00 d2 01 1f 6b 66 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a 6a 6a 15 08 bd 00 00 00 00 00 a2 12 6b a8 6b 6b 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6b a6 6d 23 08 33 00 00 00 00 00 19 16 6d b7 a8 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d
              Data Ascii: ',iekkkkkkkkjkjkjkjkjkjkjkjkjkjkkjkjj!&kfkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkjjjkkkmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmkm#3mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
              2023-10-09 09:28:04 UTC27INData Raw: ec ec ea ec ea c2 bc a9 39 53 72 78 7b 7f 7f 7f 7e 78 74 59 49 50 ba c7 d8 ec ea ec ea ec ea ec ec e5 0e 1d 00 00 00 00 00 13 a2 ed ec eb eb eb ea eb eb ea ea c5 c0 90 37 52 5b 7e 84 84 84 84 84 80 74 57 45 50 ad c8 de ea ea ea ea ea ea eb ec e6 0b 1e 00 00 00 00 00 12 a5 ed eb e8 ea eb ea e8 eb ea e8 c7 ca 8f 37 49 75 88 89 89 89 89 89 88 81 56 39 51 b4 c8 e4 ea e8 ea ea ea e8 e7 ec e8 0e 1d 00 00 00 00 00 13 a5 ee e8 e5 e8 e8 e8 e8 e8 e8 e8 d8 de a3 3c 38 85 8b 8d 8d 8d 8d 8d 8c 8a 52 36 67 c7 c9 e7 e8 e8 e8 e8 e8 e8 e4 ed ea 0e 1d 00 00 00 00 00 12 a5 f0 e7 e4 e6 e6 e7 e6 e7 e6 e6 e1 c9 c5 63 35 60 97 99 9a 9a 9a 9a 98 93 43 3a 8e de cb e6 e6 e6 e7 e6 e7 e7 e0 ee ea 0e 1e 00 00 00 00 00 13 a5 f2 e5 e4 e6 e6 e6 e6 e6 e6 e6 e5 cb df ab 4f 47 94 9e 9e 9e
              Data Ascii: 9Srx{~xtYIP7R[~tWEP7IuV9Q<8R6gc5`C:OG
              2023-10-09 09:28:04 UTC28INData Raw: 65 59 59 00 60 5c 5c 00 64 5e 5e 00 6a 58 58 00 68 5d 5d 00 6f 5d 5d 00 60 61 61 00 64 61 61 00 61 64 64 00 64 64 64 00 68 62 62 00 66 69 69 00 78 61 61 00 79 67 67 00 77 68 68 00 77 6c 6c 00 7b 69 69 00 7b 6c 6c 00 7e 74 74 00 77 78 78 00 7d 7d 7d 00 b1 1a 03 00 b6 20 06 00 bd 25 07 00 bf 2c 01 00 a9 28 17 00 9c 36 29 00 9b 3b 2a 00 a9 3d 30 00 cb 2b 03 00 c6 28 0f 00 c8 34 02 00 c5 32 0f 00 c4 3b 26 00 bc 53 2f 00 a3 40 35 00 ac 42 32 00 a5 4e 33 00 aa 4e 33 00 dd 58 05 00 d4 56 0d 00 d4 49 1a 00 d3 5a 10 00 cf 62 04 00 d1 66 04 00 d6 6e 05 00 d9 6b 05 00 dd 74 06 00 d7 78 05 00 d8 7d 08 00 de 66 16 00 e0 75 19 00 d4 5e 25 00 cf 52 3e 00 db 5c 32 00 e0 67 28 00 86 53 46 00 9e 53 44 00 b7 5c 49 00 97 61 4d 00 88 65 58 00 a3 65 5d 00 ba 6e 58 00 9c 6e 63
              Data Ascii: eYY`\\d^^jXXh]]o]]`aadaaadddddhbbfiixaayggwhhwll{ii{ll~ttwxx}}} %,(6);*=0+(42;&S/@5B2N3N3XVIZbfnktx}fu^%R>\2g(SFSD\IaMeXe]nXnc
              2023-10-09 09:28:04 UTC29INData Raw: f6 f6 f6 f6 f8 ea a7 16 00 00 00 0a d0 f3 f5 f5 f5 f5 f5 f5 f5 f4 eb b5 8d 21 8b a5 e1 f4 f5 f5 f5 f5 f5 f5 f6 eb a7 16 00 00 00 0a d6 f3 f4 f4 f4 f4 f4 f4 f4 ce 21 8b bd cb c5 9c 20 a7 f2 f4 f4 f4 f4 f4 f5 eb b3 14 00 00 00 08 db f2 f3 f3 f3 f3 f3 f3 cf 8b b6 d4 79 7b 7a 7c c7 8f a6 f2 f3 f3 f3 f3 f4 eb b4 14 00 00 00 08 dc f1 f1 f1 f1 f1 f1 ea 92 bc 42 61 80 83 82 70 36 c2 91 d3 f1 f1 f1 f1 f3 ed b5 14 00 00 00 08 df f0 f0 f0 f0 f0 f0 cb a4 5a 34 67 6b 6d 6b 66 5d 2e b9 a7 f0 f0 f0 f0 f1 ed b7 14 00 00 00 08 e1 ee ee ee ee ee ee be b2 2b 3c 62 65 69 69 63 5e 2a a9 a5 eb ee ee ee ef ed be 14 00 00 00 08 e4 ed ed ed ed ed ed c5 b0 24 3a 5f 63 65 63 5f 5b 2c 4e ba e4 ed ed ed ed ed bf 14 00 00 00 08 e6 ec eb eb eb eb eb ce 9d 23 38 6a 6f 6f 6f 6e 3e 25 4d
              Data Ascii: !! y{z|Bap6Z4gkmkf].+<beiic^*$:_cec_[,N#8jooon>%M
              2023-10-09 09:28:04 UTC31INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              2023-10-09 09:28:04 UTC32INData Raw: 8b 00 a0 b7 8f 00 af a0 94 00 bb a7 96 00 a4 bb 96 00 8b 8c a2 00 8f 90 a4 00 98 98 a6 00 86 88 b5 00 92 92 bc 00 a6 85 a2 00 b5 8e a0 00 b5 93 a4 00 b8 94 a4 00 ba 9b aa 00 9f a2 a0 00 a6 a6 a7 00 b9 ae a3 00 bd b0 a1 00 bd b4 aa 00 ab ac b6 00 be a3 b0 00 b6 b6 b6 00 c6 9e 81 00 fb 9f 87 00 c7 a0 83 00 ca a4 85 00 c8 a4 88 00 ce aa 8c 00 d1 aa 8c 00 cb ac 96 00 ce b1 9b 00 d5 b7 9d 00 eb ab 81 00 f8 a3 8b 00 eb b2 86 00 f0 b6 8a 00 c0 9b ab 00 c4 a0 af 00 cb b9 a7 00 d2 ba a6 00 c7 ab b7 00 d0 ad ba 00 c9 b6 bc 00 9c c0 8e 00 a4 c7 99 00 ad c4 a2 00 b5 c6 ab 00 ac d0 a3 00 b4 d7 ae 00 bf cd b7 00 b9 dc b5 00 bc e0 b9 00 e8 c4 9e 00 f0 c3 9d 00 fe eb 9e 00 d4 c0 af 00 c3 cc b9 00 d4 c2 b2 00 c5 d1 bd 00 e2 cd bb 00 fb c3 bb 00 ff d3 b2 00 ff e4 b0 00 88
              Data Ascii:
              2023-10-09 09:28:04 UTC33INData Raw: 00 05 24 e9 fb e9 fb fb 10 fb 04 11 00 13 83 ed fb fb 11 fb fb ed fb fb f5 11 fb e0 8a fb 83 e3 fb 11 11 fb 01 01 03 fb 01 02 02 fb 00 07 78 02 7b fb fb 01 fb fb 02 fb 01 02 10 fb 04 00 00 0a 02 e2 fb fb 00 ed fb fb 01 fb 02 fb 01 02 02 fb 01 00 02 fb 00 06 02 03 d7 f5 e3 fb 0e fb 05 5f 00 06 67 f2 fb fb 61 fb 02 fb 01 65 02 fb 00 05 63 f2 fb f2 fb fb 07 fb 02 00 00 00 05 fb 00 03 01 e3 fb 23 02 fb 00 18 dc 02 fb fb 00 03 dc 7b 7b fb fb 03 9c df 7a 7b fb fb 00 78 dc 96 00 fb 0a fb 00 1a 03 78 96 dc fb e3 fb fb 02 95 df 78 01 fb 78 96 fb 95 7a fb 03 9c df 7a 7b fb 10 fb 01 0a 03 fb 00 11 eb a2 9d fb fb a1 dd e7 a5 a6 fb fb a1 a5 ae 25 fb dc 10 fb 01 11 02 fb 00 14 ed 85 84 fb fb 11 fb fb 28 b5 e3 8a 28 fb b4 c1 fb b5 b5 fb 11 fb 00 12 03 9c df 7a 7b fb dc
              Data Ascii: $x{_gaec#{{z{xxxxzz{%((z{
              2023-10-09 09:28:04 UTC35INData Raw: 6e d1 6e 65 fb fb 0a fb 00 03 c6 f4 fe 02 17 fe 00 03 f4 c6 fb e2 04 fb 02 00 00 00 05 fb 0b 23 02 e1 00 06 0a aa 0a e1 e1 23 09 23 0b fb 01 71 02 ec 01 23 12 ff 01 23 02 ec 01 71 0b fb 01 a0 1a fc 01 a0 0c fb 01 11 03 ba 00 04 28 83 f8 fb 09 fb 00 09 11 b9 28 b7 ba b2 29 f8 fb 02 17 fb 02 a5 16 fb 01 93 02 d9 00 04 7f 74 d9 ec 02 ec 00 04 e4 7f e3 fb 04 fb 00 0c ce 5f 6e d1 6e 5f 6e d1 6e 5f f1 fb 0a fb 01 c6 1a fe 01 c6 05 fb 02 00 00 00 05 fb 01 23 0c ff 00 04 0a aa 0a ff 0a ff 01 23 0b fb 01 71 02 ec 01 23 12 ff 01 23 02 ec 01 71 0b fb 01 a2 0a fc 01 dc 04 02 01 dc 0a fc 01 a2 0c fb 01 11 03 ba 00 04 b9 27 b4 fb 09 fb 00 09 11 27 83 28 ba ba 28 c1 fb fb 16 fb 01 a5 02 22 01 a5 15 fb 00 04 e3 7f e4 ec 06 ec 00 04 e4 7f e3 fb 02 fb 00 0c d3 5f 6e d1 6e
              Data Ascii: nne###q##q(()t_nn_nn_##q##q''(("_nn
              2023-10-09 09:28:04 UTC36INData Raw: 01 a2 05 fc 00 11 9a 86 05 14 15 17 19 1d 1d 19 17 15 14 05 86 9c fc fb 04 fc 01 a2 0a fb 00 06 27 b7 ba 27 ed fb 11 fb 00 06 ed 27 ba b7 13 fb 15 fb 01 0a 02 aa 01 0a 1d fb 00 04 e3 7f d9 ec 04 ec 00 0c e6 91 7f b0 e6 ea e6 d9 80 94 fa fb 0b fb 01 cf 05 fe 00 11 95 8c 44 57 5c 6a 6f 70 70 6f 6a 5b 58 42 8b 95 fe fb 04 fe 01 cf 05 fb 02 00 00 00 05 fb 01 23 0c ff 00 04 fd 38 fd ff 0a ff 01 23 0b fb 01 71 18 ec 01 71 0b fb 01 a2 05 fc 00 07 9a a5 05 06 18 20 3d fc 03 3d 00 07 20 18 06 05 89 9c fc 27 04 fc 01 a2 0a fb 00 06 29 b6 ba 2a b8 fb 11 fb 01 b8 03 11 01 29 16 fb 01 0a 02 aa 01 0a 1e fb 00 04 b1 72 d9 ec 02 ec 00 04 e4 74 af ec 05 ec 00 04 ea 91 b1 fb 0b fb 01 cf 05 fe 00 06 9a 8d 45 56 68 76 05 76 00 06 68 56 44 8d 9a fe 04 fe 01 cf 05 fb 02 00 00
              Data Ascii: '''DW\joppoj[XB#8#qq == ')*)rtEVhvvhVD
              2023-10-09 09:28:04 UTC37INData Raw: 00 04 98 dd 98 23 05 23 0f fc 02 23 0b fb 01 71 04 ec 02 da 01 0c 07 fc 02 23 02 fc 00 05 0c e6 80 af fb ea 0d fb 00 03 dd a6 fc fb 17 fc 00 03 a6 dd fb 8c 0a fb 01 b4 07 11 02 fb 01 11 07 ba 00 08 b6 28 29 ed fb b4 11 fb 17 fb 01 0a 02 aa 01 0a 15 fb 00 03 99 26 be ff 03 be 00 03 26 dc fb 71 04 fb 00 09 de 7f e6 ec ec e6 7f d6 fb a5 11 fb 00 03 f1 d0 fe 3d 17 fe 00 03 d0 f1 fb 9c 04 fb 02 00 00 00 05 fb 1c 23 0b fb 01 71 04 ec 02 da 01 0c 0b fc 00 04 0c 80 af fb 0f fb 00 03 a4 c2 fc 04 15 fc 00 03 c2 a4 fb 04 15 fb 00 0c 11 b7 b9 b9 b7 b6 84 27 28 c1 f8 fb 02 fb 01 b4 18 fb 01 0a 02 aa 01 0a 15 fb 00 09 7c 7d be be 89 23 7e f9 fb fb 05 fb 00 09 af 80 e4 ec ec e6 7f d6 fb fb 11 fb 00 03 c9 d5 fe fb 15 fe 00 03 d5 c9 fb c0 05 fb 02 00 00 00 05 fb 1c 23 0b
              Data Ascii: ###q#()&&q=#q'(|}#~#
              2023-10-09 09:28:04 UTC39INData Raw: 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 0d 0a 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 0d 0a 09 6e 61 6d 65 3d 22 54 69 6e 79 54 61 73 6b 2e 65 78 65 22 0d 0a 09 76 65 72 73 69 6f 6e 3d 22 35 2e 31 2e 30 2e 30 22 0d 0a 09 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 78 38 36 22 0d 0a 09 74 79 70 65 3d 22 77 69 6e 33 32 22 2f 3e 0d 0a 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 57 69 6e 64 6f 77 73 20 53 68 65 6c 6c 3c 2f 64 65 73 63 72 69 70 74 69 6f 6e 3e 0d 0a 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 09 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 3e 0d 0a 09 09 3c 61 73
              Data Ascii: mlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentityname="TinyTask.exe"version="5.1.0.0"processorArchitecture="x86"type="win32"/><description>Windows Shell</description><dependency><dependentAssembly><as


