Windows
Analysis Report
iepdf32.dll
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 7280 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\iep df32.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 7288 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7336 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\iep df32.dll", #1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 7360 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\iepd f32.dll",# 1 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7344 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_CanRedo MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7420 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_CanUndo MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7456 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_DoDocume ntAAction MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | 1 Credential API Hooking | 1 Security Software Discovery | Remote Services | 1 Credential API Hooking | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | Virustotal | Browse | ||
21% | ReversingLabs | Win32.Trojan.Generic |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579542 |
Start date and time: | 2024-12-22 23:32:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | iepdf32.dll |
Detection: | MAL |
Classification: | mal60.evad.winDLL@12/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 7.993145851341156 |
TrID: |
|
File name: | iepdf32.dll |
File size: | 7'347'200 bytes |
MD5: | dcd66a6ee58bdda0a8affe5ce3becabd |
SHA1: | 083e497458a12954f126b8c1831f6256094b3664 |
SHA256: | 5b08f88041a6f6cb43d56bddb86faadb79b435f04b3679d92c03be2bbfbbe9a0 |
SHA512: | 29a1442d5b960e23fb13bbe35d0b995330b636dab5e40ae2b88d22f76196bfe468ecb3bce576e8e739d1d67c0d395418bdd6e02db1a896def91f37baefd3a303 |
SSDEEP: | 196608:jIS6ApomgbKc7Ialg+C3FHthz9YJTpVxN4i3/uq:j16ygT9TSnz69xmiv |
TLSH: | B7763389F3CF22E6C4C682F51665F5BDB2F62E5A0326CD9DF2482DCDA56761120730CA |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......d.........."!......&.........t!..............................................Y.p...@A........................@....9......d.. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x10842174 |
Entrypoint Section: | IJTNUY |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0x64F412D0 [Sun Sep 3 05:00:00 2023 UTC] |
TLS Callbacks: | 0x10bb4fe5, 0x1023b700, 0x1023b790, 0x10107100 |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | f9615c2b57d66b6881f2a89ec212177c |
Instruction |
---|
push ebp |
mov ebp, BD08A5AFh |
pushfd |
shr bp, FFCCh |
mov ebp, dword ptr [esp+ebp+42F7FFFAh] |
mov dword ptr [esp+04h], 6C0D2DC4h |
push dword ptr [esp+00h] |
popfd |
lea esp, dword ptr [esp+04h] |
