Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iepdf32.dll

Overview

General Information

Sample name:iepdf32.dll
Analysis ID:1579542
MD5:dcd66a6ee58bdda0a8affe5ce3becabd
SHA1:083e497458a12954f126b8c1831f6256094b3664
SHA256:5b08f88041a6f6cb43d56bddb86faadb79b435f04b3679d92c03be2bbfbbe9a0
Tags:dllHijackLoaderIDATLoaderuser-aachum
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Switches to a custom stack to bypass stack traces
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Entry point lies outside standard sections
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

  • System is w10x64
  • loaddll32.exe (PID: 7280 cmdline: loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7336 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 7360 cmdline: rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7344 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7420 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7456 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: iepdf32.dllVirustotal: Detection: 11%Perma Link
Source: iepdf32.dllReversingLabs: Detection: 21%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: iepdf32.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: iepdf32.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\wgfvkiJump to behavior
Source: iepdf32.dllStatic PE information: Number of sections : 11 > 10
Source: iepdf32.dllBinary or memory string: OriginalFilenamepdfium.dll. vs iepdf32.dll
Source: iepdf32.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: classification engineClassification label: mal60.evad.winDLL@12/0@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
Source: iepdf32.dllVirustotal: Detection: 11%
Source: iepdf32.dllReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedoJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndoJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAActionJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: iepdf32.dllStatic PE information: More than 430 > 100 exports found
Source: iepdf32.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: iepdf32.dllStatic file information: File size 7347200 > 1048576
Source: iepdf32.dllStatic PE information: Raw size of IJTNUY is bigger than: 0x100000 < 0x700e00
Source: iepdf32.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: initial sampleStatic PE information: section where entry point is pointing to: IJTNUY
Source: iepdf32.dllStatic PE information: section name: XRLOQX
Source: iepdf32.dllStatic PE information: section name: KEBDAI
Source: iepdf32.dllStatic PE information: section name: UGLZPX
Source: iepdf32.dllStatic PE information: section name: YTTJAF
Source: iepdf32.dllStatic PE information: section name: IIPNOC
Source: iepdf32.dllStatic PE information: section name: IJTNUY

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 7280 base: E60005 value: E9 8B 2F 0A 76 Jump to behavior
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 7280 base: 76F02F90 value: E9 7A D0 F5 89 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7344 base: 3500005 value: E9 8B 2F A0 73 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7344 base: 76F02F90 value: E9 7A D0 5F 8C Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7360 base: 2360005 value: E9 8B 2F BA 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7360 base: 76F02F90 value: E9 7A D0 45 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7420 base: 2A70005 value: E9 8B 2F 49 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7420 base: 76F02F90 value: E9 7A D0 B6 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7456 base: 4110005 value: E9 8B 2F DF 72 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 7456 base: 76F02F90 value: E9 7A D0 20 8D Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC6D965
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CF2DECB
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C866FEB
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC692E8
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC8D2D3
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C8FB4C1
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C892AB9
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C8D0AAC
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC7766C
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC22534
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C85D540
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C8D597A
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CCEC522
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CF073EE
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC59A7B
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\loaddll32.exeProcess information queried: ProcessInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
1
Masquerading
1
Credential API Hooking
1
Security Software Discovery
Remote Services1
Credential API Hooking
Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Rundll32
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager11
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
iepdf32.dll11%VirustotalBrowse
iepdf32.dll21%ReversingLabsWin32.Trojan.Generic
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579542
Start date and time:2024-12-22 23:32:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:iepdf32.dll
Detection:MAL
Classification:mal60.evad.winDLL@12/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .dll
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy (8bit):7.993145851341156
TrID:
  • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
  • Generic Win/DOS Executable (2004/3) 0.20%
  • DOS Executable Generic (2002/1) 0.20%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:iepdf32.dll
File size:7'347'200 bytes
MD5:dcd66a6ee58bdda0a8affe5ce3becabd
SHA1:083e497458a12954f126b8c1831f6256094b3664
SHA256:5b08f88041a6f6cb43d56bddb86faadb79b435f04b3679d92c03be2bbfbbe9a0
SHA512:29a1442d5b960e23fb13bbe35d0b995330b636dab5e40ae2b88d22f76196bfe468ecb3bce576e8e739d1d67c0d395418bdd6e02db1a896def91f37baefd3a303
SSDEEP:196608:jIS6ApomgbKc7Ialg+C3FHthz9YJTpVxN4i3/uq:j16ygT9TSnz69xmiv
TLSH:B7763389F3CF22E6C4C682F51665F5BDB2F62E5A0326CD9DF2482DCDA56761120730CA
File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......d.........."!......&.........t!..............................................Y.p...@A........................@....9......d..