              050100s020406080100

              Click to jump to process

              050100s0.0051015MB

              Click to jump to process

              • File
              • Network

              Click to dive into process behavior distribution

              Target ID:0
              Start time:11:28:01
              Start date:09/10/2023
              Path:C:\Windows\SysWOW64\cmd.exe
              Wow64 process (32bit):true
              Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe" > cmdline.out 2>&1
              Imagebase:0x240000
              File size:236'544 bytes
              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Target ID:1
              Start time:11:28:01
              Start date:09/10/2023
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff7699e0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Target ID:2
              Start time:11:28:01
              Start date:09/10/2023
              Path:C:\Windows\SysWOW64\wget.exe
              Wow64 process (32bit):true
              Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/frankwick/t/raw/main/tinytask.exe"
              Imagebase:0x400000
              File size:3'895'184 bytes
              MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Target ID:3
              Start time:11:28:04
              Start date:09/10/2023
              Path:C:\Users\user\Desktop\download\tinytask.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\download\tinytask.exe
              Imagebase:0x400000
              File size:36'352 bytes
              MD5 hash:8FD3551654F0F5281DDBD7E32CB73054
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Antivirus matches:
              • Detection: 8%, ReversingLabs
              • Detection: 17%, Virustotal, Browse
              Reputation:low
              Has exited:false
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Execution Graph