call 00007FC248D0A3A8h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xdfbb40 | 0x398d | IJTNUY |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xcfe198 | 0x64 | IJTNUY |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe59000 | 0x390 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe5a000 | 0x3b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xb4d610 | 0x18 | IJTNUY |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xe55a00 | 0xbc | IJTNUY |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x757000 | 0x20 | IIPNOC |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26848c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x26a000 | 0x1d45fc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x43f000 | 0xd1dc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
XRLOQX | 0x44d000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
KEBDAI | 0x44e000 | 0xa1 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UGLZPX | 0x44f000 | 0xf3 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
YTTJAF | 0x450000 | 0x306e46 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
IIPNOC | 0x757000 | 0xd8 | 0x200 | b9ceb70680184a77357e9c07f3519b4d | False | 0.083984375 | data | 0.3505988039007212 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
IJTNUY | 0x758000 | 0x700d40 | 0x700e00 | 895e1cde3f8267fd11a0e858233aba4d | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe59000 | 0x390 | 0x400 | 182ab6af4f9631b9bee72c1fd7afdd2e | False | 0.41015625 | data | 3.0503066360067215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe5a000 | 0x3b8 | 0x400 | b208fdd9e6ca43a5a2bc6607d9fbeae7 | False | 0.529296875 | data | 4.067766524307849 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe59058 | 0x338 | data | English | United States | 0.46359223300970875 |
DLL | Import |
---|---|
KERNEL32.dll | AcquireSRWLockExclusive |
ADVAPI32.dll | CryptAcquireContextW |
GDI32.dll | BeginPath |
USER32.dll | FillRect |
Name | Ordinal | Address |
---|---|---|
FORM_CanRedo | 1 | 0x100ed350 |
FORM_CanUndo | 2 | 0x100ed320 |
FORM_DoDocumentAAction | 3 | 0x100ed950 |
FORM_DoDocumentJSAction | 4 | 0x100ed910 |
FORM_DoDocumentOpenAction | 5 | 0x100ed930 |
FORM_DoPageAAction | 6 | 0x100eda00 |
FORM_ForceToKillFocus | 7 | 0x100ed3e0 |
FORM_GetFocusedAnnot | 8 | 0x100ed400 |
FORM_GetFocusedText | 9 | 0x100ed170 |
FORM_GetSelectedText | 10 | 0x100ed1d0 |
FORM_IsIndexSelected | 11 | 0x100edb70 |
FORM_OnAfterLoadPage | 12 | 0x100ed8b0 |
FORM_OnBeforeClosePage | 13 | 0x100ed8d0 |
FORM_OnChar | 14 | 0x100ed140 |
FORM_OnFocus | 15 | 0x100eced0 |
FORM_OnKeyDown | 16 | 0x100ed110 |
FORM_OnKeyUp | 17 | 0x10006070 |
FORM_OnLButtonDoubleClick | 18 | 0x100ecff0 |
FORM_OnLButtonDown | 19 | 0x100ecf30 |
FORM_OnLButtonUp | 20 | 0x100ecf90 |
FORM_OnMouseMove | 21 | 0x100ecdd0 |
FORM_OnMouseWheel | 22 | 0x100ece60 |
FORM_OnRButtonDown | 23 | 0x100ed050 |
FORM_OnRButtonUp | 24 | 0x100ed0b0 |
FORM_Redo | 25 | 0x100ed3b0 |
FORM_ReplaceAndKeepSelection | 26 | 0x100ed230 |
FORM_ReplaceSelection | 27 | 0x100ed290 |
FORM_SelectAllText | 28 | 0x100ed2f0 |
FORM_SetFocusedAnnot | 29 | 0x100ed4e0 |
FORM_SetIndexSelected | 30 | 0x100edb40 |
FORM_Undo | 31 | 0x100ed380 |
FPDFAction_GetDest | 32 | 0x100e1db0 |
FPDFAction_GetFilePath | 33 | 0x100e1e50 |
FPDFAction_GetType | 34 | 0x100e1d40 |
FPDFAction_GetURIPath | 35 | 0x100e1f00 |
FPDFAnnot_AddInkStroke | 36 | 0x100dbef0 |