Icon Hash:7ae282899bbab082
Entrypoint:0x10842174
Entrypoint Section:IJTNUY
Digitally signed:false
Imagebase:0x10000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Time Stamp:0x64F412D0 [Sun Sep 3 05:00:00 2023 UTC]
TLS Callbacks:0x10bb4fe5, 0x1023b700, 0x1023b790, 0x10107100
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:1
File Version Major:5
File Version Minor:1
Subsystem Version Major:5
Subsystem Version Minor:1
Import Hash:f9615c2b57d66b6881f2a89ec212177c
Instruction
push ebp
mov ebp, BD08A5AFh
pushfd
shr bp, FFCCh
mov ebp, dword ptr [esp+ebp+42F7FFFAh]
mov dword ptr [esp+04h], 6C0D2DC4h
push dword ptr [esp+00h]
popfd
lea esp, dword ptr [esp+04h]
call 00007FC248D0A3A8h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0xdfbb400x398dIJTNUY
IMAGE_DIRECTORY_ENTRY_IMPORT0xcfe1980x64IJTNUY
IMAGE_DIRECTORY_ENTRY_RESOURCE0xe590000x390.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0xe5a0000x3b8.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0xb4d6100x18IJTNUY
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xe55a000xbcIJTNUY
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x7570000x20IIPNOC
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x26848c0x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x26a0000x1d45fc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x43f0000xd1dc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
XRLOQX0x44d0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
KEBDAI0x44e0000xa10x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UGLZPX0x44f0000xf30x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
YTTJAF0x4500000x306e460x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
IIPNOC0x7570000xd80x200b9ceb70680184a77357e9c07f3519b4dFalse0.083984375data0.3505988039007212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
IJTNUY0x7580000x700d400x700e00895e1cde3f8267fd11a0e858233aba4dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc0xe590000x3900x400182ab6af4f9631b9bee72c1fd7afdd2eFalse0.41015625data3.0503066360067215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0xe5a0000x3b80x400b208fdd9e6ca43a5a2bc6607d9fbeae7False0.529296875data4.067766524307849IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0xe590580x338dataEnglishUnited States0.46359223300970875
DLLImport
KERNEL32.dllAcquireSRWLockExclusive
ADVAPI32.dllCryptAcquireContextW
GDI32.dllBeginPath
USER32.dllFillRect
NameOrdinalAddress
FORM_CanRedo10x100ed350
FORM_CanUndo20x100ed320
FORM_DoDocumentAAction30x100ed950
FORM_DoDocumentJSAction40x100ed910
FORM_DoDocumentOpenAction50x100ed930
FORM_DoPageAAction60x100eda00
FORM_ForceToKillFocus70x100ed3e0
FORM_GetFocusedAnnot80x100ed400
FORM_GetFocusedText90x100ed170
FORM_GetSelectedText100x100ed1d0
FORM_IsIndexSelected110x100edb70
FORM_OnAfterLoadPage120x100ed8b0
FORM_OnBeforeClosePage130x100ed8d0