              Execution Coverage

              Dynamic/Packed Code Coverage

              Signature Coverage

              Execution Coverage:16.4%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:55.2%
              Total number of Nodes:469
              Total number of Limit Nodes:15
              Show Legend
              Hide Nodes/Edges
              execution_graph 1132 404680 GetCommandLineA 1133 404695 GetStartupInfoA 1132->1133 1142 40472d 1133->1142 1136 4046d0 1137 4046f0 GetModuleHandleA 1136->1137 1145 401000 1137->1145 1179 40424c GetProcessHeap HeapAlloc 1142->1179 1144 40473d 1144->1136 1146 40106f 1145->1146 1180 403c71 1146->1180 1149 40124f 1151 40125d LoadIconA RegisterClassExA 1149->1151 1150 4010cf GetModuleHandleA GetModuleFileNameA 1155 4010ee 1150->1155 1152 4012c0 CreateWindowExA 1151->1152 1153 4012a9 MessageBoxA 1151->1153 1152->1153 1160 40131a ShowWindow UpdateWindow 1152->1160 1157 4013f3 1153->1157 1156 40112a GetPrivateProfileIntA 1155->1156 1191 40392f 1156->1191 1175 404745 1157->1175 1164 401343 1160->1164 1165 4013b6 1160->1165 1162 4011e1 6 API calls 1162->1149 1163 4011d5 1163->1162 1164->1165 1170 40134c 1164->1170 1166 4013c3 GetModuleHandleA GetModuleFileNameA 1165->1166 1167 4013b1 1165->1167 1169 402f8e 23 API calls 1166->1169 1167->1157 1168 401457 KiUserCallbackDispatcher 1167->1168 1171 401462 TranslateMessage DispatchMessageA 1167->1171 1168->1157 1168->1167 1173 4013ef 1169->1173 1210 402f8e 1170->1210 1171->1168 1173->1157 1174 401433 PostMessageA 1173->1174 1174->1167 1176 40474f 1175->1176 1177 404294 2 API calls 1176->1177 1178 404709 ExitProcess 1176->1178 1177->1178 1179->1144 1181 403cc1 GetModuleHandleA GetModuleFileNameA 1180->1181 1182 403cac 1180->1182 1184 403cdb GetFileAttributesExA 1181->1184 1182->1181 1183 403cb0 1182->1183 1232 4041b8 1183->1232 1186 4010b3 1184->1186 1187 403cfb CreateFileA 1184->1187 1186->1149 1186->1150 1188 403d23 GetFileSize CloseHandle 1187->1188 1190 403d1f 1187->1190 1188->1190 1189 403cbd 1189->1184 1190->1186 1192 40114f 7 API calls 1191->1192 1193 403968 1191->1193 1192->1162 1192->1163 1193->1192 1194 403971 GetPrivateProfileStringA 1193->1194 1195 4039ab LoadImageA 1194->1195 1196 403a3e GetModuleHandleA LoadImageA 1194->1196 1197 4039f8 MessageBoxA WritePrivateProfileStringA 1195->1197 1198 4039cf GetObjectA 1195->1198 1199 403a5e 1196->1199 1197->1196 1201 403a2d DeleteObject 1197->1201 1198->1197 1200 4039e2 1198->1200 1202 403a67 DeleteObject 1199->1202 1203 403a6e 1199->1203 1200->1197 1204 4039f0 GetSystemMetrics 1200->1204 1205 403a39 1201->1205 1202->1203 1206 403a86 1203->1206 1207 403a7f DeleteObject 1203->1207 1204->1197 1204->1205 1205->1196 1205->1199 1236 403842 1206->1236 1207->1206 1211 403c71 7 API calls 1210->1211 1212 402fbe 1211->1212 1213 402fc6 wsprintfA 1212->1213 1216 402fff 1212->1216 1214 402ff3 MessageBoxA 1213->1214 1217 4030a2 1214->1217 1215 40300e 1244 40424c GetProcessHeap HeapAlloc 1215->1244 1216->1215 1241 404294 1216->1241 1217->1167 1220 403023 1221 403045 1220->1221 1222 40302e 1220->1222 1245 403d51 1221->1245 1222->1214 1225 403076 MessageBoxA 1226 403093 1225->1226 1227 4030ad 1225->1227 1226->1217 1229 404294 2 API calls 1226->1229 1264 4042af 1227->1264 1229->1217 1230 4030b8 1231 4030ef SetWindowTextA 1230->1231 1231->1217 1233 4041c1 1232->1233 1235 4041e8 1232->1235 1234 4041d6 ExpandEnvironmentStringsA 1233->1234 1233->1235 1234->1189 1235->1189 1237 403865 6 API calls 1236->1237 1238 40385e GetObjectA KiUserCallbackDispatcher GetSystemMetrics GetSystemMetrics 1236->1238 1239 4038c4 GetPixel 1237->1239 1240 4038cd 7 API calls 1237->1240 1238->1192 1239->1240 1240->1238 1242 40429b GetProcessHeap HeapFree 1241->1242 1243 4042ae 1241->1243 1242->1243 1243->1215 1244->1220 1246 403056 1245->1246 1247 403d8b 1245->1247 1246->1225 1246->1227 1247->1246 1248 4041b8 ExpandEnvironmentStringsA 1247->1248 1249 403da0 CreateFileA 1248->1249 1249->1246 1250 403dcd 1249->1250 1250->1246 1251 403df2 SetFilePointer 1250->1251 1252 403e04 CloseHandle 1251->1252 1253 403e0a 1251->1253 1252->1246 1255 403e14 GetFileSize 1253->1255 1256 403e0f 1253->1256 1255->1256 1256->1252 1257 403e47 ReadFile 1256->1257 1267 40424c GetProcessHeap HeapAlloc 1256->1267 1259 403e5d 1257->1259 1262 404294 2 API calls 1259->1262 1263 403e64 CloseHandle 1259->1263 1260 403e3f 1260->1252 1260->1257 1262->1263 1263->1246 1265 4042b7 GetProcessHeap HeapSize 1264->1265 1266 4042c9 1264->1266 1265->1266 1266->1230 1267->1260 1268 402462 1269 402472 mouse_event 1268->1269 1270 402f05 DefWindowProcA 1268->1270 1273 4024ba 1269->1273 1271 402f17 1270->1271 1274 402546 1273->1274 1275 4024cf GetAsyncKeyState 1273->1275 1276 40256e SetKeyboardState 1274->1276 1290 4024db 1275->1290 1278 402580 GetAsyncKeyState 1276->1278 1277 4024f3 GetAsyncKeyState 1277->1290 1278->1278 1279 402590 GetKeyState 1278->1279 1281 4025a3 VkKeyScanA VkKeyScanA 1279->1281 1282 402659 Sleep 1279->1282 1280 4024ea GetKeyState 1280->1290 1284 4025bc MapVirtualKeyA keybd_event 1281->1284 1293 4025d0 MapVirtualKeyA keybd_event 1281->1293 1285 4026a8 1282->1285 1286 40266c 1282->1286 1283 402529 MapVirtualKeyA keybd_event 1283->1273 1284->1293 1287 4026b0 PostMessageA 1285->1287 1288 4026bd 1285->1288 1286->1285 1289 402681 GetTickCount 1286->1289 1287->1288 1288->1270 1295 401e6b SetWindowTextA 1288->1295 1291 40269a SetTimer 1289->1291 1290->1273 1290->1277 1290->1280 1290->1283 1291->1270 1298 402611 MapVirtualKeyA keybd_event VkKeyScanA 1293->1298 1295->1270 1297 40264c MapVirtualKeyA keybd_event 1297->1282 1298->1282 1298->1297 1307 402b44 1308 402b61 1307->1308 1309 402b76 MessageBoxA 1307->1309 1310 402f05 DefWindowProcA 1308->1310 1309->1310 1312 402f17 1310->1312 1319 4026e5 1320 4026f0 CreatePopupMenu AppendMenuA AppendMenuA 1319->1320 1321 402f05 DefWindowProcA 1319->1321 1323 402743 AppendMenuA 1320->1323 1322 402f17 1321->1322 1325 402761 AppendMenuA wsprintfA 1323->1325 1327 40279a AppendMenuA AppendMenuA AppendMenuA AppendMenuA 1325->1327 1329 402805 1327->1329 1330 402808 28 API calls 1327->1330 1329->1330 1331 402a51 TrackPopupMenu DestroyMenu 1330->1331 1331->1321 1333 402148 mouse_event 1351 40215c 1333->1351 1334 4021e8 1336 402210 SetKeyboardState 1334->1336 1335 402171 GetAsyncKeyState 1335->1351 1338 402222 GetAsyncKeyState 1336->1338 1337 402195 GetAsyncKeyState 1337->1351 1338->1338 1339 402232 GetKeyState 1338->1339 1341 402245 VkKeyScanA VkKeyScanA 1339->1341 1342 4022fb Sleep 1339->1342 1340 40218c GetKeyState 1340->1351 1344 402272 MapVirtualKeyA keybd_event 1341->1344 1345 40225e MapVirtualKeyA keybd_event 1341->1345 1346 402384 KillTimer GetTickCount 1342->1346 1347 40230d 1342->1347 1343 4021cb MapVirtualKeyA keybd_event 1343->1351 1363 4022b3 MapVirtualKeyA keybd_event VkKeyScanA 1344->1363 1345->1344 1348 4023b6 1346->1348 1349 4023bb SetWindowTextA 1346->1349 1350 40232d GetCursorPos 1347->1350 1353 404294 2 API calls 1347->1353 1348->1349 1352 402f05 DefWindowProcA 1349->1352 1361 4023d2 1349->1361 1354 40234d GetKeyState 1350->1354 1351->1334 1351->1335 1351->1337 1351->1340 1351->1343 1356 402f17 1352->1356 1357 402326 1353->1357 1354->1354 1355 402363 GetTickCount SetTimer 1354->1355 1358 402451 InvalidateRect 1355->1358 1357->1350 1358->1352 1361->1358 1362 4022ee MapVirtualKeyA keybd_event 1362->1342 1363->1342 1363->1362 1364 403108 1365 403181 1364->1365 1366 40315f SetCursor 1364->1366 1368 403189 GetWindowLongA PostMessageA 1365->1368 1369 4031ad 1365->1369 1367 40316b DefWindowProcA 1366->1367 1376 40317b 1367->1376 1368->1367 1369->1367 1370 4031b2 11 API calls 1369->1370 1371 40325e 1370->1371 1372 403246 IsWindow 1370->1372 1374 403282 DrawTextA EndPaint 1371->1374 1372->1371 1373 403251 GetWindowLongA 1372->1373 1373->1371 1375 4032a4 DeleteObject 1374->1375 1374->1376 1375->1376 1299 402e89 1305 4043f5 1299->1305 1302 402eff KillTimer 1303 402f05 DefWindowProcA 1302->1303 1304 402f17 1303->1304 1306 402e9a SetTimer GetModuleHandleA MessageBoxIndirectA 1305->1306 1306->1302 1377 401489 1378 401502 1377->1378 1379 40181a 1377->1379 1380 401508 1378->1380 1415 4017e9 1378->1415 1381 401cb3 1379->1381 1382 401827 1379->1382 1383 4017b8 GetModuleHandleA CreateCursor 1380->1383 1384 40150f 1380->1384 1385 402f05 DefWindowProcA 1381->1385 1391 401ccc 1381->1391 1483 401d1d 1381->1483 1386 401893 1382->1386 1387 40182b 1382->1387 1388 40269a SetTimer 1383->1388 1389 401516 1384->1389 1390 401669 1384->1390 1394 4017b1 1385->1394 1392 4018b7 1386->1392 1393 40189f KillTimer 1386->1393 1395 401873 GetCursor 1387->1395 1387->1415 1388->1385 1399 401530 BeginPaint CreateCompatibleDC 1389->1399 1400 40151b 1389->1400 1396 401675 GetWindowRect 1390->1396 1397 401743 1390->1397 1391->1385 1555 404111 1391->1555 1403 4018c0 1392->1403 1404 4018e4 1392->1404 1518 4032fd 1393->1518 1395->1385 1398 401887 SetCursor 1395->1398 1514 4041f6 1396->1514 1410 401755 1397->1410 1416 404294 2 API calls 1397->1416 1398->1385 1413 40155e SelectObject 1399->1413 1400->1385 1409 401522 DestroyWindow 1400->1409 1401 4017fa PostMessageA 1401->1385 1403->1385 1414 4018cc KillTimer 1403->1414 1405 401b24 1404->1405 1406 4018ef 1404->1406 1405->1385 1432 401b47 FindWindowExA 1405->1432 1421 401902 GetKeyState 1406->1421 1422 401926 1406->1422 1407 401ea3 1407->1388 1427 402b88 MessageBoxA 1407->1427 1409->1385 1418 401772 1410->1418 1419 401765 DestroyCursor 1410->1419 1412 4018b2 1412->1385 1433 401572 1413->1433 1532 4034c6 GetKeyState 1414->1532 1415->1385 1415->1401 1416->1410 1417 401cf4 1417->1385 1445 402f8e 23 API calls 1417->1445 1425 401781 DeleteObject 1418->1425 1426 40178a 1418->1426 1419->1418 1421->1422 1428 40190b GetKeyState 1421->1428 1429 401938 1422->1429 1430 40192f GetKeyState 1422->1430 1424 401595 BitBlt SelectObject SelectObject 1424->1433 1425->1426 1434 401793 DeleteObject 1426->1434 1435 40179c KillTimer PostQuitMessage 1426->1435 1427->1385 1428->1422 1436 401914 GetKeyState 1428->1436 1438 401941 GetKeyState 1429->1438 1439 40194a 1429->1439 1430->1429 1437 40195c 1430->1437 1431 4041f6 WritePrivateProfileStringA 1440 4016ac 1431->1440 1441 401b74 KillTimer GetClientRect 1432->1441 1442 401b5a FindWindowExA 1432->1442 1433->1424 1446 401605 BitBlt SelectObject 1433->1446 1434->1435 1435->1394 1436->1422 1447 40191d GetKeyState 1436->1447 1451 4019ee PostMessageA 1437->1451 1438->1437 1438->1439 1448 401953 GetKeyState 1439->1448 1449 401967 1439->1449 1450 4041f6 WritePrivateProfileStringA 1440->1450 1443 401b94 GetVersion 1441->1443 1444 401bc9 GetVersion 1441->1444 1442->1385 1452 401b6f 1442->1452 1453 401c00 CreateWindowExA GetStockObject SendMessageA GetWindowLongA SetWindowLongA 1443->1453 1444->1453 1445->1412 1446->1413 1455 40164b DeleteDC EndPaint 1446->1455 1447->1422 1447->1437 1448->1437 1448->1449 1457 401993 1449->1457 1458 40196f GetKeyState 1449->1458 1456 4016bf 1450->1456 1454 4019fc 1451->1454 1452->1441 1460 401c44 1453->1460 1461 401c49 7 API calls 1453->1461 1464 401a08 GetTickCount wsprintfA 1454->1464 1465 401a4c 1454->1465 1455->1394 1466 4041f6 WritePrivateProfileStringA 1456->1466 1462 4019a5 1457->1462 1463 40199c GetKeyState 1457->1463 1458->1457 1467 401978 GetKeyState 1458->1467 1459 404111 4 API calls 1497 401db5 1459->1497 1460->1461 1461->1385 1470 401c94 SendMessageA SetFocus 1461->1470 1471 4019b7 1462->1471 1472 4019ae GetKeyState 1462->1472 1463->1462 1469 4019c9 Sleep 1463->1469 1473 401ae1 GetWindowTextA 1464->1473 1474 401a53 GetTickCount 1465->1474 1475 401ac6 1465->1475 1476 4016d2 1466->1476 1467->1457 1468 401981 GetKeyState 1467->1468 1468->1457 1477 40198a GetKeyState 1468->1477 1469->1451 1470->1385 1471->1454 1478 4019c0 GetKeyState 1471->1478 1472->1469 1472->1471 1502 401b09 1473->1502 1479 401a85 wsprintfA 1474->1479 1480 401a7e 1474->1480 1475->1473 1481 4041f6 WritePrivateProfileStringA 1476->1481 1477->1457 1477->1469 1478->1454 1478->1469 1479->1473 1480->1479 1482 4016ea 1481->1482 1484 4041f6 WritePrivateProfileStringA 1482->1484 1483->1385 1483->1407 1483->1459 1485 4016ff 1484->1485 1486 4041f6 WritePrivateProfileStringA 1485->1486 1487 401718 1486->1487 1489 4041f6 WritePrivateProfileStringA 1487->1489 1488 401e6b SetWindowTextA 1488->1385 1490 40172b 1489->1490 1491 4041f6 WritePrivateProfileStringA 1490->1491 1491->1397 1492 401e14 DeleteFileA 1493 401e23 1492->1493 1494 401e76 GetModuleHandleA GetModuleFileNameA CopyFileA 1492->1494 1563 403ea0 1493->1563 1494->1407 1496 401eb3 CreateFileA GetFileSize 1494->1496 1498 401ee0 1496->1498 1512 40201e 1496->1512 1497->1385 1497->1492 1584 40424c GetProcessHeap HeapAlloc 1498->1584 1500 403ea0 18 API calls 1505 40203b 1500->1505 1501 401eed SetFilePointer ReadFile 1509 401f12 1501->1509 1502->1385 1502->1488 1503 40204d 1507 4020da GetModuleHandleA MessageBoxIndirectA 1503->1507 1504 4020b4 wsprintfA 1504->1507 1505->1503 1505->1504 1506 401fd5 1508 401fed SetFilePointer WriteFile CloseHandle 1506->1508 1507->1385 1510 402018 1508->1510 1508->1512 1509->1506 1513 401f8e wsprintfA 1509->1513 1511 404294 2 API calls 1510->1511 1511->1512 1512->1500 1513->1509 1515 40169c 1514->1515 1516 404217 1514->1516 1515->1431 1516->1515 1517 40423c WritePrivateProfileStringA 1516->1517 1517->1515 1519 403324 1518->1519 1522 40332a 1518->1522 1521 4042af 2 API calls 1519->1521 1521->1522 1523 403359 1522->1523 1585 404266 1522->1585 1524 403364 GetAsyncKeyState 1523->1524 1525 403389 GetCursorPos 1523->1525 1524->1523 1524->1525 1527 4033a6 1525->1527 1529 4033d9 1525->1529 1527->1529 1531 4033b2 MapVirtualKeyA 1527->1531 1528 40343f GetForegroundWindow GetTickCount 1530 4034af SetTimer 1528->1530 1529->1528 1529->1530 1530->1412 1531->1529 1533 4034e1 GetKeyState 1532->1533 1535 4034ed 1532->1535 1533->1535 1534 403839 1534->1412 1536 4035af 1535->1536 1539 40354f 1535->1539 1544 4034fb 1535->1544 1547 40365e 1535->1547 1537 4042af 2 API calls 1536->1537 1540 4036ca 1537->1540 1538 403833 PostMessageA 1538->1534 1541 4035f0 GetSystemMetrics GetSystemMetrics mouse_event SetCursorPos 1539->1541 1542 40355c 1539->1542 1543 40380a 1540->1543 1546 4036f5 1540->1546 1541->1536 1542->1536 1548 40356a 1542->1548 1549 4035bd mouse_event 1542->1549 1543->1544 1545 403812 GetDoubleClickTime Sleep 1543->1545 1544->1534 1544->1538 1545->1544 1552 4037d1 SetTimer 1546->1552 1554 403746 GetSystemMetrics GetSystemMetrics mouse_event SetCursorPos Sleep 1546->1554 1547->1536 1551 40369a MapVirtualKeyA keybd_event 1547->1551 1548->1536 1550 403582 mouse_event 1548->1550 1549->1536 1550->1536 1551->1536 1552->1534 1554->1546 1556 404132 1555->1556 1562 40419b 1555->1562 1557 404150 GetForegroundWindow 1556->1557 1558 404140 IsWindow 1556->1558 1559 40414b 1557->1559 1558->1557 1558->1559 1560 404196 GetSaveFileNameA 1559->1560 1561 40418f GetOpenFileNameA 1559->1561 1560->1562 1561->1562 1562->1417 1564 403eed 1563->1564 1572 403f96 1563->1572 1565 4041b8 ExpandEnvironmentStringsA 1564->1565 1564->1572 1566 403f03 1565->1566 1567 403f9b CreateFileA 1566->1567 1571 403f36 1566->1571 1568 403fc4 1567->1568 1574 404069 1568->1574 1588 403b09 1568->1588 1570 403fd8 1570->1574 1579 404053 CreateFileA 1570->1579 1583 404022 CreateDirectoryA 1570->1583 1571->1572 1573 403f71 CreateDirectoryA 1571->1573 1572->1502 1573->1571 1574->1572 1576 404096 1574->1576 1577 4040b5 SetFilePointer 1574->1577 1578 4040a8 GetFileSize 1574->1578 1582 4040f1 CloseHandle 1574->1582 1576->1577 1580 4040da WriteFile 1577->1580 1581 4040ca CloseHandle 1577->1581 1578->1577 1579->1574 1580->1582 1581->1572 1582->1572 1583->1570 1584->1501 1586 404272 GetProcessHeap HeapReAlloc 1585->1586 1587 404285 GetProcessHeap HeapAlloc 1585->1587 1586->1523 1587->1523 1589 403b49 1588->1589 1590 403bc7 1588->1590 1589->1590 1591 4041b8 ExpandEnvironmentStringsA 1589->1591 1590->1570 1592 403b5e GetFileAttributesA 1591->1592 1592->1590 1593 403b72 1592->1593 1594 403bcf FindFirstFileA 1593->1594 1598 403b9a CreateFileA 1593->1598 1595 403be9 1594->1595 1596 403bfa 1595->1596 1602 403c08 1595->1602 1596->1590 1597 403bff FindClose 1596->1597 1597->1590 1598->1590 1599 403bc0 CloseHandle 1598->1599 1599->1590 1600 403c43 FindNextFileA 1601 403c55 FindClose 1600->1601 1600->1602 1601->1602 1602->1590 1602->1600 1603 403c5e 1602->1603 1603->1590 1604 403c62 FindClose 1603->1604 1604->1590 1608 402b6e 1609 402b88 MessageBoxA 1608->1609 1610 402f05 DefWindowProcA 1609->1610 1611 402f17 1610->1611 1618 402cd3 GetWindowRect 1619 402ce9 SetWindowPos InvalidateRect UpdateWindow 1618->1619 1621 402f05 DefWindowProcA 1619->1621 1622 402f17 1621->1622 1623 4032b3 GetWindowLongA 1624 4032da 1623->1624 1625 4032cc GetWindowTextA 1623->1625 1626 4032f1 DefWindowProcA 1624->1626 1627 4032e8 CallWindowProcA 1624->1627 1625->1624 1628 4032f7 1626->1628 1627->1628 1629 402b94 1630 402bb2 1629->1630 1631 402baa SetTimer 1629->1631 1632 402bb8 wsprintfA MessageBoxA 1630->1632 1633 402c1f wsprintfA MessageBoxA 1630->1633 1631->1630 1638 402bfb 1632->1638 1633->1638 1635 402eff KillTimer 1636 402f05 DefWindowProcA 1635->1636 1637 402f17 1636->1637 1638->1635 1639 402a95 1640 402f05 DefWindowProcA 1639->1640 1641 402f17 1640->1641 1642 402d18 1643 402d24 GetPrivateProfileStringA 1642->1643 1644 402dd9 WritePrivateProfileStringA 1642->1644 1648 402d52 1643->1648 1645 402dd4 1644->1645 1646 40392f 29 API calls 1645->1646 1647 402e03 GetWindowLongA 1646->1647 1649 402e1a SetWindowLongA 1647->1649 1651 404111 4 API calls 1648->1651 1652 402e3b SetWindowPos InvalidateRect UpdateWindow 1649->1652 1653 402db5 1651->1653 1654 402f05 DefWindowProcA 1652->1654 1653->1654 1655 4041f6 WritePrivateProfileStringA 1653->1655 1656 402f17 1654->1656 1655->1645 1660 402afa 1661 402b17 1660->1661 1662 402b88 MessageBoxA 1661->1662 1663 402f05 DefWindowProcA 1661->1663 1662->1663 1664 402f17 1663->1664 1665 402e5b ShellExecuteA 1666 402f05 DefWindowProcA 1665->1666 1667 402e75 1665->1667 1668 402f17 1666->1668 1667->1666 1669 402c9c SetWindowPos 1670 402f05 DefWindowProcA 1669->1670 1671 402f17 1670->1671