FPDFAnnot_AppendAttachmentPoints | 37 | 0x100dd3d0 |
FPDFAnnot_AppendObject | 38 | 0x100dc210 |
FPDFAnnot_CountAttachmentPoints | 39 | 0x100dd760 |
FPDFAnnot_GetAP | 40 | 0x100df040 |
FPDFAnnot_GetAttachmentPoints | 41 | 0x100dd7f0 |
FPDFAnnot_GetBorder | 42 | 0x100de160 |
FPDFAnnot_GetColor | 43 | 0x100dcb60 |
FPDFAnnot_GetFlags | 44 | 0x100df2a0 |
FPDFAnnot_GetFocusableSubtypes | 45 | 0x100dfa80 |
FPDFAnnot_GetFocusableSubtypesCount | 46 | 0x100dfa60 |
FPDFAnnot_GetFontSize | 47 | 0x100df7b0 |
FPDFAnnot_GetFormAdditionalActionJavaScript | 48 | 0x100df550 |
FPDFAnnot_GetFormControlCount | 49 | 0x100dfb20 |
FPDFAnnot_GetFormControlIndex | 50 | 0x100dfb40 |
FPDFAnnot_GetFormFieldAlternateName | 51 | 0x100df5f0 |
FPDFAnnot_GetFormFieldAtPoint | 52 | 0x100df420 |
FPDFAnnot_GetFormFieldExportValue | 53 | 0x100dfb90 |
FPDFAnnot_GetFormFieldFlags | 54 | 0x100df3d0 |
FPDFAnnot_GetFormFieldName | 55 | 0x100df4c0 |
FPDFAnnot_GetFormFieldType | 56 | 0x100df520 |
FPDFAnnot_GetFormFieldValue | 57 | 0x100df650 |
FPDFAnnot_GetInkListCount | 58 | 0x100ddc40 |
FPDFAnnot_GetInkListPath | 59 | 0x100ddd30 |
FPDFAnnot_GetLine | 60 | 0x100dde50 |
FPDFAnnot_GetLink | 61 | 0x100dfad0 |
FPDFAnnot_GetLinkedAnnot | 62 | 0x100df140 |
FPDFAnnot_GetNumberValue | 63 | 0x100de530 |
FPDFAnnot_GetObject | 64 | 0x100dc540 |
FPDFAnnot_GetObjectCount | 65 | 0x100dc410 |
FPDFAnnot_GetOptionCount | 66 | 0x100df6b0 |
FPDFAnnot_GetOptionLabel | 67 | 0x100df6d0 |
FPDFAnnot_GetRect | 68 | 0x100ddaa0 |
FPDFAnnot_GetStringValue | 69 | 0x100de4b0 |
FPDFAnnot_GetSubtype | 70 | 0x100dbc00 |
FPDFAnnot_GetValueType | 71 | 0x100de2e0 |
FPDFAnnot_GetVertices | 72 | 0x100ddb20 |
FPDFAnnot_HasAttachmentPoints | 73 | 0x100dcee0 |
FPDFAnnot_HasKey | 74 | 0x100de280 |
FPDFAnnot_IsChecked | 75 | 0x100df810 |
FPDFAnnot_IsObjectSupportedSubtype | 76 | 0x100dbc70 |
FPDFAnnot_IsOptionSelected | 77 | 0x100df750 |
FPDFAnnot_IsSupportedSubtype | 78 | 0x100db5b0 |
FPDFAnnot_RemoveInkList | 79 | 0x100dc130 |
FPDFAnnot_RemoveObject | 80 | 0x100dc670 |
FPDFAnnot_SetAP | 81 | 0x100de610 |
FPDFAnnot_SetAttachmentPoints | 82 | 0x100dcf20 |
FPDFAnnot_SetBorder | 83 | 0x100ddf70 |
FPDFAnnot_SetColor | 84 | 0x100dc780 |
FPDFAnnot_SetFlags | 85 | 0x100df300 |
FPDFAnnot_SetFocusableSubtypes | 86 | 0x100df890 |
FPDFAnnot_SetRect | 87 | 0x100dd8a0 |
FPDFAnnot_SetStringValue | 88 | 0x100de3a0 |
FPDFAnnot_SetURI | 89 | 0x100dfbf0 |
FPDFAnnot_UpdateObject | 90 | 0x100dbc90 |
FPDFAttachment_GetFile | 91 | 0x100e1030 |
FPDFAttachment_GetName | 92 | 0x100e0460 |
FPDFAttachment_GetStringValue | 93 | 0x100e08d0 |
FPDFAttachment_GetValueType | 94 | 0x100e05b0 |
FPDFAttachment_HasKey | 95 | 0x100e04e0 |
FPDFAttachment_SetFile | 96 | 0x100e0b70 |
FPDFAttachment_SetStringValue | 97 | 0x100e06e0 |
FPDFAvail_Create | 98 | 0x100e11f0 |
FPDFAvail_Destroy | 99 | 0x100e1350 |
FPDFAvail_GetDocument | 100 | 0x100e13e0 |
FPDFAvail_GetFirstPageNum | 101 | 0x100e14c0 |
FPDFAvail_IsDocAvail | 102 | 0x100e1380 |
FPDFAvail_IsFormAvail | 103 | 0x100e1550 |
FPDFAvail_IsLinearized | 104 | 0x100e15b0 |
FPDFAvail_IsPageAvail | 105 | 0x100e14e0 |