FORM_OnChar140x100ed140
FORM_OnFocus150x100eced0
FORM_OnKeyDown160x100ed110
FORM_OnKeyUp170x10006070
FORM_OnLButtonDoubleClick180x100ecff0
FORM_OnLButtonDown190x100ecf30
FORM_OnLButtonUp200x100ecf90
FORM_OnMouseMove210x100ecdd0
FORM_OnMouseWheel220x100ece60
FORM_OnRButtonDown230x100ed050
FORM_OnRButtonUp240x100ed0b0
FORM_Redo250x100ed3b0
FORM_ReplaceAndKeepSelection260x100ed230
FORM_ReplaceSelection270x100ed290
FORM_SelectAllText280x100ed2f0
FORM_SetFocusedAnnot290x100ed4e0
FORM_SetIndexSelected300x100edb40
FORM_Undo310x100ed380
FPDFAction_GetDest320x100e1db0
FPDFAction_GetFilePath330x100e1e50
FPDFAction_GetType340x100e1d40
FPDFAction_GetURIPath350x100e1f00
FPDFAnnot_AddInkStroke360x100dbef0
FPDFAnnot_AppendAttachmentPoints370x100dd3d0
FPDFAnnot_AppendObject380x100dc210
FPDFAnnot_CountAttachmentPoints390x100dd760
FPDFAnnot_GetAP400x100df040
FPDFAnnot_GetAttachmentPoints410x100dd7f0
FPDFAnnot_GetBorder420x100de160
FPDFAnnot_GetColor430x100dcb60
FPDFAnnot_GetFlags440x100df2a0
FPDFAnnot_GetFocusableSubtypes450x100dfa80
FPDFAnnot_GetFocusableSubtypesCount460x100dfa60
FPDFAnnot_GetFontSize470x100df7b0
FPDFAnnot_GetFormAdditionalActionJavaScript480x100df550
FPDFAnnot_GetFormControlCount490x100dfb20
FPDFAnnot_GetFormControlIndex500x100dfb40
FPDFAnnot_GetFormFieldAlternateName510x100df5f0
FPDFAnnot_GetFormFieldAtPoint520x100df420
FPDFAnnot_GetFormFieldExportValue530x100dfb90
FPDFAnnot_GetFormFieldFlags540x100df3d0
FPDFAnnot_GetFormFieldName550x100df4c0
FPDFAnnot_GetFormFieldType560x100df520
FPDFAnnot_GetFormFieldValue570x100df650
FPDFAnnot_GetInkListCount580x100ddc40
FPDFAnnot_GetInkListPath590x100ddd30
FPDFAnnot_GetLine600x100dde50
FPDFAnnot_GetLink610x100dfad0
FPDFAnnot_GetLinkedAnnot620x100df140
FPDFAnnot_GetNumberValue630x100de530
FPDFAnnot_GetObject640x100dc540
FPDFAnnot_GetObjectCount650x100dc410
FPDFAnnot_GetOptionCount660x100df6b0
FPDFAnnot_GetOptionLabel670x100df6d0
FPDFAnnot_GetRect680x100ddaa0
FPDFAnnot_GetStringValue690x100de4b0
FPDFAnnot_GetSubtype700x100dbc00
FPDFAnnot_GetValueType710x100de2e0
FPDFAnnot_GetVertices720x100ddb20
FPDFAnnot_HasAttachmentPoints730x100dcee0
FPDFAnnot_HasKey740x100de280
FPDFAnnot_IsChecked750x100df810
FPDFAnnot_IsObjectSupportedSubtype760x100dbc70
FPDFAnnot_IsOptionSelected770x100df750
FPDFAnnot_IsSupportedSubtype780x100db5b0
FPDFAnnot_RemoveInkList790x100dc130
FPDFAnnot_RemoveObject800x100dc670
FPDFAnnot_SetAP810x100de610
FPDFAnnot_SetAttachmentPoints820x100dcf20
FPDFAnnot_SetBorder830x100ddf70
FPDFAnnot_SetColor840x100dc780
FPDFAnnot_SetFlags850x100df300
FPDFAnnot_SetFocusableSubtypes860x100df890
FPDFAnnot_SetRect870x100dd8a0
FPDFAnnot_SetStringValue880x100de3a0
FPDFAnnot_SetURI890x100dfbf0
FPDFAnnot_UpdateObject900x100dbc90
FPDFAttachment_GetFile910x100e1030
FPDFAttachment_GetName920x100e0460
FPDFAttachment_GetStringValue930x100e08d0