              Callgraph

              Hide Legend
              • Executed
              • Not Executed
              • Opacity -> Relevance
              • Disassembly available
              callgraph 0 Function_00403842 1 Function_00402B44 2 Function_00404745 37 Function_00404713 2->37 38 Function_00404294 2->38 3 Function_004034C6 54 Function_004042AF 3->54 4 Function_00402148 5 Function_004042CA 4->5 4->38 6 Function_0040424C 7 Function_0040454C 8 Function_00402ACD 9 Function_004044CF 10 Function_00403D51 10->6 10->38 57 Function_004041B8 10->57 11 Function_00402CD3 12 Function_004043D7 13 Function_00402E5B 14 Function_00402462 14->5 15 Function_00404464 16 Function_004026E5 17 Function_00404266 18 Function_00402B6E 19 Function_00402AEF 20 Function_00403C71 20->57 21 Function_004043F5 22 Function_004041F6 25 Function_0040457D 22->25 23 Function_00402AFA 24 Function_004032FD 24->17 24->54 51 Function_004045AA 25->51 26 Function_00404680 26->2 27 Function_00401000 26->27 26->37 52 Function_0040472D 26->52 27->5 27->12 27->15 27->20 33 Function_00402F8E 27->33 41 Function_00404617 27->41 43 Function_00404399 27->43 44 Function_0040441B 27->44 53 Function_0040392F 27->53 28 Function_00403108 28->12 29 Function_00401489 29->3 29->5 29->6 29->7 29->9 29->12 29->15 29->21 29->22 29->24 32 Function_0040430D 29->32 29->33 34 Function_0040448E 29->34 36 Function_00404111 29->36 29->38 46 Function_00403EA0 29->46 60 Function_0040433F 29->60 30 Function_00403B09 30->12 30->34 50 Function_00404525 30->50 30->57 31 Function_00402E89 31->21 33->6 33->7 33->10 33->20 33->21 33->38 33->54 35 Function_00404710 36->21 39 Function_00402B94 39->41 40 Function_00402A95 47 Function_00404622 41->47 42 Function_00402D18 42->12 42->15 42->22 42->36 42->53 43->32 45 Function_00402C9C 46->12 46->30 46->50 46->57 48 Function_00402AA4 49 Function_00402B24 52->6 53->0 55 Function_00402AAF 56 Function_004032B3 57->21 57->50 58 Function_00402B39 59 Function_00402ABD