FPDFBitmap_Create | 106 | 0x100f8950 |
FPDFBitmap_CreateEx | 107 | 0x100f89f0 |
FPDFBitmap_Destroy | 108 | 0x100e9440 |
FPDFBitmap_FillRect | 109 | 0x100f8ae0 |
FPDFBitmap_GetBuffer | 110 | 0x100f8bd0 |
FPDFBitmap_GetFormat | 111 | 0x100f8a90 |
FPDFBitmap_GetHeight | 112 | 0x100f2f00 |
FPDFBitmap_GetStride | 113 | 0x100f8c40 |
FPDFBitmap_GetWidth | 114 | 0x100f8c20 |
FPDFBookmark_Find | 115 | 0x100e1980 |
FPDFBookmark_GetAction | 116 | 0x100e1cd0 |
FPDFBookmark_GetCount | 117 | 0x100e1920 |
FPDFBookmark_GetDest | 118 | 0x100e1c00 |
FPDFBookmark_GetFirstChild | 119 | 0x100e1770 |
FPDFBookmark_GetNextSibling | 120 | 0x100e1800 |
FPDFBookmark_GetTitle | 121 | 0x100e1890 |
FPDFCatalog_IsTagged | 122 | 0x100e1120 |
FPDFClipPath_CountPathSegments | 123 | 0x100f63a0 |
FPDFClipPath_CountPaths | 124 | 0x100f6370 |
FPDFClipPath_GetPathSegment | 125 | 0x100f6420 |
FPDFDOC_ExitFormFillEnvironment | 126 | 0x100ecdb0 |
FPDFDOC_InitFormFillEnvironment | 127 | 0x100ecd60 |
FPDFDest_GetDestPageIndex | 128 | 0x100e1fd0 |
FPDFDest_GetLocationInPage | 129 | 0x100e20f0 |
FPDFDest_GetView | 130 | 0x100e2050 |
FPDFDoc_AddAttachment | 131 | 0x100dffe0 |
FPDFDoc_CloseJavaScriptAction | 132 | 0x100ede60 |
FPDFDoc_DeleteAttachment | 133 | 0x100e03b0 |
FPDFDoc_GetAttachment | 134 | 0x100e02b0 |
FPDFDoc_GetAttachmentCount | 135 | 0x100dff40 |
FPDFDoc_GetJavaScriptAction | 136 | 0x100edc50 |
FPDFDoc_GetJavaScriptActionCount | 137 | 0x100edba0 |
FPDFDoc_GetPageMode | 138 | 0x100ea450 |
FPDFFont_Close | 139 | 0x100e9440 |
FPDFFont_GetAscent | 140 | 0x100e97a0 |
FPDFFont_GetDescent | 141 | 0x100e97e0 |
FPDFFont_GetFlags | 142 | 0x100e9740 |
FPDFFont_GetFontData | 143 | 0x100e96c0 |
FPDFFont_GetFontName | 144 | 0x100e9640 |
FPDFFont_GetGlyphPath | 145 | 0x100e98c0 |
FPDFFont_GetGlyphWidth | 146 | 0x100e9820 |
FPDFFont_GetIsEmbedded | 147 | 0x100e9700 |
FPDFFont_GetItalicAngle | 148 | 0x100e9780 |
FPDFFont_GetWeight | 149 | 0x100e9760 |
FPDFFormObj_CountObjects | 150 | 0x100e67a0 |
FPDFFormObj_GetObject | 151 | 0x100e67e0 |
FPDFGlyphPath_CountGlyphSegments | 152 | 0x100e99e0 |
FPDFGlyphPath_GetGlyphPathSegment | 153 | 0x100e9a10 |
FPDFImageObj_GetBitmap | 154 | 0x100e3110 |
FPDFImageObj_GetImageDataDecoded | 155 | 0x100e3560 |
FPDFImageObj_GetImageDataRaw | 156 | 0x100e3680 |
FPDFImageObj_GetImageFilter | 157 | 0x100e3930 |
FPDFImageObj_GetImageFilterCount | 158 | 0x100e37a0 |
FPDFImageObj_GetImageMetadata | 159 | 0x100e3ab0 |
FPDFImageObj_GetImagePixelSize | 160 | 0x100e3d90 |
FPDFImageObj_GetRenderedBitmap | 161 | 0x100e32c0 |
FPDFImageObj_LoadJpegFile | 162 | 0x100e2cd0 |
FPDFImageObj_LoadJpegFileInline | 163 | 0x100e2ee0 |
FPDFImageObj_SetBitmap | 164 | 0x100e2fa0 |
FPDFImageObj_SetMatrix | 165 | 0x100e2f00 |
FPDFJavaScriptAction_GetName | 166 | 0x100ede90 |
FPDFJavaScriptAction_GetScript | 167 | 0x100edeb0 |
FPDFLink_CloseWebLinks | 168 | 0x100f4e70 |
FPDFLink_CountQuadPoints | 169 | 0x100e2730 |
FPDFLink_CountRects | 170 | 0x100f4c90 |
FPDFLink_CountWebLinks | 171 | 0x100f4b90 |
FPDFLink_Enumerate | 172 | 0x100e2460 |