FPDFAttachment_GetValueType940x100e05b0
FPDFAttachment_HasKey950x100e04e0
FPDFAttachment_SetFile960x100e0b70
FPDFAttachment_SetStringValue970x100e06e0
FPDFAvail_Create980x100e11f0
FPDFAvail_Destroy990x100e1350
FPDFAvail_GetDocument1000x100e13e0
FPDFAvail_GetFirstPageNum1010x100e14c0
FPDFAvail_IsDocAvail1020x100e1380
FPDFAvail_IsFormAvail1030x100e1550
FPDFAvail_IsLinearized1040x100e15b0
FPDFAvail_IsPageAvail1050x100e14e0
FPDFBitmap_Create1060x100f8950
FPDFBitmap_CreateEx1070x100f89f0
FPDFBitmap_Destroy1080x100e9440
FPDFBitmap_FillRect1090x100f8ae0
FPDFBitmap_GetBuffer1100x100f8bd0
FPDFBitmap_GetFormat1110x100f8a90
FPDFBitmap_GetHeight1120x100f2f00
FPDFBitmap_GetStride1130x100f8c40
FPDFBitmap_GetWidth1140x100f8c20
FPDFBookmark_Find1150x100e1980
FPDFBookmark_GetAction1160x100e1cd0
FPDFBookmark_GetCount1170x100e1920
FPDFBookmark_GetDest1180x100e1c00
FPDFBookmark_GetFirstChild1190x100e1770
FPDFBookmark_GetNextSibling1200x100e1800
FPDFBookmark_GetTitle1210x100e1890
FPDFCatalog_IsTagged1220x100e1120
FPDFClipPath_CountPathSegments1230x100f63a0
FPDFClipPath_CountPaths1240x100f6370
FPDFClipPath_GetPathSegment1250x100f6420
FPDFDOC_ExitFormFillEnvironment1260x100ecdb0
FPDFDOC_InitFormFillEnvironment1270x100ecd60
FPDFDest_GetDestPageIndex1280x100e1fd0
FPDFDest_GetLocationInPage1290x100e20f0
FPDFDest_GetView1300x100e2050
FPDFDoc_AddAttachment1310x100dffe0
FPDFDoc_CloseJavaScriptAction1320x100ede60
FPDFDoc_DeleteAttachment1330x100e03b0
FPDFDoc_GetAttachment1340x100e02b0
FPDFDoc_GetAttachmentCount1350x100dff40
FPDFDoc_GetJavaScriptAction1360x100edc50
FPDFDoc_GetJavaScriptActionCount1370x100edba0
FPDFDoc_GetPageMode1380x100ea450
FPDFFont_Close1390x100e9440
FPDFFont_GetAscent1400x100e97a0
FPDFFont_GetDescent1410x100e97e0
FPDFFont_GetFlags1420x100e9740
FPDFFont_GetFontData1430x100e96c0
FPDFFont_GetFontName1440x100e9640
FPDFFont_GetGlyphPath1450x100e98c0
FPDFFont_GetGlyphWidth1460x100e9820
FPDFFont_GetIsEmbedded1470x100e9700
FPDFFont_GetItalicAngle1480x100e9780
FPDFFont_GetWeight1490x100e9760
FPDFFormObj_CountObjects1500x100e67a0
FPDFFormObj_GetObject1510x100e67e0
FPDFGlyphPath_CountGlyphSegments1520x100e99e0
FPDFGlyphPath_GetGlyphPathSegment1530x100e9a10
FPDFImageObj_GetBitmap1540x100e3110
FPDFImageObj_GetImageDataDecoded1550x100e3560
FPDFImageObj_GetImageDataRaw1560x100e3680
FPDFImageObj_GetImageFilter1570x100e3930
FPDFImageObj_GetImageFilterCount1580x100e37a0
FPDFImageObj_GetImageMetadata1590x100e3ab0
FPDFImageObj_GetImagePixelSize1600x100e3d90
FPDFImageObj_GetRenderedBitmap1610x100e32c0
FPDFImageObj_LoadJpegFile1620x100e2cd0
FPDFImageObj_LoadJpegFileInline1630x100e2ee0
FPDFImageObj_SetBitmap1640x100e2fa0
FPDFImageObj_SetMatrix1650x100e2f00
FPDFJavaScriptAction_GetName1660x100ede90
FPDFJavaScriptAction_GetScript1670x100edeb0
FPDFLink_CloseWebLinks1680x100f4e70
FPDFLink_CountQuadPoints1690x100e2730