              Executed Functions

              APIs
              • DestroyWindow.USER32(?), ref: 00401525
              • BeginPaint.USER32(?,?), ref: 0040153A
              • CreateCompatibleDC.GDI32(?), ref: 00401546
              • SelectObject.GDI32(?), ref: 00401567
              • BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 004015C4
              • SelectObject.GDI32(00000002,?), ref: 004015CC
              • SelectObject.GDI32(00000002), ref: 004015D7
              • BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086), ref: 00401634
              • SelectObject.GDI32(00000002,?), ref: 0040163C
              • DeleteDC.GDI32(00000006), ref: 0040164E
              • EndPaint.USER32(?,?,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 0040165E
              • GetWindowRect.USER32(?,?), ref: 0040167C
              • DestroyCursor.USER32(00020479), ref: 00401766
              • DeleteObject.GDI32(31050E64), ref: 00401782
              • DeleteObject.GDI32(13050E58), ref: 00401794
              • KillTimer.USER32(?,000003ED), ref: 004017A4
              • GetModuleHandleA.KERNEL32(00000000,00000005,00000000,00000020,00000020,004051B8,00405238), ref: 004017CA
              • CreateCursor.USER32(00000000), ref: 004017D1
              • PostMessageA.USER32(?,00000111,?,00000000), ref: 004017FD
              • GetCursor.USER32 ref: 00401873
              • SetCursor.USER32(00020479), ref: 00401888
              • SetTimer.USER32(?,000003ED,00000032,00000000), ref: 0040269D
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Object$CursorSelect$DeleteWindow$CreateDestroyPaintTimer$BeginCompatibleHandleKillMessageModulePostProcRect
              • String ID: Compile Error$ Compile successful "%s" (%d %s)Program attributes:---------------------------------- Execution Speed: %d%sx Repeat Loops: %d$ MB$ n@$%02d:%02d (%d/%d%s)$%05d$.exe$.rec$About TinyTask$C:\Users\user\Desktop\download\tinytask.ini$EDIT$Nothing RecordedPress the blue button to start a new recording$O$Program Files (*.exe)$REC %02d:%02d$Recording Files (*.rec)$STATIC$Set Custom Speed$Set Playback Loops$TinyTask$Unable to write file$hide_captions$play_key$record_key$speed$speed_custom$tinytask.net$toolbar_padding$topmost$window_x$window_y
              • API String ID: 3974302151-1615398099
              • Opcode ID: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
              • Instruction ID: f722533ecfca98a017aa9ff3a069563f491adbaca09d2f8958cd1ec79fb6b22f
              • Opcode Fuzzy Hash: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
              • Instruction Fuzzy Hash: 8B7292B1900209BBDF209F64DD49EAF7B79EB44344F11413AF606B62E1DB788E509F68
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 267 401000-401077 call 4043d7 270 401079 267->270 271 40107b-401097 call 40441b 267->271 270->271 274 4010a1-4010a8 call 404617 271->274 275 401099-40109f 271->275 276 4010ad-4010c9 call 403c71 274->276 275->276 281 40124f-4012a7 call 4042ca LoadIconA RegisterClassExA 276->281 282 4010cf-4010ec GetModuleHandleA GetModuleFileNameA 276->282 291 4012c0-4012c7 281->291 292 4012a9-4012af 281->292 283 4010f5-4010fc 282->283 284 4010ee-4010f4 call 4043d7 282->284 288 4010fe-40110c 283->288 289 40111f-4011d3 call 404464 GetPrivateProfileIntA call 40392f GetSystemMetrics * 2 GetPrivateProfileIntA * 2 SetRect GetDC RectVisible 283->289 284->283 288->289 293 40110e-401110 288->293 309 4011e1-40124d GetPrivateProfileIntA * 6 289->309 310 4011d5-4011de 289->310 296 4012d0 291->296 297 4012c9-4012ce 291->297 295 4012b4-4012bb MessageBoxA 292->295 293->289 298 401112-401115 293->298 300 4013f3-4013f5 295->300 301 4012d2-40130b CreateWindowExA 296->301 297->301 302 401117-40111a 298->302 303 40111c-40111d 298->303 305 401482-401486 300->305 306 40131a-401341 ShowWindow UpdateWindow 301->306 307 40130d-401318 301->307 302->303 303->288 311 401343-40134a 306->311 312 4013b6-4013bd 306->312 307->295 309->281 310->309 311->312 313 40134c-401356 311->313 314 4013c3-4013f1 GetModuleHandleA GetModuleFileNameA call 402f8e 312->314 315 40144a-401456 312->315 317 401358-401367 call 4043d7 313->317 318 401369 313->318 314->300 326 4013fa-401403 314->326 316 401457-40145b KiUserCallbackDispatcher 315->316 323 40145d-401460 316->323 324 40147f 316->324 322 40136b-401373 317->322 318->322 327 4013a4-4013b1 call 402f8e 322->327 328 401375-401385 322->328 323->324 329 401462-40147d TranslateMessage DispatchMessageA 323->329 324->305 330 401405-40140b call 404617 326->330 331 40140c-40141d 326->331 327->315 328->327 332 401387-40138a 328->332 329->316 330->331 337 401427-40142e call 404617 331->337 338 40141f-401425 331->338 335 4013a1-4013a2 332->335 336 40138c-40139f call 404399 332->336 335->328 336->328 342 401433-401444 PostMessageA 337->342 338->342 342->315
              APIs
              • GetModuleHandleA.KERNEL32(00000000,C:\Users\user\Desktop\download\tinytask.ini,000000FF,?,00000000), ref: 004010DB
              • GetModuleFileNameA.KERNEL32(00000000,?,00000000), ref: 004010E2
              • GetPrivateProfileIntA.KERNEL32(TinyTask,toolbar_padding,00000005,C:\Users\user\Desktop\download\tinytask.ini), ref: 0040113B
              • GetSystemMetrics.USER32(00000000), ref: 00401153
              • GetSystemMetrics.USER32(00000001), ref: 0040116F
              • GetPrivateProfileIntA.KERNEL32(TinyTask,window_x,?,C:\Users\user\Desktop\download\tinytask.ini), ref: 00401193
              • GetPrivateProfileIntA.KERNEL32(TinyTask,window_y,?,C:\Users\user\Desktop\download\tinytask.ini), ref: 004011A2
              • SetRect.USER32(?,00404702,00000000,00404703,00000001), ref: 004011B8
              • GetDC.USER32(00000000), ref: 004011C4
              • RectVisible.GDI32(00000000), ref: 004011CB
              • GetPrivateProfileIntA.KERNEL32(TinyTask,speed,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 004011EA
              • GetPrivateProfileIntA.KERNEL32(TinyTask,speed_custom,00000008,C:\Users\user\Desktop\download\tinytask.ini), ref: 004011FA
              • GetPrivateProfileIntA.KERNEL32(TinyTask,topmost,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 0040120A
              • GetPrivateProfileIntA.KERNEL32(TinyTask,hide_captions,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 00401223
              • GetPrivateProfileIntA.KERNEL32(TinyTask,record_key,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 00401236
              • GetPrivateProfileIntA.KERNEL32(TinyTask,play_key,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 00401246
              • LoadIconA.USER32(00000000,00000FA1), ref: 0040127C
              • RegisterClassExA.USER32(?), ref: 0040129E
              • MessageBoxA.USER32(00000000,Startup Failure: CreateWindow,TinyTask,00012030), ref: 004012B5
              • CreateWindowExA.USER32(00000000,TinyTaskClass,TinyTask,00000000,00404702,?,000000E0,?,00000000,00000000,000000E0,00000000), ref: 004012FE
              • ShowWindow.USER32(00000000,-00000005,?,?,?,?,00000000), ref: 0040132C
              • UpdateWindow.USER32 ref: 00401338
              • GetModuleHandleA.KERNEL32(00000000,?,000000FF,?,?,?,?,00000000), ref: 004013D0
              • GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,00000000), ref: 004013D7
                • Part of subcall function 00402F8E: wsprintfA.USER32 ref: 00402FD3
                • Part of subcall function 00402F8E: MessageBoxA.USER32(00000000,Memory allocation error!,TinyTask,00000000), ref: 00402FF4
              • PostMessageA.USER32(00000111,00008003,00000000,?), ref: 00401444
              • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00401457
              • TranslateMessage.USER32(?), ref: 00401466
              • DispatchMessageA.USER32(?), ref: 00401470
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: PrivateProfile$Message$Module$Window$FileHandleMetricsNameRectSystem$CallbackClassCreateDispatchDispatcherIconLoadPostRegisterShowTranslateUpdateUserVisiblewsprintf
              • String ID: $$$$$$.ini$36352$@@@@@$C:\Users\user\Desktop\download\tinytask.ini$Startup Failure: CreateWindow$Startup Failure: RegisterClass$TinyTask$TinyTaskClass$hide_captions$play_key$record_key$speed$speed_custom$toolbar_padding$topmost$window_x$window_y
              • API String ID: 1572435291-2735791562
              • Opcode ID: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
              • Instruction ID: d9edc85bb2d409bc0d29e18e2679463e6c24fd010db42a333d5d0c6795cbaa8e
              • Opcode Fuzzy Hash: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
              • Instruction Fuzzy Hash: 14D18071A00209AFEB10DFB4DD49BAF7BB8EB44304F10453AF606FA1E1D77999548B68
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 346 402148-40215a mouse_event 347 40215c-40215f 346->347 348 402161-402167 347->348 349 4021db-4021e2 347->349 348->349 350 402169-40216f 348->350 349->347 351 4021e8-402220 call 4042ca SetKeyboardState 349->351 350->349 353 402171-40217b GetAsyncKeyState 350->353 359 402222-402230 GetAsyncKeyState 351->359 355 4021a6-4021a9 353->355 356 40217d-402180 353->356 360 4021b0-4021b3 355->360 361 4021ab-4021ae 355->361 357 402182-402185 356->357 358 402195-402196 GetAsyncKeyState 356->358 357->358 362 402187-40218a 357->362 364 40219c-4021a4 358->364 359->359 363 402232-40223f GetKeyState 359->363 365 4021c8-4021ca 360->365 366 4021b5-4021b8 360->366 361->360 361->365 362->358 367 40218c-402193 GetKeyState 362->367 368 402245-40225c VkKeyScanA * 2 363->368 369 4022fb-40230b Sleep 363->369 364->349 364->355 371 4021cb-4021d9 MapVirtualKeyA keybd_event 365->371 366->365 370 4021ba-4021bd 366->370 367->364 372 402272 368->372 373 40225e-402270 MapVirtualKeyA keybd_event 368->373 374 402384-4023b4 KillTimer GetTickCount 369->374 375 40230d-40231e 369->375 370->365 376 4021bf-4021c2 370->376 371->349 379 402278-40227d 372->379 373->379 377 4023b6 374->377 378 4023bb-4023cc SetWindowTextA 374->378 380 402320-402327 call 404294 375->380 381 40232d-402348 GetCursorPos 375->381 376->365 382 4021c4-4021c6 376->382 377->378 383 4023d2-4023e6 378->383 384 402f05-402f1b DefWindowProcA 378->384 385 402283-402285 379->385 386 40227f-402281 379->386 380->381 388 40234d-402361 GetKeyState 381->388 382->371 390 4023e8-4023f3 383->390 391 40240d-40240f 383->391 392 402297-402299 385->392 394 402287-402289 385->394 386->385 386->392 388->388 389 402363-40237f GetTickCount SetTimer 388->389 396 402451-40245d InvalidateRect 389->396 390->391 397 4023f5-4023fb 390->397 398 402411-402413 391->398 399 402419-402423 391->399 401 40229a-4022b1 MapVirtualKeyA keybd_event 392->401 394->392 400 40228b-40228d 394->400 396->384 404 402405-40240b 397->404 405 4023fd-402403 397->405 398->399 399->396 406 402425 399->406 400->392 407 40228f-402291 400->407 402 4022b3-4022b5 401->402 403 4022b7-4022b9 401->403 402->403 408 4022cb-4022cd 402->408 403->408 409 4022bb-4022bd 403->409 404->390 404->391 405->391 405->404 410 40242c-40244f call 4042ca 406->410 407->392 411 402293-402295 407->411 413 4022ce-4022ec MapVirtualKeyA keybd_event VkKeyScanA 408->413 409->408 412 4022bf-4022c1 409->412 410->396 418 402427 410->418 411->401 412->408 416 4022c3-4022c5 412->416 413->369 417 4022ee-4022f9 MapVirtualKeyA keybd_event 413->417 416->408 419 4022c7-4022c9 416->419 417->369 418->410 419->413
              APIs
              • mouse_event.USER32(00000004), ref: 0040214E
              • GetAsyncKeyState.USER32(00000000), ref: 00402172
              • GetKeyState.USER32(00000000), ref: 0040218D
              • GetAsyncKeyState.USER32(00000000), ref: 00402196
              • MapVirtualKeyA.USER32(00000000), ref: 004021D1
              • keybd_event.USER32(00000000,00000000,?,00000001), ref: 004021D9
              • SetKeyboardState.USER32(?), ref: 0040221A
              • GetAsyncKeyState.USER32(00000000), ref: 00402223
              • GetKeyState.USER32(00000091), ref: 00402237
              • VkKeyScanA.USER32(00000091), ref: 0040224D
              • VkKeyScanA.USER32(00000091), ref: 00402254
              • MapVirtualKeyA.USER32(00000010), ref: 00402269
              • keybd_event.USER32(00000010,00000000), ref: 0040226E
              • MapVirtualKeyA.USER32(?), ref: 004022A4
              • keybd_event.USER32(?,00000000,?,00000001), ref: 004022AA
              • MapVirtualKeyA.USER32(?), ref: 004022D6
              • keybd_event.USER32(?,00000000,?,00000001), ref: 004022DC
              • VkKeyScanA.USER32(00000091), ref: 004022E0
              • MapVirtualKeyA.USER32(00000010), ref: 004022F4
              • keybd_event.USER32(00000010,00000000,?,00000002), ref: 004022F9
              • Sleep.KERNEL32(00000001), ref: 004022FF
              • GetCursorPos.USER32(?), ref: 00402337
              • GetKeyState.USER32(00000001), ref: 0040234E
              • GetTickCount.KERNEL32 ref: 00402363
              • SetTimer.USER32(?,000003E9,0000000A), ref: 00402379
              • KillTimer.USER32(?,000003E9), ref: 0040238C
              • GetTickCount.KERNEL32 ref: 00402392
              • SetWindowTextA.USER32(?,00406B18), ref: 004023BF
              • InvalidateRect.USER32(?,?,00000001), ref: 00402457
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: State$Virtualkeybd_event$AsyncScan$CountTickTimerWindow$CursorInvalidateKeyboardKillProcRectSleepTextmouse_event
              • String ID: TinyTask
              • API String ID: 1390587733-3209981168
              • Opcode ID: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
              • Instruction ID: 031df1eed1d18bf0559545632a0af1d58a23b815c6d10fae845eb6c15e90b205
              • Opcode Fuzzy Hash: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
              • Instruction Fuzzy Hash: AC913D71900108AFDF255B98DE8CABF3B29E745344F11417BF502BA2E1C7B84D829B6D
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 487 40392f-403962 488 403b05-403b08 487->488 489 403968-40396b 487->489 489->488 490 403971-4039a5 GetPrivateProfileStringA 489->490 491 4039ab-4039cd LoadImageA 490->491 492 403a3e-403a5b GetModuleHandleA LoadImageA 490->492 493 4039f8-403a2b MessageBoxA WritePrivateProfileStringA 491->493 494 4039cf-4039e0 GetObjectA 491->494 495 403a5e-403a65 492->495 493->492 497 403a2d-403a36 DeleteObject 493->497 494->493 496 4039e2-4039ee 494->496 498 403a67-403a68 DeleteObject 495->498 499 403a6e-403a7d 495->499 496->493 500 4039f0-4039f6 GetSystemMetrics 496->500 501 403a39-403a3c 497->501 498->499 502 403a86-403b03 call 403842 GetObjectA KiUserCallbackDispatcher GetSystemMetrics * 2 499->502 503 403a7f-403a80 DeleteObject 499->503 500->493 500->501 501->492 501->495 502->488 503->502