FPDFLink_GetAction | 173 | 0x100e23f0 |
FPDFLink_GetAnnot | 174 | 0x100e2620 |
FPDFLink_GetAnnotRect | 175 | 0x100e26b0 |
FPDFLink_GetDest | 176 | 0x100e2330 |
FPDFLink_GetLinkAtPoint | 177 | 0x100e21a0 |
FPDFLink_GetLinkZOrderAtPoint | 178 | 0x100e22a0 |
FPDFLink_GetQuadPoints | 179 | 0x100e27b0 |
FPDFLink_GetRect | 180 | 0x100f4d00 |
FPDFLink_GetTextRange | 181 | 0x100f4df0 |
FPDFLink_GetURL | 182 | 0x100f4bc0 |
FPDFLink_LoadWebLinks | 183 | 0x100f4b50 |
FPDFPageObjMark_CountParams | 184 | 0x100e4a40 |
FPDFPageObjMark_GetName | 185 | 0x100e49b0 |
FPDFPageObjMark_GetParamBlobValue | 186 | 0x100e4f50 |
FPDFPageObjMark_GetParamIntValue | 187 | 0x100e4cf0 |
FPDFPageObjMark_GetParamKey | 188 | 0x100e4ad0 |
FPDFPageObjMark_GetParamStringValue | 189 | 0x100e4df0 |
FPDFPageObjMark_GetParamValueType | 190 | 0x100e4c10 |
FPDFPageObjMark_RemoveParam | 191 | 0x100e55d0 |
FPDFPageObjMark_SetBlobParam | 192 | 0x100e5490 |
FPDFPageObjMark_SetIntParam | 193 | 0x100e51c0 |
FPDFPageObjMark_SetStringParam | 194 | 0x100e5380 |
FPDFPageObj_AddMark | 195 | 0x100e4920 |
FPDFPageObj_CountMarks | 196 | 0x100e48d0 |
FPDFPageObj_CreateNewPath | 197 | 0x100e68a0 |
FPDFPageObj_CreateNewRect | 198 | 0x100e6900 |
FPDFPageObj_CreateTextObj | 199 | 0x100e9480 |
FPDFPageObj_Destroy | 200 | 0x100e48a0 |
FPDFPageObj_GetBounds | 201 | 0x100e6100 |
FPDFPageObj_GetClipPath | 202 | 0x100f6360 |
FPDFPageObj_GetDashArray | 203 | 0x100e6650 |
FPDFPageObj_GetDashCount | 204 | 0x100e6630 |
FPDFPageObj_GetDashPhase | 205 | 0x100e65c0 |
FPDFPageObj_GetFillColor | 206 | 0x100e6040 |
FPDFPageObj_GetLineCap | 207 | 0x100e6570 |
FPDFPageObj_GetLineJoin | 208 | 0x100e6520 |
FPDFPageObj_GetMark | 209 | 0x100e48f0 |
FPDFPageObj_GetMatrix | 210 | 0x100e5800 |
FPDFPageObj_GetRotatedBounds | 211 | 0x100e6150 |
FPDFPageObj_GetStrokeColor | 212 | 0x100e63f0 |
FPDFPageObj_GetStrokeWidth | 213 | 0x100e64f0 |
FPDFPageObj_GetType | 214 | 0x100d5660 |
FPDFPageObj_HasTransparency | 215 | 0x100e50a0 |
FPDFPageObj_NewImageObj | 216 | 0x100e2c30 |
FPDFPageObj_NewTextObj | 217 | 0x100e6d70 |
FPDFPageObj_RemoveMark | 218 | 0x100e4980 |
FPDFPageObj_SetBlendMode | 219 | 0x100e59f0 |
FPDFPageObj_SetDashArray | 220 | 0x100e66e0 |
FPDFPageObj_SetDashPhase | 221 | 0x100e65f0 |
FPDFPageObj_SetFillColor | 222 | 0x100e5f10 |
FPDFPageObj_SetLineCap | 223 | 0x100e6590 |
FPDFPageObj_SetLineJoin | 224 | 0x100e6540 |
FPDFPageObj_SetMatrix | 225 | 0x100e5900 |
FPDFPageObj_SetStrokeColor | 226 | 0x100e62c0 |
FPDFPageObj_SetStrokeWidth | 227 | 0x100e64b0 |
FPDFPageObj_Transform | 228 | 0x100e5770 |
FPDFPageObj_TransformClipPath | 229 | 0x100f62c0 |
FPDFPage_CloseAnnot | 230 | 0x100dbb30 |
FPDFPage_CountObjects | 231 | 0x100e4820 |
FPDFPage_CreateAnnot | 232 | 0x100db5d0 |
FPDFPage_Delete | 233 | 0x100e4150 |
FPDFPage_Flatten | 234 | 0x100ea660 |
FPDFPage_FormFieldZOrderAtPoint | 235 | 0x100ecce0 |
FPDFPage_GenerateContent | 236 | 0x100e56f0 |
FPDFPage_GetAnnot | 237 | 0x100db890 |
FPDFPage_GetAnnotCount | 238 | 0x100db7f0 |
FPDFPage_GetAnnotIndex | 239 | 0x100db9c0 |
FPDFPage_GetArtBox | 240 | 0x100f57b0 |