FPDFLink_CountRects1700x100f4c90
FPDFLink_CountWebLinks1710x100f4b90
FPDFLink_Enumerate1720x100e2460
FPDFLink_GetAction1730x100e23f0
FPDFLink_GetAnnot1740x100e2620
FPDFLink_GetAnnotRect1750x100e26b0
FPDFLink_GetDest1760x100e2330
FPDFLink_GetLinkAtPoint1770x100e21a0
FPDFLink_GetLinkZOrderAtPoint1780x100e22a0
FPDFLink_GetQuadPoints1790x100e27b0
FPDFLink_GetRect1800x100f4d00
FPDFLink_GetTextRange1810x100f4df0
FPDFLink_GetURL1820x100f4bc0
FPDFLink_LoadWebLinks1830x100f4b50
FPDFPageObjMark_CountParams1840x100e4a40
FPDFPageObjMark_GetName1850x100e49b0
FPDFPageObjMark_GetParamBlobValue1860x100e4f50
FPDFPageObjMark_GetParamIntValue1870x100e4cf0
FPDFPageObjMark_GetParamKey1880x100e4ad0
FPDFPageObjMark_GetParamStringValue1890x100e4df0
FPDFPageObjMark_GetParamValueType1900x100e4c10
FPDFPageObjMark_RemoveParam1910x100e55d0
FPDFPageObjMark_SetBlobParam1920x100e5490
FPDFPageObjMark_SetIntParam1930x100e51c0
FPDFPageObjMark_SetStringParam1940x100e5380
FPDFPageObj_AddMark1950x100e4920
FPDFPageObj_CountMarks1960x100e48d0
FPDFPageObj_CreateNewPath1970x100e68a0
FPDFPageObj_CreateNewRect1980x100e6900
FPDFPageObj_CreateTextObj1990x100e9480
FPDFPageObj_Destroy2000x100e48a0
FPDFPageObj_GetBounds2010x100e6100
FPDFPageObj_GetClipPath2020x100f6360
FPDFPageObj_GetDashArray2030x100e6650
FPDFPageObj_GetDashCount2040x100e6630
FPDFPageObj_GetDashPhase2050x100e65c0
FPDFPageObj_GetFillColor2060x100e6040
FPDFPageObj_GetLineCap2070x100e6570
FPDFPageObj_GetLineJoin2080x100e6520
FPDFPageObj_GetMark2090x100e48f0
FPDFPageObj_GetMatrix2100x100e5800
FPDFPageObj_GetRotatedBounds2110x100e6150
FPDFPageObj_GetStrokeColor2120x100e63f0
FPDFPageObj_GetStrokeWidth2130x100e64f0
FPDFPageObj_GetType2140x100d5660
FPDFPageObj_HasTransparency2150x100e50a0
FPDFPageObj_NewImageObj2160x100e2c30
FPDFPageObj_NewTextObj2170x100e6d70
FPDFPageObj_RemoveMark2180x100e4980
FPDFPageObj_SetBlendMode2190x100e59f0
FPDFPageObj_SetDashArray2200x100e66e0
FPDFPageObj_SetDashPhase2210x100e65f0
FPDFPageObj_SetFillColor2220x100e5f10
FPDFPageObj_SetLineCap2230x100e6590
FPDFPageObj_SetLineJoin2240x100e6540
FPDFPageObj_SetMatrix2250x100e5900
FPDFPageObj_SetStrokeColor2260x100e62c0
FPDFPageObj_SetStrokeWidth2270x100e64b0
FPDFPageObj_Transform2280x100e5770
FPDFPageObj_TransformClipPath2290x100f62c0
FPDFPage_CloseAnnot2300x100dbb30
FPDFPage_CountObjects2310x100e4820
FPDFPage_CreateAnnot2320x100db5d0
FPDFPage_Delete2330x100e4150
FPDFPage_Flatten2340x100ea660
FPDFPage_FormFieldZOrderAtPoint2350x100ecce0
FPDFPage_GenerateContent2360x100e56f0
FPDFPage_GetAnnot2370x100db890
FPDFPage_GetAnnotCount2380x100db7f0
FPDFPage_GetAnnotIndex2390x100db9c0
FPDFPage_GetArtBox2400x100f57b0
FPDFPage_GetBleedBox2410x100f56f0
FPDFPage_GetCropBox2420x100f5690
FPDFPage_GetDecodedThumbnailData2430x100f4e90
FPDFPage_GetMediaBox2440x100f5500
FPDFPage_GetObject2450x100e4850
FPDFPage_GetRawThumbnailData2460x100f5000