              APIs
              • GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00406E20,?,000000FF,C:\Users\user\Desktop\download\tinytask.ini), ref: 00403993
              • LoadImageA.USER32(00000000,?,00000000,00000000,00000000,00002050), ref: 004039C2
              • GetObjectA.GDI32(00000000,00000018,?), ref: 004039D6
              • GetSystemMetrics.USER32(00000000), ref: 004039F1
              • MessageBoxA.USER32(00000000,Invalid toolbar BMP (too small or big)Reverting to stock toolbar,?,00000000), ref: 00403A10
              • WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00000000,C:\Users\user\Desktop\download\tinytask.ini), ref: 00403A22
              • DeleteObject.GDI32(?), ref: 00403A30
              • GetModuleHandleA.KERNEL32(00000000,00000FA2,00000000,00000000,00000000,00000000), ref: 00403A4E
              • LoadImageA.USER32(00000000), ref: 00403A55
              • DeleteObject.GDI32(31050E64), ref: 00403A68
              • DeleteObject.GDI32(13050E58), ref: 00403A80
              • GetObjectA.GDI32(00000018,?), ref: 00403AA5
              • KiUserCallbackDispatcher.NTDLL(00000007), ref: 00403AC2
              • GetSystemMetrics.USER32(00000004), ref: 00403AD1
              • GetSystemMetrics.USER32(00000007), ref: 00403AEC
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Object$DeleteMetricsSystem$ImageLoadPrivateProfileString$CallbackDispatcherHandleMessageModuleUserWrite
              • String ID: C:\Users\user\Desktop\download\tinytask.ini$Invalid toolbar BMP (too small or big)Reverting to stock toolbar$TinyTask$toolbar_image
              • API String ID: 2380985136-3306592053
              • Opcode ID: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
              • Instruction ID: 6cafae0cf05febae9f13d51d9b0e4cd575cb5ae2a350ff58d1696014d4f6fbac
              • Opcode Fuzzy Hash: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
              • Instruction Fuzzy Hash: 3F5196B1A40208AFDB10DF64DE85AAF7BBDEB44301F11407AF602F6291D6749E50CF98
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 512 402d18-402d1e 513 402d24-402d50 GetPrivateProfileStringA 512->513 514 402dd9-402def WritePrivateProfileStringA 512->514 515 402d52-402d5e call 4043d7 513->515 516 402d5f-402d6a 513->516 517 402df6-402e18 call 40392f GetWindowLongA 514->517 515->516 520 402d6c-402d7c 516->520 521 402d8e-402dad call 404464 516->521 528 402e21 517->528 529 402e1a-402e1f 517->529 520->521 525 402d7e-402d80 520->525 533 402db0 call 404111 521->533 525->521 526 402d82-402d85 525->526 531 402d87-402d89 526->531 532 402d8b-402d8c 526->532 530 402e26-402e56 SetWindowLongA SetWindowPos InvalidateRect UpdateWindow 528->530 529->530 537 402f05-402f11 DefWindowProcA 530->537 531->532 532->520 535 402db5-402dba 533->535 536 402dc0-402dd7 call 4041f6 535->536 535->537 536->517 539 402f17-402f1b 537->539
              APIs
              • GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,C:\Users\user\Desktop\download\tinytask.ini,?,000000FF,C:\Users\user\Desktop\download\tinytask.ini), ref: 00402D42
              • WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,?,C:\Users\user\Desktop\download\tinytask.ini), ref: 00402DE9
              • GetWindowLongA.USER32(?,000000F0), ref: 00402E0B
              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00402E2D
              • SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
              • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
              • UpdateWindow.USER32(?), ref: 00402E50
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Window$LongPrivateProfileString$InvalidateProcRectUpdateWrite
              • String ID: *.bmp$C:\Users\user\Desktop\download\tinytask.ini$TinyTask$\*.bmp$toolbar_image
              • API String ID: 2213434243-436503657
              • Opcode ID: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
              • Instruction ID: 3329009130effa698441a7dd3716a60a1eb201f56e1adaa016a922858c527409
              • Opcode Fuzzy Hash: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
              • Instruction Fuzzy Hash: 9831BA32840519AADB10AB90DD4DFEF3768EF45301F10007BFA02B91D1DBB98A848FA9
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 246 4026e5-4026ea 247 4026f0-402741 CreatePopupMenu AppendMenuA * 2 246->247 248 402f05-402f11 DefWindowProcA 246->248 250 402743-402746 247->250 251 402748 247->251 249 402f17-402f1b 248->249 252 40274a-40275f AppendMenuA 250->252 251->252 253 402761-402764 252->253 254 402766 252->254 255 402768-402798 AppendMenuA wsprintfA 253->255 254->255 256 40279a-40279d 255->256 257 4027ae 255->257 256->257 258 40279f-4027a2 256->258 259 4027b0-402803 AppendMenuA * 4 257->259 258->257 260 4027a4-4027a7 258->260 261 402805-402807 259->261 262 402808-402a4f wsprintfA AppendMenuA * 2 CreatePopupMenu AppendMenuA * 5 CreatePopupMenu AppendMenuA * 15 GetCursorPos GetWindowRect PtInRect 259->262 260->257 263 4027a9-4027ac 260->263 261->262 264 402a51-402a61 262->264 265 402a63-402a6e 262->265 263->259 264->265 266 402a71-402a8f TrackPopupMenu DestroyMenu 264->266 265->266 266->248
              APIs
              • CreatePopupMenu.USER32 ref: 004026F0
              • AppendMenuA.USER32(00000000,-00000009,00008006,0040649C), ref: 0040271C
              • AppendMenuA.USER32(00000000,-00000008,00008007,Play Speed: &1x), ref: 00402738
              • AppendMenuA.USER32(00000000,00000000,00008008,Play Speed: &2x), ref: 00402756
              • AppendMenuA.USER32(00000000,00000000,0000800A,Play Speed: 100x), ref: 00402774
              • wsprintfA.USER32 ref: 00402788
              • AppendMenuA.USER32(?,00000000,00008009,?), ref: 004027C0
              • AppendMenuA.USER32(?,?,00008019,&Set Custom Speed...), ref: 004027D0
              • AppendMenuA.USER32(?,00000800), ref: 004027DD
              • AppendMenuA.USER32(?,00000000,0000800B,&Continuous Playback), ref: 004027F9
              • wsprintfA.USER32 ref: 00402815
              • AppendMenuA.USER32(?,?,0000800C,?), ref: 0040282E
              • AppendMenuA.USER32(?,00000800), ref: 00402836
              • CreatePopupMenu.USER32 ref: 00402838
              • AppendMenuA.USER32(?,00000010,00000000,Recording &Hotkey), ref: 0040284C
              • AppendMenuA.USER32(?,-00000008,0000800F,Control + Shift + Alt + R), ref: 0040286A
              • AppendMenuA.USER32(?,-00000009,00008010,Print Screen), ref: 0040288A
              • AppendMenuA.USER32(?,-00000010,00008011,004063B0), ref: 004028AA
              • AppendMenuA.USER32(?,-00000014,00008012,F12), ref: 004028CA
              • CreatePopupMenu.USER32 ref: 004028CC
              • AppendMenuA.USER32(?,00000010,00000000,Playback Hot&key), ref: 004028E0
              • AppendMenuA.USER32(?,-00000008,00008013,Control + Shift + Alt + P), ref: 004028FE
              • AppendMenuA.USER32(?,-00000009,00008014,Print Screen), ref: 0040291E
              • AppendMenuA.USER32(?,-00000010,00008015,004063B0), ref: 0040293E
              • AppendMenuA.USER32(?,-00000014,00008016,F12), ref: 0040295E
              • AppendMenuA.USER32(?,00000800), ref: 00402966
              • AppendMenuA.USER32(?,00000002,0000800E,00406340), ref: 00402977
              • AppendMenuA.USER32(?,00000800), ref: 0040297F
              • AppendMenuA.USER32(?,00000000,00008017,Always on &Top), ref: 0040299B
              • AppendMenuA.USER32(?,-00000008,00008018,Show Captions), ref: 004029B9
              • AppendMenuA.USER32(?,00000000,0000801A,Use Custom Tool&bar...), ref: 004029D5
              • AppendMenuA.USER32(?,-00000008,0000801B,Use &Default Toolbar), ref: 004029F3
              • AppendMenuA.USER32(?,00000800), ref: 004029FB
              • AppendMenuA.USER32(?,?,0000800D,TinyTask &Website), ref: 00402A0B
              • AppendMenuA.USER32(?,?,0000800E,&About TinyTask 1.77), ref: 00402A1B
              • GetCursorPos.USER32(?), ref: 00402A21
              • GetWindowRect.USER32(?,?), ref: 00402A2E
              • PtInRect.USER32(?,?,?), ref: 00402A3E
              • TrackPopupMenu.USER32(?,?,?,?,?,?), ref: 00402A80
              • DestroyMenu.USER32(?,?,?,?,?,?,?,?,0000800E,&About TinyTask 1.77,?,0000800D,TinyTask &Website), ref: 00402A89
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Menu$Append$Popup$Create$RectWindowwsprintf$CursorDestroyProcTrack
              • String ID: &About TinyTask 1.77$&Continuous Playback$&Play Custom Speed: %dx$&Set Custom Speed...$&Set Playback Loops... (%d)$Always on &Top$Control + Shift + Alt + P$Control + Shift + Alt + R$F12$Play Speed: &1x$Play Speed: &2x$Play Speed: 100x$Playback Hot&key$Print Screen$Recording &Hotkey$Show Captions$TinyTask &Website$Use &Default Toolbar$Use Custom Tool&bar...
              • API String ID: 2447434608-185408970
              • Opcode ID: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
              • Instruction ID: 233a727705327858f4e8fa9ae9d20dfb6b3e24b65606c47886e521afb20f630d
              • Opcode Fuzzy Hash: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
              • Instruction Fuzzy Hash: 3CA1B472A90108BEEF015B64CD46EAE3F78EB55711F114072F901F51E0CBB94E25AFA8
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 420 402462-40246c 421 402472-402478 420->421 422 402f05-402f11 DefWindowProcA 420->422 423 40248a-40248c 421->423 424 40247a-402484 421->424 425 402f17-402f1b 422->425 426 4024a0 423->426 427 40248e-40249e 423->427 424->423 428 4024a6-4024b8 mouse_event 426->428 427->428 429 4024ba-4024bd 428->429 430 402539-402540 429->430 431 4024bf-4024c5 429->431 430->429 432 402546-40257e call 4042ca SetKeyboardState 430->432 431->430 433 4024c7-4024cd 431->433 441 402580-40258e GetAsyncKeyState 432->441 433->430 435 4024cf-4024d9 GetAsyncKeyState 433->435 436 402504-402507 435->436 437 4024db-4024de 435->437 442 402509-40250c 436->442 443 40250e-402511 436->443 439 4024e0-4024e3 437->439 440 4024f3-4024f4 GetAsyncKeyState 437->440 439->440 444 4024e5-4024e8 439->444 446 4024fa-402502 440->446 441->441 445 402590-40259d GetKeyState 441->445 442->443 447 402526-402528 442->447 443->447 448 402513-402516 443->448 444->440 449 4024ea-4024f1 GetKeyState 444->449 450 4025a3-4025ba VkKeyScanA * 2 445->450 451 402659-40266a Sleep 445->451 446->430 446->436 453 402529-402537 MapVirtualKeyA keybd_event 447->453 448->447 452 402518-40251b 448->452 449->446 454 4025d0 450->454 455 4025bc-4025ce MapVirtualKeyA keybd_event 450->455 456 4026a8-4026ae 451->456 457 40266c-402677 451->457 452->447 458 40251d-402520 452->458 453->430 461 4025d6-4025db 454->461 455->461 459 4026b0-4026b7 PostMessageA 456->459 460 4026bd-4026d4 456->460 462 402681-4026a3 GetTickCount SetTimer 457->462 463 402679-40267f 457->463 458->447 464 402522-402524 458->464 459->460 469 4026d6 460->469 470 4026db-4026df 460->470 466 4025e1-4025e3 461->466 467 4025dd-4025df 461->467 462->422 463->456 463->462 464->453 471 4025f5-4025f7 466->471 472 4025e5-4025e7 466->472 467->466 467->471 469->470 470->422 474 401e6b-401e71 SetWindowTextA 470->474 473 4025f8-40260f MapVirtualKeyA keybd_event 471->473 472->471 475 4025e9-4025eb 472->475 476 402611-402613 473->476 477 402615-402617 473->477 474->422 475->471 478 4025ed-4025ef 475->478 476->477 479 402629-40262b 476->479 477->479 480 402619-40261b 477->480 478->471 481 4025f1-4025f3 478->481 483 40262c-40264a MapVirtualKeyA keybd_event VkKeyScanA 479->483 480->479 482 40261d-40261f 480->482 481->473 482->479 484 402621-402623 482->484 483->451 485 40264c-402657 MapVirtualKeyA keybd_event 483->485 484->479 486 402625-402627 484->486 485->451 486->483
              APIs
              • mouse_event.USER32(00000004), ref: 004024AC
              • GetAsyncKeyState.USER32(00000000), ref: 004024D0
              • GetKeyState.USER32(00000000), ref: 004024EB
              • MapVirtualKeyA.USER32(00000000), ref: 0040252F
              • keybd_event.USER32(00000000,00000000,?,00000001), ref: 00402537
              • SetKeyboardState.USER32(?), ref: 00402578
              • GetAsyncKeyState.USER32(00000000), ref: 00402581
              • GetKeyState.USER32(00000091), ref: 00402595
              • VkKeyScanA.USER32(00000091), ref: 004025AB
              • VkKeyScanA.USER32(00000091), ref: 004025B2
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: State$AsyncScan$KeyboardProcVirtualWindowkeybd_eventmouse_event
              • String ID: TinyTask
              • API String ID: 801333285-3209981168
              • Opcode ID: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
              • Instruction ID: bb46857cf83aba4c565f9cc198f0e7855127890a34379818f33f59448c70a07a
              • Opcode Fuzzy Hash: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
              • Instruction Fuzzy Hash: 527108B16401087EEB211B589E9CBBF3B69F786344F554437F142BA2E0C6F94C829E6D
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              APIs
              • CreateCompatibleDC.GDI32(00000000), ref: 0040386D
              • CreateCompatibleDC.GDI32(00000000), ref: 00403875
              • SelectObject.GDI32(00000000,00403A92), ref: 00403884
              • GetObjectA.GDI32(00403A92,00000018,?), ref: 00403892
              • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 004038AB
              • SelectObject.GDI32(00000000,00000000), ref: 004038B8
              • GetPixel.GDI32(00000000,00000000,00000000), ref: 004038C7
              • SetBkColor.GDI32(00000000,?), ref: 004038CF
              • BitBlt.GDI32(00000000,00000000,00000000,?,00403A92,00000000,00000000,00000000,00CC0020), ref: 004038EE
              • BitBlt.GDI32(00403A92,00000000,00000000,?,00403A92,00000000,00000000,00000000,00660046), ref: 00403905
              • SelectObject.GDI32(00000000,?), ref: 0040390D
              • SelectObject.GDI32(00403A92,?), ref: 00403915
              • DeleteDC.GDI32(00000000), ref: 00403920
              • DeleteDC.GDI32(00403A92), ref: 00403925
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Object$Select$Create$CompatibleDelete$BitmapColorPixel
              • String ID: TinyTask
              • API String ID: 3609928720-3209981168
              • Opcode ID: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
              • Instruction ID: 1b1e5c078316e08315fd16e6f57f33d2520814cf5a905d192c79994689ac12e0