FPDFPage_GetBleedBox | 241 | 0x100f56f0 |
FPDFPage_GetCropBox | 242 | 0x100f5690 |
FPDFPage_GetDecodedThumbnailData | 243 | 0x100f4e90 |
FPDFPage_GetMediaBox | 244 | 0x100f5500 |
FPDFPage_GetObject | 245 | 0x100e4850 |
FPDFPage_GetRawThumbnailData | 246 | 0x100f5000 |
FPDFPage_GetRotation | 247 | 0x100e4490 |
FPDFPage_GetThumbnailAsBitmap | 248 | 0x100f50b0 |
FPDFPage_GetTrimBox | 249 | 0x100f5750 |
FPDFPage_HasFormFieldAtPoint | 250 | 0x100ecc50 |
FPDFPage_HasTransparency | 251 | 0x100e4880 |
FPDFPage_InsertClipPath | 252 | 0x100f6560 |
FPDFPage_InsertObject | 253 | 0x100e4670 |
FPDFPage_New | 254 | 0x100e4200 |
FPDFPage_RemoveAnnot | 255 | 0x100dbb50 |
FPDFPage_RemoveObject | 256 | 0x100e47b0 |
FPDFPage_SetArtBox | 257 | 0x100f54a0 |
FPDFPage_SetBleedBox | 258 | 0x100f53e0 |
FPDFPage_SetCropBox | 259 | 0x100f5380 |
FPDFPage_SetMediaBox | 260 | 0x100f52b0 |
FPDFPage_SetRotation | 261 | 0x100e5e10 |
FPDFPage_SetTrimBox | 262 | 0x100f5440 |
FPDFPage_TransFormWithClip | 263 | 0x100f5810 |
FPDFPage_TransformAnnots | 264 | 0x100e5a40 |
FPDFPathSegment_GetClose | 265 | 0x100e6d50 |
FPDFPathSegment_GetPoint | 266 | 0x100e6cf0 |
FPDFPathSegment_GetType | 267 | 0x100e6d30 |
FPDFPath_BezierTo | 268 | 0x100e6b30 |
FPDFPath_Close | 269 | 0x100e6be0 |
FPDFPath_CountSegments | 270 | 0x100e6970 |
FPDFPath_GetDrawMode | 271 | 0x100e6c90 |
FPDFPath_GetPathSegment | 272 | 0x100e69c0 |
FPDFPath_LineTo | 273 | 0x100e6ab0 |
FPDFPath_MoveTo | 274 | 0x100e6a30 |
FPDFPath_SetDrawMode | 275 | 0x100e6c30 |
FPDFSignatureObj_GetByteRange | 276 | 0x100f1ce0 |
FPDFSignatureObj_GetContents | 277 | 0x100f1bf0 |
FPDFSignatureObj_GetDocMDPPermission | 278 | 0x100f2180 |
FPDFSignatureObj_GetReason | 279 | 0x100f1f20 |
FPDFSignatureObj_GetSubFilter | 280 | 0x100f1e20 |
FPDFSignatureObj_GetTime | 281 | 0x100f2050 |
FPDFTextObj_GetFont | 282 | 0x100e95c0 |
FPDFTextObj_GetFontSize | 283 | 0x100e8fe0 |
FPDFTextObj_GetRenderedBitmap | 284 | 0x100e90a0 |
FPDFTextObj_GetText | 285 | 0x100e9020 |
FPDFTextObj_GetTextRenderMode | 286 | 0x100e9540 |
FPDFTextObj_SetTextRenderMode | 287 | 0x100e9580 |
FPDFText_ClosePage | 288 | 0x100f3fb0 |
FPDFText_CountChars | 289 | 0x100f3fd0 |
FPDFText_CountRects | 290 | 0x100f4840 |
FPDFText_FindClose | 291 | 0x100f4b30 |
FPDFText_FindNext | 292 | 0x100f4ab0 |
FPDFText_FindPrev | 293 | 0x100f4ad0 |
FPDFText_FindStart | 294 | 0x100f49f0 |
FPDFText_GetBoundedText | 295 | 0x100f48f0 |
FPDFText_GetCharAngle | 296 | 0x100f4490 |
FPDFText_GetCharBox | 297 | 0x100f4510 |
FPDFText_GetCharIndexAtPos | 298 | 0x100f46d0 |
FPDFText_GetCharIndexFromTextIndex | 299 | 0x100f18b0 |
FPDFText_GetCharOrigin | 300 | 0x100f4680 |
FPDFText_GetFillColor | 301 | 0x100f42b0 |
FPDFText_GetFontInfo | 302 | 0x100f40f0 |
FPDFText_GetFontSize | 303 | 0x100f40b0 |
FPDFText_GetFontWeight | 304 | 0x100f41f0 |
FPDFText_GetLooseCharBox | 305 | 0x100f45a0 |
FPDFText_GetMatrix | 306 | 0x100f4610 |
FPDFText_GetRect | 307 | 0x100f4860 |
FPDFText_GetSchCount | 308 | 0x100f4b10 |
FPDFText_GetSchResultIndex | 309 | 0x100f4af0 |
FPDFText_GetStrokeColor | 310 | 0x100f43a0 |