FPDFPage_GetRotation2470x100e4490
FPDFPage_GetThumbnailAsBitmap2480x100f50b0
FPDFPage_GetTrimBox2490x100f5750
FPDFPage_HasFormFieldAtPoint2500x100ecc50
FPDFPage_HasTransparency2510x100e4880
FPDFPage_InsertClipPath2520x100f6560
FPDFPage_InsertObject2530x100e4670
FPDFPage_New2540x100e4200
FPDFPage_RemoveAnnot2550x100dbb50
FPDFPage_RemoveObject2560x100e47b0
FPDFPage_SetArtBox2570x100f54a0
FPDFPage_SetBleedBox2580x100f53e0
FPDFPage_SetCropBox2590x100f5380
FPDFPage_SetMediaBox2600x100f52b0
FPDFPage_SetRotation2610x100e5e10
FPDFPage_SetTrimBox2620x100f5440
FPDFPage_TransFormWithClip2630x100f5810
FPDFPage_TransformAnnots2640x100e5a40
FPDFPathSegment_GetClose2650x100e6d50
FPDFPathSegment_GetPoint2660x100e6cf0
FPDFPathSegment_GetType2670x100e6d30
FPDFPath_BezierTo2680x100e6b30
FPDFPath_Close2690x100e6be0
FPDFPath_CountSegments2700x100e6970
FPDFPath_GetDrawMode2710x100e6c90
FPDFPath_GetPathSegment2720x100e69c0
FPDFPath_LineTo2730x100e6ab0
FPDFPath_MoveTo2740x100e6a30
FPDFPath_SetDrawMode2750x100e6c30
FPDFSignatureObj_GetByteRange2760x100f1ce0
FPDFSignatureObj_GetContents2770x100f1bf0
FPDFSignatureObj_GetDocMDPPermission2780x100f2180
FPDFSignatureObj_GetReason2790x100f1f20
FPDFSignatureObj_GetSubFilter2800x100f1e20
FPDFSignatureObj_GetTime2810x100f2050
FPDFTextObj_GetFont2820x100e95c0
FPDFTextObj_GetFontSize2830x100e8fe0
FPDFTextObj_GetRenderedBitmap2840x100e90a0
FPDFTextObj_GetText2850x100e9020
FPDFTextObj_GetTextRenderMode2860x100e9540
FPDFTextObj_SetTextRenderMode2870x100e9580
FPDFText_ClosePage2880x100f3fb0
FPDFText_CountChars2890x100f3fd0
FPDFText_CountRects2900x100f4840
FPDFText_FindClose2910x100f4b30
FPDFText_FindNext2920x100f4ab0
FPDFText_FindPrev2930x100f4ad0
FPDFText_FindStart2940x100f49f0
FPDFText_GetBoundedText2950x100f48f0
FPDFText_GetCharAngle2960x100f4490
FPDFText_GetCharBox2970x100f4510
FPDFText_GetCharIndexAtPos2980x100f46d0
FPDFText_GetCharIndexFromTextIndex2990x100f18b0
FPDFText_GetCharOrigin3000x100f4680
FPDFText_GetFillColor3010x100f42b0
FPDFText_GetFontInfo3020x100f40f0
FPDFText_GetFontSize3030x100f40b0
FPDFText_GetFontWeight3040x100f41f0
FPDFText_GetLooseCharBox3050x100f45a0
FPDFText_GetMatrix3060x100f4610
FPDFText_GetRect3070x100f4860
FPDFText_GetSchCount3080x100f4b10
FPDFText_GetSchResultIndex3090x100f4af0
FPDFText_GetStrokeColor3100x100f43a0
FPDFText_GetText3110x100f4740
FPDFText_GetTextIndexFromCharIndex3120x100f18d0
FPDFText_GetTextRenderMode3130x100f4280
FPDFText_GetUnicode3140x100f3ff0
FPDFText_HasUnicodeMapError3150x100f4080
FPDFText_IsGenerated3160x100f4020
FPDFText_IsHyphen3170x100f4050
FPDFText_LoadFont3180x100e70e0
FPDFText_LoadPage3190x100f3f20
FPDFText_LoadStandardFont3200x100e8f70
FPDFText_SetCharcodes3210x100e6ff0
FPDFText_SetText3220x100e6e80
FPDF_AddInstalledFont3230x100f3850
FPDF_CloseDocument3240x100f8710
FPDF_ClosePage3250x100f86a0