              • Opcode Fuzzy Hash: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
              • Instruction Fuzzy Hash: 8431C1B6910118BEEB119FA4DD84DAFBFB9EB48354B108066FA04B2260C7715E50AFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 541 402b94-402ba8 542 402bb2 541->542 543 402baa-402bb0 SetTimer 541->543 544 402bc4 542->544 545 402bb4-402bb6 542->545 543->542 548 402bc6-402bf5 wsprintfA MessageBoxA 544->548 546 402bb8-402bc2 545->546 547 402c1f-402c56 wsprintfA MessageBoxA 545->547 546->544 546->548 550 402c8f-402f1b KillTimer DefWindowProcA 547->550 551 402c58-402c5c 547->551 549 402bfb-402bff 548->549 548->550 553 402c11 549->553 554 402c01-402c0f call 404617 549->554 555 402c69-402c6f 551->555 556 402c5e-402c67 call 404617 551->556 559 402c17-402c1d 553->559 554->553 554->559 557 402c85-402c8a 555->557 556->555 565 402c71-402c7e 556->565 557->550 559->550 565->557 566 402c80 565->566 566->557
              APIs
              • SetTimer.USER32 ref: 00402BAA
              • wsprintfA.USER32 ref: 00402BD2
              • MessageBoxA.USER32(?, Set the number of playback loops:,Set Playback Loops,00010021), ref: 00402BED
              • wsprintfA.USER32 ref: 00402C30
              • MessageBoxA.USER32(?, Playback speed multiplier (1-100):,Set Custom Speed,00010021), ref: 00402C4B
              • KillTimer.USER32(?,000003EC), ref: 00402EFF
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              • Set Custom Speed, xrefs: 00402C3E
              • Set Playback Loops, xrefs: 00402BE0
              • Set the number of playback loops:, xrefs: 00402BE5
              • Playback speed multiplier (1-100):, xrefs: 00402C43
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: MessageTimerwsprintf$KillProcWindow
              • String ID: Playback speed multiplier (1-100):$ Set the number of playback loops:$Set Custom Speed$Set Playback Loops
              • API String ID: 3989924489-1524273833
              • Opcode ID: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
              • Instruction ID: 98f9ab5bfff6e17949900cb984dcc1791b2a47caea78b96665d2514b30861601
              • Opcode Fuzzy Hash: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
              • Instruction Fuzzy Hash: 7D310A31680500ABEF12AF04EE49A5E3B61FB85304B15803BF906FA1E1D3F949A19F5C
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              APIs
              • SetTimer.USER32(?,000003EB,0000000A), ref: 00402EA8
              • GetModuleHandleA.KERNEL32 ref: 00402EC0
              • MessageBoxIndirectA.USER32(00000028), ref: 00402EF7
              • KillTimer.USER32(?,000003EC), ref: 00402EFF
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Timer$HandleIndirectKillMessageModuleProcWindow
              • String ID: ($About TinyTask
              • API String ID: 3870110939-1252103192
              • Opcode ID: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
              • Instruction ID: c4cc1150962328f141a0f7d524584cdf901ae76d1360cf4fe4c19e88c3ba64ab
              • Opcode Fuzzy Hash: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
              • Instruction Fuzzy Hash: E2111772900248EFDB119FD4ED48ACEBFB4FF48311F10802AF50ABA291DB7499559F94
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 573 402e5b-402e6f ShellExecuteA 574 402f05-402f1b DefWindowProcA 573->574 575 402e75-402e7f 573->575 575->574
              APIs
              • ShellExecuteA.SHELL32(?,?,https://www.tinytask.net,?,?,00000001), ref: 00402E66
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              • Unable to connect to "www.tinytask.net", xrefs: 00402E7F
              • TinyTask, xrefs: 00402E7A
              • https://www.tinytask.net, xrefs: 00402E5F
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ExecuteProcShellWindow
              • String ID: TinyTask$Unable to connect to "www.tinytask.net"$https://www.tinytask.net
              • API String ID: 2703536495-3181287508
              • Opcode ID: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
              • Instruction ID: e57aebe4d560980069bf53ad68e793c256def7a74ebca440632c5ae19307b00a
              • Opcode Fuzzy Hash: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
              • Instruction Fuzzy Hash: B8E04F32280109BBDB025F809D89E9F3A29E758794B114432F602780E382FA8C60AA68
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 577 402cd3-402ce7 GetWindowRect 578 402cf5-402cfb 577->578 579 402ce9-402cf3 577->579 580 402d00-402e56 SetWindowPos InvalidateRect UpdateWindow 578->580 579->580 582 402f05-402f11 DefWindowProcA 580->582 583 402f17-402f1b 582->583
              APIs
              • GetWindowRect.USER32(?,?), ref: 00402CDB
              • SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
              • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
              • UpdateWindow.USER32(?), ref: 00402E50
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Window$Rect$InvalidateProcUpdate
              • String ID:
              • API String ID: 1941023138-0
              • Opcode ID: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
              • Instruction ID: ebc20ac15df2b3a033a049e14aee733a7be54cc25288c47d4679b2143e786a71
              • Opcode Fuzzy Hash: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
              • Instruction Fuzzy Hash: D601E572900519EFDB01DFA8EE88EDE7BB8FB0D355B008025F202B90A0C37489519F69
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 590 402b44-402b5f 591 402b61-402b68 590->591 592 402b76-402b8e MessageBoxA 590->592 593 402f05-402f11 DefWindowProcA 591->593 592->593 595 402f17-402f1b 593->595
              APIs
              • MessageBoxA.USER32(Nothing RecordedPress the blue button to start a new recording,TinyTask,00010040), ref: 00402B88
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: MessageProcWindow
              • String ID: Hotkey Conflict$TinyTask
              • API String ID: 55716251-592453694
              • Opcode ID: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
              • Instruction ID: 599ff71e88f3259926025764a5c9631bbfbbda2681fd87f6eac9559d92110fad
              • Opcode Fuzzy Hash: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
              • Instruction Fuzzy Hash: 2FF03A32204144ABCB028F54DD45A893F30EF45344B158077B642BD0E2E2BA8465AF49
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 584 402afa-402b15 585 402b76-402b8e MessageBoxA 584->585 586 402b17-402b1e 584->586 588 402f05-402f11 DefWindowProcA 585->588 586->585 586->588 589 402f17-402f1b 588->589
              APIs
              • MessageBoxA.USER32(Nothing RecordedPress the blue button to start a new recording,TinyTask,00010040), ref: 00402B88
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: MessageProcWindow
              • String ID: Hotkey Conflict$TinyTask
              • API String ID: 55716251-592453694
              • Opcode ID: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
              • Instruction ID: 405f95ffa23c4f12f33a13628f3863b3da9e1d49951f4cd871cec430e4bbf7e2
              • Opcode Fuzzy Hash: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
              • Instruction Fuzzy Hash: 2AF0FE32244205BBCB025F50DD4579A3F60FB55358F258437F542BC1E1D3F98565AF49
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 596 404680-404693 GetCommandLineA 597 404695-40469b 596->597 598 4046a9-4046ab 596->598 599 4046a1-4046a4 597->599 600 40469d-40469f 597->600 601 4046b3-4046b7 598->601 602 4046ad-4046b1 598->602 599->601 603 4046a6-4046a7 599->603 600->597 600->599 604 4046b9-4046bb 601->604 605 4046bd-4046e5 GetStartupInfoA call 40472d call 404713 601->605 602->601 602->602 603->601 604->603 604->605 610 4046e7-4046eb 605->610 611 4046ed-4046ef 605->611 612 4046f0-4046fd GetModuleHandleA call 401000 610->612 611->612 614 404702-40470a call 404745 ExitProcess 612->614
              APIs
              • GetCommandLineA.KERNEL32 ref: 00404687
              • GetStartupInfoA.KERNEL32(?), ref: 004046C5
              • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,0000000A), ref: 004046F6
              • ExitProcess.KERNEL32 ref: 0040470A
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: CommandExitHandleInfoLineModuleProcessStartup
              • String ID:
              • API String ID: 2164999147-0
              • Opcode ID: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
              • Instruction ID: b1a91a6e2b74f3548383683b1100c06c5c8b3f701606ca986021071b17346c6a
              • Opcode Fuzzy Hash: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
              • Instruction Fuzzy Hash: B3010CA18447445AEB315B60490ABAF3B948F43314F240837EBC1B62C6E67D48C38ADD
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 617 402c9c-402cce SetWindowPos 618 402f05-402f11 DefWindowProcA 617->618 619 402f17-402f1b 618->619
              APIs
              • SetWindowPos.USER32(?,-00000002,?,?,0000000A,0000000A,00000003), ref: 00402CC8
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Window$Proc
              • String ID:
              • API String ID: 583982625-0
              • Opcode ID: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
              • Instruction ID: 260cddc338231076bd6f7550de8ef022c34cc5639db7ca6125be32ef3a330ba9
              • Opcode Fuzzy Hash: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
              • Instruction Fuzzy Hash: EAF03972240509BBEB015F60ED45FAA3B25E705355F058021FA02E80E0C3758D61AB18
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • MessageBoxA.USER32(Nothing RecordedPress the blue button to start a new recording,TinyTask,00010040), ref: 00402B88
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: MessageProcWindow
              • String ID:
              • API String ID: 55716251-0
              • Opcode ID: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
              • Instruction ID: 4e047d06cda0e92a50df56047ec463d335d9b87dbc63accd3b7a24bd0d4fc026
              • Opcode Fuzzy Hash: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
              • Instruction Fuzzy Hash: 0BE04F33104045EFCF028F94ED4899D3F61FB46360715846AF652A90B2C7B6C522EF45
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
              • Instruction ID: e97300cb53c6eb48d1b9a5d246905f662cdbcf5ef80795e73b08e6251088e78e
              • Opcode Fuzzy Hash: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
              • Instruction Fuzzy Hash: 07E086332081C5AFCB030FA4AD294993F20EF4A354B0A8873E682A50A2C27A8531EB15
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
              • Instruction ID: 65ac05b22f25992b11684c2fb74066950c4aff75a3b85d7e71cd45dd1ea13c32
              • Opcode Fuzzy Hash: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
              • Instruction Fuzzy Hash: 58D05E32200004EADF024F84ED44A8E7F21EB89354F208433F602A80A0D3B68631AF55
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
              • Instruction ID: dbffba37966f872ab556a82dd5bb47bd046feb1fa9b94650fbb76d6d0e3c5481
              • Opcode Fuzzy Hash: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
              • Instruction Fuzzy Hash: 0FD09E33104145EFCB025F94ED0559D3F61FB4A365B058472F642A50A1D37A8821AF65
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
              • Instruction ID: bbcc8d1024c7b2ad99e94aa0aed6deed2e7d6b03234c1db6f6ad748cd76164e8
              • Opcode Fuzzy Hash: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
              • Instruction Fuzzy Hash: D9D09E33104185AFCB025F94ED4559D3F61EF4A355B058462F642A50A1D3768431AB55
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
              • Instruction ID: 1c940054b3db183b45bed1325efca524ee869a9c084e3552099c3281fe396897
              • Opcode Fuzzy Hash: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
              • Instruction Fuzzy Hash: 62D09236200109EBCF029F94EE4488A3B61FB493A5B018432FA46A5060D3728831AF58
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
              • Instruction ID: d40f789e0b04d5827db2e0a9a9f70a1ef8da32f3033334284138e3e7127ca9ff
              • Opcode Fuzzy Hash: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
              • Instruction Fuzzy Hash: 14C0E937204009ABCF025F94ED4499E7B21EB59355B158833FA56A40A193B68531AF55
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
              • Instruction ID: ade3f5859509854e221db11ecb9d65a665a9e99d13c315de4784c91dea249606
              • Opcode Fuzzy Hash: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
              • Instruction Fuzzy Hash: 28C0C933200009EBCF025F84ED0488E3B21FB49355B008432F602A40A093768831AF55
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: ProcWindow
              • String ID:
              • API String ID: 181713994-0
              • Opcode ID: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
              • Instruction ID: fff3afe805b17c878276525cb6678e382136fbb4a72424296e83aa6735b8d0f2
              • Opcode Fuzzy Hash: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
              • Instruction Fuzzy Hash: E0C0C933200009ABCF024F84ED0488E3B21EB48355B108432FA02A40A093B68431AF55
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              APIs
              • GetKeyState.USER32(00000013), ref: 004034DA
              • GetKeyState.USER32(00000091), ref: 004034E6
              • mouse_event.USER32(-00000011,00000000,00000000,00000000,00000000), ref: 00403598
              • mouse_event.USER32(-00000005,00000000,00000000,00000000,00000000), ref: 004035DB
              • GetSystemMetrics.USER32(00000001), ref: 004035F4
              • GetSystemMetrics.USER32(00000000), ref: 00403616
              • mouse_event.USER32(00008001,?,?,00000000), ref: 0040363C
              • SetCursorPos.USER32(?,?,?,00000000,?,?,004018DF,?,000003EA), ref: 00403656
              • GetSystemMetrics.USER32(00000001), ref: 0040374A
              • GetSystemMetrics.USER32(00000000), ref: 0040376C
              • mouse_event.USER32(00008001,?,?,?,004018DF), ref: 00403792
              • SetCursorPos.USER32(?,?,?,?,004018DF,?,000003EA), ref: 004037AC
              • Sleep.KERNEL32(00000001,?,?,004018DF,?,000003EA), ref: 004037B4
              • SetTimer.USER32(00000000,00000000,?,00000000), ref: 004037E7
              • PostMessageA.USER32(00000000,00000111,00000000,00000000), ref: 00403833
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: MetricsSystemmouse_event$CursorState$MessagePostSleepTimer
              • String ID:
              • API String ID: 203055827-0
              • Opcode ID: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
              • Instruction ID: 21240027269b291347ce267e244152a0a87117dcadd7f2a7bfe16b9bf36c52a4
              • Opcode Fuzzy Hash: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
              • Instruction Fuzzy Hash: 94A106B0200106AFE724DF18DD94E763B9DF785304F12817BE102AB6E2D67A9D619F98
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
              • GetFileAttributesA.KERNEL32(?,C0000000,74DF3130,00000080), ref: 00403B67
              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403BB1
              • CloseHandle.KERNEL32(00000000), ref: 00403BC1
              • FindFirstFileA.KERNEL32(?,?), ref: 00403BDD
              • FindClose.KERNEL32(00000000), ref: 00403C00
              • FindNextFileA.KERNEL32(00000000,?), ref: 00403C4B
              • FindClose.KERNEL32(00000000), ref: 00403C56
              • FindClose.KERNEL32(00000000), ref: 00403C63
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Find$CloseFile$AttributesCreateEnvironmentExpandFirstHandleNextStrings
              • String ID:
              • API String ID: 4171416902-0
              • Opcode ID: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
              • Instruction ID: e1ac57afb29f337bbfc01b4c37a33415eab2da7915a8ac3ffd06022a65d69b60
              • Opcode Fuzzy Hash: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
              • Instruction Fuzzy Hash: CA4125B39002196AEB209A749CC8BEF3B7CDB54726F1000BBF344F20C1DA789F814A58
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetProcessHeap.KERNEL32(00000008,004046D0,0040473D,00000020,00000004,004046D0), ref: 00404258
              • HeapAlloc.KERNEL32(00000000), ref: 0040425F
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Heap$AllocProcess
              • String ID:
              • API String ID: 1617791916-0
              • Opcode ID: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
              • Instruction ID: a4965471384d461b3c446fe3d87201e807eabb61d08fa2ce669204f1d343d336
              • Opcode Fuzzy Hash: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
              • Instruction Fuzzy Hash: 33C04C71544601ABDA009BA4DF4DA1F7BA8FB94701F048414B145E5060C63098008F65
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • SetCursor.USER32 ref: 00403165
              • DefWindowProcA.USER32(?,?,?,?), ref: 00403175
              • GetWindowLongA.USER32(?,000000F4), ref: 00403190
              • PostMessageA.USER32(00000111,?), ref: 004031A5
              • BeginPaint.USER32(?,?), ref: 004031BB
              • GetClientRect.USER32(?,?), ref: 004031C6
              • SetBkMode.GDI32(?,00000001), ref: 004031D1
              • SetTextColor.GDI32(?,00D78D07), ref: 004031DF
              • GetStockObject.GDI32(00000011), ref: 004031ED
              • SelectObject.GDI32(?,00000000), ref: 004031F9
              • GetStockObject.GDI32(00000011), ref: 00403206
              • GetObjectA.GDI32(00000000), ref: 00403209
              • CreateFontIndirectA.GDI32(?), ref: 00403224
              • SelectObject.GDI32(?,00000000), ref: 00403230
              • GetWindowTextA.USER32(?,?,0000003F), ref: 0040323C
              • IsWindow.USER32(?), ref: 00403247
              • GetWindowLongA.USER32(?,000000F0), ref: 00403254
              • DrawTextA.USER32(?,?,00000000,?,00000000), ref: 0040328E
              • EndPaint.USER32(?,?), ref: 00403299
              • DeleteObject.GDI32(00000000), ref: 004032A5
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Object$Window$Text$LongPaintSelectStock$BeginClientColorCreateCursorDeleteDrawFontIndirectMessageModePostProcRect
              • String ID:
              • API String ID: 1323531340-0
              • Opcode ID: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
              • Instruction ID: f6a75a345252a565a7efb7e4d5d8ae1a11078984608b2f9e6db09855e2cd8f16
              • Opcode Fuzzy Hash: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
              • Instruction Fuzzy Hash: 2C414C72900519ABEF109FA4DD48FAF7B7CFB08311F004576F605FA1A1CAB09A549FA4
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CreateDirectoryA.KERNEL32(00000000,00000000,00406A18,.exe), ref: 00403F79
              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000,00406A18,.exe), ref: 00403FBA
              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040402B
              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 00404064
              • GetFileSize.KERNEL32(00000000,00000000), ref: 004040AF
              • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 004040BF
              • CloseHandle.KERNEL32(00000000), ref: 004040CD
              • WriteFile.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 004040E7
              • CloseHandle.KERNEL32(00000000), ref: 00404106
                • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: File$Create$CloseDirectoryHandle$EnvironmentExpandPointerSizeStringsWrite
              • String ID: .exe$:$\
              • API String ID: 3910135208-1936334728
              • Opcode ID: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
              • Instruction ID: 8da40a83878325327a48a3c8ed4d5288776f62350ec6bc98e64e3549844fff20
              • Opcode Fuzzy Hash: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
              • Instruction Fuzzy Hash: B271A5B0900258AAEF20CF64CC48BDE7BA8AB55350F1085B6EB44B61C0D3B89EC58F95
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00403C71: GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7
              • wsprintfA.USER32 ref: 00402FD3
                • Part of subcall function 00403D51: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
                • Part of subcall function 00403D51: SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
                • Part of subcall function 00403D51: CloseHandle.KERNEL32(?), ref: 00403E93
              • MessageBoxA.USER32(00000000,Memory allocation error!,TinyTask,00000000), ref: 00402FF4
              • MessageBoxA.USER32(00000000,This file does not appear to be a valid recording.Load anyway?,004013EF,00000000), ref: 00403088
              • SetWindowTextA.USER32(00406B18), ref: 004030F8
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: File$Message$AttributesCloseCreateHandlePointerTextWindowwsprintf
              • String ID: Memory allocation error!$This file does not appear to be a valid recording.Load anyway?$TinyTask$TinyTaskClass$Unable to read file "%s"
              • API String ID: 344658048-2912620699
              • Opcode ID: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
              • Instruction ID: c9cd6a8f688574f1fc342cda05c0a042cae3b483400ee2c9893451d3259a965f
              • Opcode Fuzzy Hash: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
              • Instruction Fuzzy Hash: 324103F2A01100BFD7109F64ED86EAB3BADF791340B11043FF502F61D2DA799A509A6C
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetAsyncKeyState.USER32(00000001), ref: 00403369
              • GetCursorPos.USER32(?), ref: 00403399
              • MapVirtualKeyA.USER32(00000001,00000000), ref: 004033C5
              • GetForegroundWindow.USER32 ref: 0040343F
              • GetTickCount.KERNEL32 ref: 00403490
              • SetTimer.USER32(?,?,0000000A,00000000), ref: 004034B9
                • Part of subcall function 004042AF: GetProcessHeap.KERNEL32(00000000,004030B8,004030B8,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042BC
                • Part of subcall function 004042AF: HeapSize.KERNEL32(00000000,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042C3
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Heap$AsyncCountCursorForegroundProcessSizeStateTickTimerVirtualWindow
              • String ID:
              • API String ID: 175720748-0
              • Opcode ID: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
              • Instruction ID: 3917149623daab9b3b11a6181ed47ccfb7e0b51bffcb73df27bb2f5f6ecbd573
              • Opcode Fuzzy Hash: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
              • Instruction Fuzzy Hash: 905104B5A042099FDB04CF98D994AAE7BB9FB49300F06017ED902B7392C7799916CB58
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
              • SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
              • GetFileSize.KERNEL32(00000000,?), ref: 00403E19
                • Part of subcall function 00404294: GetProcessHeap.KERNEL32(00000000,00000000,00403E74), ref: 004042A1
                • Part of subcall function 00404294: HeapFree.KERNEL32(00000000), ref: 004042A8
              • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00403E53
              • CloseHandle.KERNEL32(?), ref: 00403E7A
              • CloseHandle.KERNEL32(?), ref: 00403E93
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: File$CloseHandleHeap$CreateEnvironmentExpandFreePointerProcessReadSizeStrings
              • String ID:
              • API String ID: 1816096457-0
              • Opcode ID: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
              • Instruction ID: b5f316e1afa3e22c7f331fb2ff24944f916168b3e433f6b7ad5bbaf1a6fc231f
              • Opcode Fuzzy Hash: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
              • Instruction Fuzzy Hash: DB418E72900109AFDB219FA4D8859AF7BADEB44355F10427FFA15B72C0D7349E80CBA8
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetModuleHandleA.KERNEL32(00000000,?,00000103,?,00000000,00000000), ref: 00403CCE
              • GetModuleFileNameA.KERNEL32(00000000), ref: 00403CD5
              • GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7
              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403D12
                • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
              • GetFileSize.KERNEL32(00000000,00000000), ref: 00403D28
              • CloseHandle.KERNEL32(00000000), ref: 00403D31
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: File$HandleModule$AttributesCloseCreateEnvironmentExpandNameSizeStrings
              • String ID:
              • API String ID: 2999226569-0
              • Opcode ID: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
              • Instruction ID: b3cbe73655d71a56831554f143beb0ef12ce0f354b1f59c7bfe5d60ee1a6bebe
              • Opcode Fuzzy Hash: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
              • Instruction Fuzzy Hash: D5217F72904208AFEB109FB4DC44ADF7BADEB49721F204176E641F72C0DA749F448BA8
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • IsWindow.USER32(?), ref: 00404141
              • GetForegroundWindow.USER32(?,00000111), ref: 00404150
              • GetOpenFileNameA.COMDLG32(0000004C), ref: 0040418F
              • GetSaveFileNameA.COMDLG32(0000004C), ref: 00404196
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: FileNameWindow$ForegroundOpenSave
              • String ID: L
              • API String ID: 1547633837-2909332022
              • Opcode ID: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
              • Instruction ID: 40dd501beb27032aec853ef34f8e98dddd641efa0bbcaaadc1f3ee6cc5052ac7
              • Opcode Fuzzy Hash: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
              • Instruction Fuzzy Hash: 1C1166B1D142189BDB509FA4D8097DE7BF4EF98310F14403AEA11F63C1D77894458B95
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetWindowLongA.USER32(?,000000EB), ref: 004032BE
              • GetWindowTextA.USER32(?,00406018,0000001F), ref: 004032D4
              • CallWindowProcA.USER32(00000000,?,?,?,?), ref: 004032E9
              • DefWindowProcA.USER32(?,?,?,?), ref: 004032F1
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Window$Proc$CallLongText
              • String ID:
              • API String ID: 408388722-0
              • Opcode ID: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
              • Instruction ID: 364614a2716f17ddbf5b69f50aeda33f382634b64e25361f72de28a693adc4e4
              • Opcode Fuzzy Hash: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
              • Instruction Fuzzy Hash: 77E0A032100518FBCB115F509D0DE9F3B2DEB8A762B004035F60179191C7744910AFA9
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00404242
              Strings
              • TinyTask, xrefs: 004041FC
              • C:\Users\user\Desktop\download\tinytask.ini, xrefs: 004041FD
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: PrivateProfileStringWrite
              • String ID: C:\Users\user\Desktop\download\tinytask.ini$TinyTask
              • API String ID: 390214022-3021016186
              • Opcode ID: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
              • Instruction ID: bc95696e4e7e7b96e5794030eb7730004083230367b0ef7d8b0c896e9a36f2f2
              • Opcode Fuzzy Hash: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
              • Instruction Fuzzy Hash: C0F0AF76904259BADF219E55EC01DEF3F79EB89380F04417AFA0076180D375991486E6
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetProcessHeap.KERNEL32(00000000,000003E9,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404277
              • HeapReAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040427E
              • GetProcessHeap.KERNEL32(00000000,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404286
              • HeapAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040428D
              Memory Dump Source
              • Source File: 00000003.00000002.2847129277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000003.00000002.2847116913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847143638.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847157554.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000003.00000002.2847171739.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_tinytask.jbxd
              Similarity
              • API ID: Heap$AllocProcess
              • String ID:
              • API String ID: 1617791916-0
              • Opcode ID: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
              • Instruction ID: 7a16b1018b14c468b32ef241bb36a15b07f1f7d4bad3af964a1caa484586cb57
              • Opcode Fuzzy Hash: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
              • Instruction Fuzzy Hash: 62D067B1904701ABCF006BB0DE0C91F7AA9FB88342B488868B146E1020DA348040DF65
              Uniqueness

              Uniqueness Score: -1.00%