FPDFText_GetText | 311 | 0x100f4740 |
FPDFText_GetTextIndexFromCharIndex | 312 | 0x100f18d0 |
FPDFText_GetTextRenderMode | 313 | 0x100f4280 |
FPDFText_GetUnicode | 314 | 0x100f3ff0 |
FPDFText_HasUnicodeMapError | 315 | 0x100f4080 |
FPDFText_IsGenerated | 316 | 0x100f4020 |
FPDFText_IsHyphen | 317 | 0x100f4050 |
FPDFText_LoadFont | 318 | 0x100e70e0 |
FPDFText_LoadPage | 319 | 0x100f3f20 |
FPDFText_LoadStandardFont | 320 | 0x100e8f70 |
FPDFText_SetCharcodes | 321 | 0x100e6ff0 |
FPDFText_SetText | 322 | 0x100e6e80 |
FPDF_AddInstalledFont | 323 | 0x100f3850 |
FPDF_CloseDocument | 324 | 0x100f8710 |
FPDF_ClosePage | 325 | 0x100f86a0 |
FPDF_CloseXObject | 326 | 0x100ef7c0 |
FPDF_CopyViewerPreferences | 327 | 0x100ef890 |
FPDF_CountNamedDests | 328 | 0x100f90e0 |
FPDF_CreateClipPath | 329 | 0x100f64b0 |
FPDF_CreateNewDocument | 330 | 0x100e3e70 |
FPDF_DestroyClipPath | 331 | 0x100f6540 |
FPDF_DestroyLibrary | 332 | 0x100f6e40 |
FPDF_DeviceToPage | 333 | 0x100f8750 |
FPDF_DocumentHasValidCrossReferenceTable | 334 | 0x100f72c0 |
FPDF_FFLDraw | 335 | 0x100ed5c0 |
FPDF_FreeDefaultSystemFontInfo | 336 | 0x10005860 |
FPDF_GetDefaultSystemFontInfo | 337 | 0x100f3980 |
FPDF_GetDefaultTTFMap | 338 | 0x100f3910 |
FPDF_GetDocPermissions | 339 | 0x100f72e0 |
FPDF_GetDocUserPermissions | 340 | 0x100f7310 |
FPDF_GetFileIdentifier | 341 | 0x100e2990 |
FPDF_GetFileVersion | 342 | 0x100f7280 |
FPDF_GetFormType | 343 | 0x100f7000 |
FPDF_GetLastError | 344 | 0x100f8740 |
FPDF_GetMetaText | 345 | 0x100e2ae0 |
FPDF_GetNamedDest | 346 | 0x100f9290 |
FPDF_GetNamedDestByName | 347 | 0x100f91f0 |
FPDF_GetPageAAction | 348 | 0x100e2860 |
FPDF_GetPageBoundingBox | 349 | 0x100f76e0 |
FPDF_GetPageCount | 350 | 0x100f73f0 |
FPDF_GetPageHeight | 351 | 0x100f7690 |
FPDF_GetPageHeightF | 352 | 0x100f7650 |
FPDF_GetPageLabel | 353 | 0x100e2b90 |
FPDF_GetPageSizeByIndex | 354 | 0x100f8d60 |
FPDF_GetPageSizeByIndexF | 355 | 0x100f8c60 |
FPDF_GetPageWidth | 356 | 0x100f7600 |
FPDF_GetPageWidthF | 357 | 0x100f75c0 |
FPDF_GetSecurityHandlerRevision | 358 | 0x100f7340 |
FPDF_GetSignatureCount | 359 | 0x100f18f0 |
FPDF_GetSignatureObject | 360 | 0x100f1b40 |
FPDF_GetTrailerEnds | 361 | 0x100f9d50 |
FPDF_GetXFAPacketContent | 362 | 0x100f9c80 |
FPDF_GetXFAPacketCount | 363 | 0x100f9720 |
FPDF_GetXFAPacketName | 364 | 0x100f9be0 |
FPDF_ImportNPagesToOne | 365 | 0x100ee7f0 |
FPDF_ImportPages | 366 | 0x100ee5d0 |
FPDF_ImportPagesByIndex | 367 | 0x100edf00 |
FPDF_InitLibrary | 368 | 0x100f6dc0 |
FPDF_InitLibraryWithConfig | 369 | 0x100f6dd0 |
FPDF_LoadCustomDocument | 370 | 0x100f71e0 |
FPDF_LoadDocument | 371 | 0x100f6ea0 |
FPDF_LoadMemDocument | 372 | 0x100f7140 |
FPDF_LoadMemDocument64 | 373 | 0x100f7140 |
FPDF_LoadPage | 374 | 0x100f7440 |
FPDF_LoadXFA | 375 | 0x10006070 |
FPDF_MovePages | 376 | 0x100e4190 |
FPDF_NewFormObjectFromXObject | 377 | 0x100ef7e0 |
FPDF_NewXObjectFromPage | 378 | 0x100ef610 |
FPDF_PageToDevice | 379 | 0x100f8830 |
FPDF_RemoveFormFieldHighlight | 380 | 0x100ed890 |
FPDF_RenderPage | 381 | 0x100f7740 |
FPDF_RenderPageBitmap | 382 | 0x100f8380 |