FPDF_CloseXObject3260x100ef7c0
FPDF_CopyViewerPreferences3270x100ef890
FPDF_CountNamedDests3280x100f90e0
FPDF_CreateClipPath3290x100f64b0
FPDF_CreateNewDocument3300x100e3e70
FPDF_DestroyClipPath3310x100f6540
FPDF_DestroyLibrary3320x100f6e40
FPDF_DeviceToPage3330x100f8750
FPDF_DocumentHasValidCrossReferenceTable3340x100f72c0
FPDF_FFLDraw3350x100ed5c0
FPDF_FreeDefaultSystemFontInfo3360x10005860
FPDF_GetDefaultSystemFontInfo3370x100f3980
FPDF_GetDefaultTTFMap3380x100f3910
FPDF_GetDocPermissions3390x100f72e0
FPDF_GetDocUserPermissions3400x100f7310
FPDF_GetFileIdentifier3410x100e2990
FPDF_GetFileVersion3420x100f7280
FPDF_GetFormType3430x100f7000
FPDF_GetLastError3440x100f8740
FPDF_GetMetaText3450x100e2ae0
FPDF_GetNamedDest3460x100f9290
FPDF_GetNamedDestByName3470x100f91f0
FPDF_GetPageAAction3480x100e2860
FPDF_GetPageBoundingBox3490x100f76e0
FPDF_GetPageCount3500x100f73f0
FPDF_GetPageHeight3510x100f7690
FPDF_GetPageHeightF3520x100f7650
FPDF_GetPageLabel3530x100e2b90
FPDF_GetPageSizeByIndex3540x100f8d60
FPDF_GetPageSizeByIndexF3550x100f8c60
FPDF_GetPageWidth3560x100f7600
FPDF_GetPageWidthF3570x100f75c0
FPDF_GetSecurityHandlerRevision3580x100f7340
FPDF_GetSignatureCount3590x100f18f0
FPDF_GetSignatureObject3600x100f1b40
FPDF_GetTrailerEnds3610x100f9d50
FPDF_GetXFAPacketContent3620x100f9c80
FPDF_GetXFAPacketCount3630x100f9720
FPDF_GetXFAPacketName3640x100f9be0
FPDF_ImportNPagesToOne3650x100ee7f0
FPDF_ImportPages3660x100ee5d0
FPDF_ImportPagesByIndex3670x100edf00
FPDF_InitLibrary3680x100f6dc0
FPDF_InitLibraryWithConfig3690x100f6dd0
FPDF_LoadCustomDocument3700x100f71e0
FPDF_LoadDocument3710x100f6ea0
FPDF_LoadMemDocument3720x100f7140
FPDF_LoadMemDocument643730x100f7140
FPDF_LoadPage3740x100f7440
FPDF_LoadXFA3750x10006070
FPDF_MovePages3760x100e4190
FPDF_NewFormObjectFromXObject3770x100ef7e0
FPDF_NewXObjectFromPage3780x100ef610
FPDF_PageToDevice3790x100f8830
FPDF_RemoveFormFieldHighlight3800x100ed890
FPDF_RenderPage3810x100f7740
FPDF_RenderPageBitmap3820x100f8380
FPDF_RenderPageBitmapWithColorScheme_Start3830x100f1470
FPDF_RenderPageBitmapWithMatrix3840x100f84b0
FPDF_RenderPageBitmap_Start3850x100f15d0
FPDF_RenderPage_Close3860x100f1690
FPDF_RenderPage_Continue3870x100f1600
FPDF_SaveAsCopy3880x100f16b0
FPDF_SaveWithVersion3890x100f1820
FPDF_SetFormFieldHighlightAlpha3900x100ed870
FPDF_SetFormFieldHighlightColor3910x100ed7f0
FPDF_SetPrintMode3920x100f6e80
FPDF_SetSandBoxPolicy3930x100f6e70
FPDF_SetSystemFontInfo3940x100f38b0
FPDF_StructElement_Attr_GetBlobValue3950x100f3380
FPDF_StructElement_Attr_GetBooleanValue3960x100f30a0
FPDF_StructElement_Attr_GetCount3970x100f2f20
FPDF_StructElement_Attr_GetName3980x100f2f40
FPDF_StructElement_Attr_GetNumberValue3990x100f3170
FPDF_StructElement_Attr_GetStringValue4000x100f3240
FPDF_StructElement_Attr_GetType4010x100f2ff0
FPDF_StructElement_CountChildren4020x100f2eb0
FPDF_StructElement_GetActualText4030x100f2660
FPDF_StructElement_GetAltText4040x100f2580
FPDF_StructElement_GetAttributeAtIndex4050x100f28f0
FPDF_StructElement_GetAttributeCount4060x100f27a0
FPDF_StructElement_GetChildAtIndex4070x100f2ed0
FPDF_StructElement_GetID4080x100f26c0
FPDF_StructElement_GetLang4090x100f2730
FPDF_StructElement_GetMarkedContentID4100x100f2c70
FPDF_StructElement_GetMarkedContentIdAtIndex4110x100f3550
FPDF_StructElement_GetMarkedContentIdCount4120x100f3490
FPDF_StructElement_GetObjType4130x100f2db0
FPDF_StructElement_GetParent4140x100f2f00
FPDF_StructElement_GetStringAttribute4150x100f2a80
FPDF_StructElement_GetTitle4160x100f2e50
FPDF_StructElement_GetType4170x100f2d10
FPDF_StructTree_Close4180x100f24c0
FPDF_StructTree_CountChildren4190x100f24e0
FPDF_StructTree_GetChildAtIndex4200x100f2510
FPDF_StructTree_GetForPage4210x100f2450
FPDF_VIEWERREF_GetDuplex4220x100f8f80
FPDF_VIEWERREF_GetName4230x100f9030
FPDF_VIEWERREF_GetNumCopies4240x100f8e40
FPDF_VIEWERREF_GetPrintPageRange4250x100f8ea0
FPDF_VIEWERREF_GetPrintPageRangeCount4260x100f8f30
FPDF_VIEWERREF_GetPrintPageRangeElement4270x100f8f50
FPDF_VIEWERREF_GetPrintScaling4280x100f8de0
FSDK_SetLocaltimeFunction4290x100ea440
FSDK_SetTimeFunction4300x100ea430
FSDK_SetUnSpObjProcessHandler4310x100ea410
Language of compilation systemCountry where language is spokenMap
EnglishUnited States
No network behavior found

Click to jump to process

Click to jump to process

Click to jump to process

Target ID:0
Start time:17:32:58
Start date:22/12/2024
Path:C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):true
Commandline:loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll"
Imagebase:0x9b0000
File size:126'464 bytes
MD5 hash:51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:1
Start time:17:32:58
Start date:22/12/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:2
Start time:17:32:58
Start date:22/12/2024
Path:C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):true
Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Imagebase:0x240000
File size:236'544 bytes
MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:3
Start time:17:32:58
Start date:22/12/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
Imagebase:0x250000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:4
Start time:17:32:58
Start date:22/12/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Imagebase:0x250000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:5
Start time:17:33:01
Start date:22/12/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo
Imagebase:0x250000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:6
Start time:17:33:04
Start date:22/12/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction
Imagebase:0x250000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

No disassembly