FPDF_RenderPageBitmapWithColorScheme_Start | 383 | 0x100f1470 |
FPDF_RenderPageBitmapWithMatrix | 384 | 0x100f84b0 |
FPDF_RenderPageBitmap_Start | 385 | 0x100f15d0 |
FPDF_RenderPage_Close | 386 | 0x100f1690 |
FPDF_RenderPage_Continue | 387 | 0x100f1600 |
FPDF_SaveAsCopy | 388 | 0x100f16b0 |
FPDF_SaveWithVersion | 389 | 0x100f1820 |
FPDF_SetFormFieldHighlightAlpha | 390 | 0x100ed870 |
FPDF_SetFormFieldHighlightColor | 391 | 0x100ed7f0 |
FPDF_SetPrintMode | 392 | 0x100f6e80 |
FPDF_SetSandBoxPolicy | 393 | 0x100f6e70 |
FPDF_SetSystemFontInfo | 394 | 0x100f38b0 |
FPDF_StructElement_Attr_GetBlobValue | 395 | 0x100f3380 |
FPDF_StructElement_Attr_GetBooleanValue | 396 | 0x100f30a0 |
FPDF_StructElement_Attr_GetCount | 397 | 0x100f2f20 |
FPDF_StructElement_Attr_GetName | 398 | 0x100f2f40 |
FPDF_StructElement_Attr_GetNumberValue | 399 | 0x100f3170 |
FPDF_StructElement_Attr_GetStringValue | 400 | 0x100f3240 |
FPDF_StructElement_Attr_GetType | 401 | 0x100f2ff0 |
FPDF_StructElement_CountChildren | 402 | 0x100f2eb0 |
FPDF_StructElement_GetActualText | 403 | 0x100f2660 |
FPDF_StructElement_GetAltText | 404 | 0x100f2580 |
FPDF_StructElement_GetAttributeAtIndex | 405 | 0x100f28f0 |
FPDF_StructElement_GetAttributeCount | 406 | 0x100f27a0 |
FPDF_StructElement_GetChildAtIndex | 407 | 0x100f2ed0 |
FPDF_StructElement_GetID | 408 | 0x100f26c0 |
FPDF_StructElement_GetLang | 409 | 0x100f2730 |
FPDF_StructElement_GetMarkedContentID | 410 | 0x100f2c70 |
FPDF_StructElement_GetMarkedContentIdAtIndex | 411 | 0x100f3550 |
FPDF_StructElement_GetMarkedContentIdCount | 412 | 0x100f3490 |
FPDF_StructElement_GetObjType | 413 | 0x100f2db0 |
FPDF_StructElement_GetParent | 414 | 0x100f2f00 |
FPDF_StructElement_GetStringAttribute | 415 | 0x100f2a80 |
FPDF_StructElement_GetTitle | 416 | 0x100f2e50 |
FPDF_StructElement_GetType | 417 | 0x100f2d10 |
FPDF_StructTree_Close | 418 | 0x100f24c0 |
FPDF_StructTree_CountChildren | 419 | 0x100f24e0 |
FPDF_StructTree_GetChildAtIndex | 420 | 0x100f2510 |
FPDF_StructTree_GetForPage | 421 | 0x100f2450 |
FPDF_VIEWERREF_GetDuplex | 422 | 0x100f8f80 |
FPDF_VIEWERREF_GetName | 423 | 0x100f9030 |
FPDF_VIEWERREF_GetNumCopies | 424 | 0x100f8e40 |
FPDF_VIEWERREF_GetPrintPageRange | 425 | 0x100f8ea0 |
FPDF_VIEWERREF_GetPrintPageRangeCount | 426 | 0x100f8f30 |
FPDF_VIEWERREF_GetPrintPageRangeElement | 427 | 0x100f8f50 |
FPDF_VIEWERREF_GetPrintScaling | 428 | 0x100f8de0 |
FSDK_SetLocaltimeFunction | 429 | 0x100ea440 |
FSDK_SetTimeFunction | 430 | 0x100ea430 |
FSDK_SetUnSpObjProcessHandler | 431 | 0x100ea410 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 17:32:58 |
Start date: | 22/12/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:32:58 |
Start date: | 22/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:32:58 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:32:58 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:32:58 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 17:33:01 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 17:33:04 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |