Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iepdf32.dll

Overview

General Information

Sample name:iepdf32.dll
Analysis ID:1579543
MD5:2ae9f27410e7f9ed6dd4fcf511ef4fc7
SHA1:f8a0771d8a729e22ff228353001fef92c37386c2
SHA256:2e7e4647b012766db1f0fe4e626becfdff223d0eff71b9500d302b37ed939070
Tags:dllHijackLoaderIDATLoaderuser-aachum
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Switches to a custom stack to bypass stack traces
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Entry point lies outside standard sections
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

  • System is w10x64
  • loaddll32.exe (PID: 6188 cmdline: loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3548 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 716 cmdline: rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 3648 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 1948 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6308 cmdline: rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: iepdf32.dllReversingLabs: Detection: 28%
Source: iepdf32.dllVirustotal: Detection: 16%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
Source: iepdf32.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: iepdf32.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\wgfvkiJump to behavior
Source: iepdf32.dllStatic PE information: Number of sections : 11 > 10
Source: iepdf32.dllBinary or memory string: OriginalFilenamepdfium.dll. vs iepdf32.dll
Source: iepdf32.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: classification engineClassification label: mal60.evad.winDLL@12/0@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_03
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
Source: iepdf32.dllReversingLabs: Detection: 28%
Source: iepdf32.dllVirustotal: Detection: 16%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedoJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndoJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAActionJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: iepdf32.dllStatic PE information: More than 430 > 100 exports found
Source: iepdf32.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: iepdf32.dllStatic file information: File size 7314944 > 1048576
Source: iepdf32.dllStatic PE information: Raw size of FRYTYA is bigger than: 0x100000 < 0x6f9000
Source: iepdf32.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: initial sampleStatic PE information: section where entry point is pointing to: FRYTYA
Source: iepdf32.dllStatic PE information: section name: GAUXUD
Source: iepdf32.dllStatic PE information: section name: MPOQPS
Source: iepdf32.dllStatic PE information: section name: YGLGIE
Source: iepdf32.dllStatic PE information: section name: GTBYPK
Source: iepdf32.dllStatic PE information: section name: JKOIHB
Source: iepdf32.dllStatic PE information: section name: FRYTYA

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 6188 base: B50005 value: E9 8B 2F 83 76 Jump to behavior
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 6188 base: 77382F90 value: E9 7A D0 7C 89 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 3648 base: 3190005 value: E9 8B 2F 1F 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 3648 base: 77382F90 value: E9 7A D0 E0 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 716 base: 2A10005 value: E9 8B 2F 97 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 716 base: 77382F90 value: E9 7A D0 68 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1948 base: 2FD0005 value: E9 8B 2F 3B 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1948 base: 77382F90 value: E9 7A D0 C4 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6308 base: 2E60005 value: E9 8B 2F 52 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6308 base: 77382F90 value: E9 7A D0 AD 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CBF94A3
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CA65302
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CA9E3DB
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CAD422A
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C68E2C4
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C685169
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C6D24B9
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC03C04
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C734293
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CD5878C
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CC03D35
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CBFEA1F
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C6E621F
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CAAB887
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\loaddll32.exeProcess information queried: ProcessInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1Jump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
1
Masquerading
1
Credential API Hooking
1
Security Software Discovery
Remote Services1
Credential API Hooking
Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Rundll32
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager11
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
iepdf32.dll29%ReversingLabsWin32.Trojan.Generic
iepdf32.dll17%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalse
    high
    No contacted IP infos
    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1579543
    Start date and time:2024-12-22 23:34:07 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 53s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:8
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:iepdf32.dll
    Detection:MAL
    Classification:mal60.evad.winDLL@12/0@0/0
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .dll
    • Stop behavior analysis, all processes terminated
    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsp.edge.digicert.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
    • Not all processes where analyzed, report is missing behavior information
    No simulations
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    fp2e7a.wpc.phicdn.netSupport.Client.exeGet hashmaliciousScreenConnect ToolBrowse
    • 192.229.221.95
    62f928.msiGet hashmaliciousRemcosBrowse
    • 192.229.221.95
    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
    • 192.229.221.95
    P0RN-vidz.Client.exeGet hashmaliciousScreenConnect ToolBrowse
    • 192.229.221.95
    uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
    • 192.229.221.95
    f4p4BwljZt.exeGet hashmaliciousLummaCBrowse
    • 192.229.221.95
    Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
    • 192.229.221.95
    hesaphareketi-20-12-2024-pdf.exeGet hashmaliciousAgentTeslaBrowse
    • 192.229.221.95
    LbtytfWpvx.vbsGet hashmaliciousRemcosBrowse
    • 192.229.221.95
    17345937653b107659e23b9c28725ee4827d5eb205eece8b9a5c90afbbb742a9832aaefaab913.dat-decoded.dllGet hashmaliciousUnknownBrowse
    • 192.229.221.95
    No context
    No context
    No context
    No created / dropped files found
    File type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Entropy (8bit):7.994340415940149
    TrID:
    • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
    • Generic Win/DOS Executable (2004/3) 0.20%
    • DOS Executable Generic (2002/1) 0.20%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:iepdf32.dll
    File size:7'314'944 bytes
    MD5:2ae9f27410e7f9ed6dd4fcf511ef4fc7
    SHA1:f8a0771d8a729e22ff228353001fef92c37386c2
    SHA256:2e7e4647b012766db1f0fe4e626becfdff223d0eff71b9500d302b37ed939070
    SHA512:57e9caea184c28a0358dbcff27b2dd74b6a7bc8e868fdcd98fd60a2771e7e595025e3720b541088bc52a8cdd0d08270f18138fb3fce856bad53021d1e227bdaa
    SSDEEP:98304:8yyQ12Xx5I0yDQwDzfZIN7LfqWiKY69iav180x5Bk2Rf4T/dG2Y1JRgO7Pj5jfTb:xTFDiiej5xgDGJqQjRQPQ
    TLSH:1D76332516DB1AD1C467E1B40772FCFE72B22BEA83D18D9A8039B6CBE9977104C77091
    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......d.........."!......&.........v...............................................W.p...@A........................(....9...]w.d..
    Icon Hash:7ae282899bbab082
    Entrypoint:0x107fb376
    Entrypoint Section:FRYTYA
    Digitally signed:false
    Imagebase:0x10000000
    Subsystem:windows cui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF
    Time Stamp:0x64F412D0 [Sun Sep 3 05:00:00 2023 UTC]
    TLS Callbacks:0x10e1a096, 0x1023b700, 0x1023b790, 0x10107100
    CLR (.Net) Version:
    OS Version Major:5
    OS Version Minor:1
    File Version Major:5
    File Version Minor:1
    Subsystem Version Major:5
    Subsystem Version Minor:1
    Import Hash:f9615c2b57d66b6881f2a89ec212177c
    Instruction
    call 00007F3269525F62h
    push 05B84FBBh
    mov dword ptr [ebp+00h], edx
    jmp 00007F326964468Eh
    call 00007F326919548Eh
    mov dword ptr [edi], edx
    call 00007F32694C9E52h
    sbb ebp, 00000002h
    push FF111FB0h
    push 283CE28Dh
    call 00007F3269515B1Eh
    sysenter
    call 00007F326917ECFCh
    add ecx, edx
    jmp 00007F326954C227h
    adc esi, 00000005h
    mov byte ptr [ecx], dl
    jmp 00007F3269118024h
    push EB25EA3Ah
    push 17A275B9h
    mov word ptr [esi+04h], ax
    mov dword ptr [esi], edx
    call 00007F32694D9B7Fh
    sbb ebp, 00000001h
    push 921EB63Ah
    jmp 00007F32694C9912h
    jmp 00007F326953C494h
    mov dword ptr [ebp+00h], edx
    call 00007F32695252ADh
    movzx eax, byte ptr [edi]
    call 00007F32691B352Fh
    mov si, word ptr [ebp+00h]
    mov edx, DFA4C991h
    and dx, dx
    mov dx, word ptr [ebp+02h]
    push A51EA935h
    jg 00007F3269116FAFh
    jnc 00007F326917BEF2h
    and byte ptr [edi-72h], FFFFFF93h
    aad F2h
    sbb esi, dword ptr [esi]
    push eax
    aaa
    fsubrp st(3), st(0)
    movsd
    call far 3366h : 9F401663h
    jp 00007F3269175D96h
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0xe31a280x398dFRYTYA
    IMAGE_DIRECTORY_ENTRY_IMPORT0x775df80x64FRYTYA
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xe4b0000x390.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe4c0000x390.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0xdfab2c0x18FRYTYA
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xe47bf00xbcFRYTYA
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x7510000x20JKOIHB
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x26848c0x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x26a0000x1d45fc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x43f0000xd1dc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    GAUXUD0x44d0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    MPOQPS0x44e0000xa10x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    YGLGIE0x44f0000xf30x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    GTBYPK0x4500000x30048a0x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    JKOIHB0x7510000xd80x2000b529972333f175e8974657b65829bc0False0.08203125data0.3466925539007212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    FRYTYA0x7520000x6f8f300x6f900065080542eb6d4dac6dea8e81872f7629unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rsrc0xe4b0000x3900x400f2c8ad400cad2e1bd4150389b9863deaFalse0.412109375data3.0483535110067215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xe4c0000x3900x400e30ebd94258f80ba9016888e2ec5aba3False0.52734375data3.9768506644114847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_VERSION0xe4b0580x338dataEnglishUnited States0.46359223300970875
    DLLImport
    KERNEL32.dllAcquireSRWLockExclusive
    ADVAPI32.dllCryptAcquireContextW
    GDI32.dllBeginPath
    USER32.dllFillRect
    NameOrdinalAddress
    FORM_CanRedo10x100ed350
    FORM_CanUndo20x100ed320
    FORM_DoDocumentAAction30x100ed950
    FORM_DoDocumentJSAction40x100ed910
    FORM_DoDocumentOpenAction50x100ed930
    FORM_DoPageAAction60x100eda00
    FORM_ForceToKillFocus70x100ed3e0
    FORM_GetFocusedAnnot80x100ed400
    FORM_GetFocusedText90x100ed170
    FORM_GetSelectedText100x100ed1d0
    FORM_IsIndexSelected110x100edb70
    FORM_OnAfterLoadPage120x100ed8b0
    FORM_OnBeforeClosePage130x100ed8d0
    FORM_OnChar140x100ed140
    FORM_OnFocus150x100eced0
    FORM_OnKeyDown160x100ed110
    FORM_OnKeyUp170x10006070
    FORM_OnLButtonDoubleClick180x100ecff0
    FORM_OnLButtonDown190x100ecf30
    FORM_OnLButtonUp200x100ecf90
    FORM_OnMouseMove210x100ecdd0
    FORM_OnMouseWheel220x100ece60
    FORM_OnRButtonDown230x100ed050
    FORM_OnRButtonUp240x100ed0b0
    FORM_Redo250x100ed3b0
    FORM_ReplaceAndKeepSelection260x100ed230
    FORM_ReplaceSelection270x100ed290
    FORM_SelectAllText280x100ed2f0
    FORM_SetFocusedAnnot290x100ed4e0
    FORM_SetIndexSelected300x100edb40
    FORM_Undo310x100ed380
    FPDFAction_GetDest320x100e1db0
    FPDFAction_GetFilePath330x100e1e50
    FPDFAction_GetType340x100e1d40
    FPDFAction_GetURIPath350x100e1f00
    FPDFAnnot_AddInkStroke360x100dbef0
    FPDFAnnot_AppendAttachmentPoints370x100dd3d0
    FPDFAnnot_AppendObject380x100dc210
    FPDFAnnot_CountAttachmentPoints390x100dd760
    FPDFAnnot_GetAP400x100df040
    FPDFAnnot_GetAttachmentPoints410x100dd7f0
    FPDFAnnot_GetBorder420x100de160
    FPDFAnnot_GetColor430x100dcb60
    FPDFAnnot_GetFlags440x100df2a0
    FPDFAnnot_GetFocusableSubtypes450x100dfa80
    FPDFAnnot_GetFocusableSubtypesCount460x100dfa60
    FPDFAnnot_GetFontSize470x100df7b0
    FPDFAnnot_GetFormAdditionalActionJavaScript480x100df550
    FPDFAnnot_GetFormControlCount490x100dfb20
    FPDFAnnot_GetFormControlIndex500x100dfb40
    FPDFAnnot_GetFormFieldAlternateName510x100df5f0
    FPDFAnnot_GetFormFieldAtPoint520x100df420
    FPDFAnnot_GetFormFieldExportValue530x100dfb90
    FPDFAnnot_GetFormFieldFlags540x100df3d0
    FPDFAnnot_GetFormFieldName550x100df4c0
    FPDFAnnot_GetFormFieldType560x100df520
    FPDFAnnot_GetFormFieldValue570x100df650
    FPDFAnnot_GetInkListCount580x100ddc40
    FPDFAnnot_GetInkListPath590x100ddd30
    FPDFAnnot_GetLine600x100dde50
    FPDFAnnot_GetLink610x100dfad0
    FPDFAnnot_GetLinkedAnnot620x100df140
    FPDFAnnot_GetNumberValue630x100de530
    FPDFAnnot_GetObject640x100dc540
    FPDFAnnot_GetObjectCount650x100dc410
    FPDFAnnot_GetOptionCount660x100df6b0
    FPDFAnnot_GetOptionLabel670x100df6d0
    FPDFAnnot_GetRect680x100ddaa0
    FPDFAnnot_GetStringValue690x100de4b0
    FPDFAnnot_GetSubtype700x100dbc00
    FPDFAnnot_GetValueType710x100de2e0
    FPDFAnnot_GetVertices720x100ddb20
    FPDFAnnot_HasAttachmentPoints730x100dcee0
    FPDFAnnot_HasKey740x100de280
    FPDFAnnot_IsChecked750x100df810
    FPDFAnnot_IsObjectSupportedSubtype760x100dbc70
    FPDFAnnot_IsOptionSelected770x100df750
    FPDFAnnot_IsSupportedSubtype780x100db5b0
    FPDFAnnot_RemoveInkList790x100dc130
    FPDFAnnot_RemoveObject800x100dc670
    FPDFAnnot_SetAP810x100de610
    FPDFAnnot_SetAttachmentPoints820x100dcf20
    FPDFAnnot_SetBorder830x100ddf70
    FPDFAnnot_SetColor840x100dc780
    FPDFAnnot_SetFlags850x100df300
    FPDFAnnot_SetFocusableSubtypes860x100df890
    FPDFAnnot_SetRect870x100dd8a0
    FPDFAnnot_SetStringValue880x100de3a0
    FPDFAnnot_SetURI890x100dfbf0
    FPDFAnnot_UpdateObject900x100dbc90
    FPDFAttachment_GetFile910x100e1030
    FPDFAttachment_GetName920x100e0460
    FPDFAttachment_GetStringValue930x100e08d0
    FPDFAttachment_GetValueType940x100e05b0
    FPDFAttachment_HasKey950x100e04e0
    FPDFAttachment_SetFile960x100e0b70
    FPDFAttachment_SetStringValue970x100e06e0
    FPDFAvail_Create980x100e11f0
    FPDFAvail_Destroy990x100e1350
    FPDFAvail_GetDocument1000x100e13e0
    FPDFAvail_GetFirstPageNum1010x100e14c0
    FPDFAvail_IsDocAvail1020x100e1380
    FPDFAvail_IsFormAvail1030x100e1550
    FPDFAvail_IsLinearized1040x100e15b0
    FPDFAvail_IsPageAvail1050x100e14e0
    FPDFBitmap_Create1060x100f8950
    FPDFBitmap_CreateEx1070x100f89f0
    FPDFBitmap_Destroy1080x100e9440
    FPDFBitmap_FillRect1090x100f8ae0
    FPDFBitmap_GetBuffer1100x100f8bd0
    FPDFBitmap_GetFormat1110x100f8a90
    FPDFBitmap_GetHeight1120x100f2f00
    FPDFBitmap_GetStride1130x100f8c40
    FPDFBitmap_GetWidth1140x100f8c20
    FPDFBookmark_Find1150x100e1980
    FPDFBookmark_GetAction1160x100e1cd0
    FPDFBookmark_GetCount1170x100e1920
    FPDFBookmark_GetDest1180x100e1c00
    FPDFBookmark_GetFirstChild1190x100e1770
    FPDFBookmark_GetNextSibling1200x100e1800
    FPDFBookmark_GetTitle1210x100e1890
    FPDFCatalog_IsTagged1220x100e1120
    FPDFClipPath_CountPathSegments1230x100f63a0
    FPDFClipPath_CountPaths1240x100f6370
    FPDFClipPath_GetPathSegment1250x100f6420
    FPDFDOC_ExitFormFillEnvironment1260x100ecdb0
    FPDFDOC_InitFormFillEnvironment1270x100ecd60
    FPDFDest_GetDestPageIndex1280x100e1fd0
    FPDFDest_GetLocationInPage1290x100e20f0
    FPDFDest_GetView1300x100e2050
    FPDFDoc_AddAttachment1310x100dffe0
    FPDFDoc_CloseJavaScriptAction1320x100ede60
    FPDFDoc_DeleteAttachment1330x100e03b0
    FPDFDoc_GetAttachment1340x100e02b0
    FPDFDoc_GetAttachmentCount1350x100dff40
    FPDFDoc_GetJavaScriptAction1360x100edc50
    FPDFDoc_GetJavaScriptActionCount1370x100edba0
    FPDFDoc_GetPageMode1380x100ea450
    FPDFFont_Close1390x100e9440
    FPDFFont_GetAscent1400x100e97a0
    FPDFFont_GetDescent1410x100e97e0
    FPDFFont_GetFlags1420x100e9740
    FPDFFont_GetFontData1430x100e96c0
    FPDFFont_GetFontName1440x100e9640
    FPDFFont_GetGlyphPath1450x100e98c0
    FPDFFont_GetGlyphWidth1460x100e9820
    FPDFFont_GetIsEmbedded1470x100e9700
    FPDFFont_GetItalicAngle1480x100e9780
    FPDFFont_GetWeight1490x100e9760
    FPDFFormObj_CountObjects1500x100e67a0
    FPDFFormObj_GetObject1510x100e67e0
    FPDFGlyphPath_CountGlyphSegments1520x100e99e0
    FPDFGlyphPath_GetGlyphPathSegment1530x100e9a10
    FPDFImageObj_GetBitmap1540x100e3110
    FPDFImageObj_GetImageDataDecoded1550x100e3560
    FPDFImageObj_GetImageDataRaw1560x100e3680
    FPDFImageObj_GetImageFilter1570x100e3930
    FPDFImageObj_GetImageFilterCount1580x100e37a0
    FPDFImageObj_GetImageMetadata1590x100e3ab0
    FPDFImageObj_GetImagePixelSize1600x100e3d90
    FPDFImageObj_GetRenderedBitmap1610x100e32c0
    FPDFImageObj_LoadJpegFile1620x100e2cd0
    FPDFImageObj_LoadJpegFileInline1630x100e2ee0
    FPDFImageObj_SetBitmap1640x100e2fa0
    FPDFImageObj_SetMatrix1650x100e2f00
    FPDFJavaScriptAction_GetName1660x100ede90
    FPDFJavaScriptAction_GetScript1670x100edeb0
    FPDFLink_CloseWebLinks1680x100f4e70
    FPDFLink_CountQuadPoints1690x100e2730
    FPDFLink_CountRects1700x100f4c90
    FPDFLink_CountWebLinks1710x100f4b90
    FPDFLink_Enumerate1720x100e2460
    FPDFLink_GetAction1730x100e23f0
    FPDFLink_GetAnnot1740x100e2620
    FPDFLink_GetAnnotRect1750x100e26b0
    FPDFLink_GetDest1760x100e2330
    FPDFLink_GetLinkAtPoint1770x100e21a0
    FPDFLink_GetLinkZOrderAtPoint1780x100e22a0
    FPDFLink_GetQuadPoints1790x100e27b0
    FPDFLink_GetRect1800x100f4d00
    FPDFLink_GetTextRange1810x100f4df0
    FPDFLink_GetURL1820x100f4bc0
    FPDFLink_LoadWebLinks1830x100f4b50
    FPDFPageObjMark_CountParams1840x100e4a40
    FPDFPageObjMark_GetName1850x100e49b0
    FPDFPageObjMark_GetParamBlobValue1860x100e4f50
    FPDFPageObjMark_GetParamIntValue1870x100e4cf0
    FPDFPageObjMark_GetParamKey1880x100e4ad0
    FPDFPageObjMark_GetParamStringValue1890x100e4df0
    FPDFPageObjMark_GetParamValueType1900x100e4c10
    FPDFPageObjMark_RemoveParam1910x100e55d0
    FPDFPageObjMark_SetBlobParam1920x100e5490
    FPDFPageObjMark_SetIntParam1930x100e51c0
    FPDFPageObjMark_SetStringParam1940x100e5380
    FPDFPageObj_AddMark1950x100e4920
    FPDFPageObj_CountMarks1960x100e48d0
    FPDFPageObj_CreateNewPath1970x100e68a0
    FPDFPageObj_CreateNewRect1980x100e6900
    FPDFPageObj_CreateTextObj1990x100e9480
    FPDFPageObj_Destroy2000x100e48a0
    FPDFPageObj_GetBounds2010x100e6100
    FPDFPageObj_GetClipPath2020x100f6360
    FPDFPageObj_GetDashArray2030x100e6650
    FPDFPageObj_GetDashCount2040x100e6630
    FPDFPageObj_GetDashPhase2050x100e65c0
    FPDFPageObj_GetFillColor2060x100e6040
    FPDFPageObj_GetLineCap2070x100e6570
    FPDFPageObj_GetLineJoin2080x100e6520
    FPDFPageObj_GetMark2090x100e48f0
    FPDFPageObj_GetMatrix2100x100e5800
    FPDFPageObj_GetRotatedBounds2110x100e6150
    FPDFPageObj_GetStrokeColor2120x100e63f0
    FPDFPageObj_GetStrokeWidth2130x100e64f0
    FPDFPageObj_GetType2140x100d5660
    FPDFPageObj_HasTransparency2150x100e50a0
    FPDFPageObj_NewImageObj2160x100e2c30
    FPDFPageObj_NewTextObj2170x100e6d70
    FPDFPageObj_RemoveMark2180x100e4980
    FPDFPageObj_SetBlendMode2190x100e59f0
    FPDFPageObj_SetDashArray2200x100e66e0
    FPDFPageObj_SetDashPhase2210x100e65f0
    FPDFPageObj_SetFillColor2220x100e5f10
    FPDFPageObj_SetLineCap2230x100e6590
    FPDFPageObj_SetLineJoin2240x100e6540
    FPDFPageObj_SetMatrix2250x100e5900
    FPDFPageObj_SetStrokeColor2260x100e62c0
    FPDFPageObj_SetStrokeWidth2270x100e64b0
    FPDFPageObj_Transform2280x100e5770
    FPDFPageObj_TransformClipPath2290x100f62c0
    FPDFPage_CloseAnnot2300x100dbb30
    FPDFPage_CountObjects2310x100e4820
    FPDFPage_CreateAnnot2320x100db5d0
    FPDFPage_Delete2330x100e4150
    FPDFPage_Flatten2340x100ea660
    FPDFPage_FormFieldZOrderAtPoint2350x100ecce0
    FPDFPage_GenerateContent2360x100e56f0
    FPDFPage_GetAnnot2370x100db890
    FPDFPage_GetAnnotCount2380x100db7f0
    FPDFPage_GetAnnotIndex2390x100db9c0
    FPDFPage_GetArtBox2400x100f57b0
    FPDFPage_GetBleedBox2410x100f56f0
    FPDFPage_GetCropBox2420x100f5690
    FPDFPage_GetDecodedThumbnailData2430x100f4e90
    FPDFPage_GetMediaBox2440x100f5500
    FPDFPage_GetObject2450x100e4850
    FPDFPage_GetRawThumbnailData2460x100f5000
    FPDFPage_GetRotation2470x100e4490
    FPDFPage_GetThumbnailAsBitmap2480x100f50b0
    FPDFPage_GetTrimBox2490x100f5750
    FPDFPage_HasFormFieldAtPoint2500x100ecc50
    FPDFPage_HasTransparency2510x100e4880
    FPDFPage_InsertClipPath2520x100f6560
    FPDFPage_InsertObject2530x100e4670
    FPDFPage_New2540x100e4200
    FPDFPage_RemoveAnnot2550x100dbb50
    FPDFPage_RemoveObject2560x100e47b0
    FPDFPage_SetArtBox2570x100f54a0
    FPDFPage_SetBleedBox2580x100f53e0
    FPDFPage_SetCropBox2590x100f5380
    FPDFPage_SetMediaBox2600x100f52b0
    FPDFPage_SetRotation2610x100e5e10
    FPDFPage_SetTrimBox2620x100f5440
    FPDFPage_TransFormWithClip2630x100f5810
    FPDFPage_TransformAnnots2640x100e5a40
    FPDFPathSegment_GetClose2650x100e6d50
    FPDFPathSegment_GetPoint2660x100e6cf0
    FPDFPathSegment_GetType2670x100e6d30
    FPDFPath_BezierTo2680x100e6b30
    FPDFPath_Close2690x100e6be0
    FPDFPath_CountSegments2700x100e6970
    FPDFPath_GetDrawMode2710x100e6c90
    FPDFPath_GetPathSegment2720x100e69c0
    FPDFPath_LineTo2730x100e6ab0
    FPDFPath_MoveTo2740x100e6a30
    FPDFPath_SetDrawMode2750x100e6c30
    FPDFSignatureObj_GetByteRange2760x100f1ce0
    FPDFSignatureObj_GetContents2770x100f1bf0
    FPDFSignatureObj_GetDocMDPPermission2780x100f2180
    FPDFSignatureObj_GetReason2790x100f1f20
    FPDFSignatureObj_GetSubFilter2800x100f1e20
    FPDFSignatureObj_GetTime2810x100f2050
    FPDFTextObj_GetFont2820x100e95c0
    FPDFTextObj_GetFontSize2830x100e8fe0
    FPDFTextObj_GetRenderedBitmap2840x100e90a0
    FPDFTextObj_GetText2850x100e9020
    FPDFTextObj_GetTextRenderMode2860x100e9540
    FPDFTextObj_SetTextRenderMode2870x100e9580
    FPDFText_ClosePage2880x100f3fb0
    FPDFText_CountChars2890x100f3fd0
    FPDFText_CountRects2900x100f4840
    FPDFText_FindClose2910x100f4b30
    FPDFText_FindNext2920x100f4ab0
    FPDFText_FindPrev2930x100f4ad0
    FPDFText_FindStart2940x100f49f0
    FPDFText_GetBoundedText2950x100f48f0
    FPDFText_GetCharAngle2960x100f4490
    FPDFText_GetCharBox2970x100f4510
    FPDFText_GetCharIndexAtPos2980x100f46d0
    FPDFText_GetCharIndexFromTextIndex2990x100f18b0
    FPDFText_GetCharOrigin3000x100f4680
    FPDFText_GetFillColor3010x100f42b0
    FPDFText_GetFontInfo3020x100f40f0
    FPDFText_GetFontSize3030x100f40b0
    FPDFText_GetFontWeight3040x100f41f0
    FPDFText_GetLooseCharBox3050x100f45a0
    FPDFText_GetMatrix3060x100f4610
    FPDFText_GetRect3070x100f4860
    FPDFText_GetSchCount3080x100f4b10
    FPDFText_GetSchResultIndex3090x100f4af0
    FPDFText_GetStrokeColor3100x100f43a0
    FPDFText_GetText3110x100f4740
    FPDFText_GetTextIndexFromCharIndex3120x100f18d0
    FPDFText_GetTextRenderMode3130x100f4280
    FPDFText_GetUnicode3140x100f3ff0
    FPDFText_HasUnicodeMapError3150x100f4080
    FPDFText_IsGenerated3160x100f4020
    FPDFText_IsHyphen3170x100f4050
    FPDFText_LoadFont3180x100e70e0
    FPDFText_LoadPage3190x100f3f20
    FPDFText_LoadStandardFont3200x100e8f70
    FPDFText_SetCharcodes3210x100e6ff0
    FPDFText_SetText3220x100e6e80
    FPDF_AddInstalledFont3230x100f3850
    FPDF_CloseDocument3240x100f8710
    FPDF_ClosePage3250x100f86a0
    FPDF_CloseXObject3260x100ef7c0
    FPDF_CopyViewerPreferences3270x100ef890
    FPDF_CountNamedDests3280x100f90e0
    FPDF_CreateClipPath3290x100f64b0
    FPDF_CreateNewDocument3300x100e3e70
    FPDF_DestroyClipPath3310x100f6540
    FPDF_DestroyLibrary3320x100f6e40
    FPDF_DeviceToPage3330x100f8750
    FPDF_DocumentHasValidCrossReferenceTable3340x100f72c0
    FPDF_FFLDraw3350x100ed5c0
    FPDF_FreeDefaultSystemFontInfo3360x10005860
    FPDF_GetDefaultSystemFontInfo3370x100f3980
    FPDF_GetDefaultTTFMap3380x100f3910
    FPDF_GetDocPermissions3390x100f72e0
    FPDF_GetDocUserPermissions3400x100f7310
    FPDF_GetFileIdentifier3410x100e2990
    FPDF_GetFileVersion3420x100f7280
    FPDF_GetFormType3430x100f7000
    FPDF_GetLastError3440x100f8740
    FPDF_GetMetaText3450x100e2ae0
    FPDF_GetNamedDest3460x100f9290
    FPDF_GetNamedDestByName3470x100f91f0
    FPDF_GetPageAAction3480x100e2860
    FPDF_GetPageBoundingBox3490x100f76e0
    FPDF_GetPageCount3500x100f73f0
    FPDF_GetPageHeight3510x100f7690
    FPDF_GetPageHeightF3520x100f7650
    FPDF_GetPageLabel3530x100e2b90
    FPDF_GetPageSizeByIndex3540x100f8d60
    FPDF_GetPageSizeByIndexF3550x100f8c60
    FPDF_GetPageWidth3560x100f7600
    FPDF_GetPageWidthF3570x100f75c0
    FPDF_GetSecurityHandlerRevision3580x100f7340
    FPDF_GetSignatureCount3590x100f18f0
    FPDF_GetSignatureObject3600x100f1b40
    FPDF_GetTrailerEnds3610x100f9d50
    FPDF_GetXFAPacketContent3620x100f9c80
    FPDF_GetXFAPacketCount3630x100f9720
    FPDF_GetXFAPacketName3640x100f9be0
    FPDF_ImportNPagesToOne3650x100ee7f0
    FPDF_ImportPages3660x100ee5d0
    FPDF_ImportPagesByIndex3670x100edf00
    FPDF_InitLibrary3680x100f6dc0
    FPDF_InitLibraryWithConfig3690x100f6dd0
    FPDF_LoadCustomDocument3700x100f71e0
    FPDF_LoadDocument3710x100f6ea0
    FPDF_LoadMemDocument3720x100f7140
    FPDF_LoadMemDocument643730x100f7140
    FPDF_LoadPage3740x100f7440
    FPDF_LoadXFA3750x10006070
    FPDF_MovePages3760x100e4190
    FPDF_NewFormObjectFromXObject3770x100ef7e0
    FPDF_NewXObjectFromPage3780x100ef610
    FPDF_PageToDevice3790x100f8830
    FPDF_RemoveFormFieldHighlight3800x100ed890
    FPDF_RenderPage3810x100f7740
    FPDF_RenderPageBitmap3820x100f8380
    FPDF_RenderPageBitmapWithColorScheme_Start3830x100f1470
    FPDF_RenderPageBitmapWithMatrix3840x100f84b0
    FPDF_RenderPageBitmap_Start3850x100f15d0
    FPDF_RenderPage_Close3860x100f1690
    FPDF_RenderPage_Continue3870x100f1600
    FPDF_SaveAsCopy3880x100f16b0
    FPDF_SaveWithVersion3890x100f1820
    FPDF_SetFormFieldHighlightAlpha3900x100ed870
    FPDF_SetFormFieldHighlightColor3910x100ed7f0
    FPDF_SetPrintMode3920x100f6e80
    FPDF_SetSandBoxPolicy3930x100f6e70
    FPDF_SetSystemFontInfo3940x100f38b0
    FPDF_StructElement_Attr_GetBlobValue3950x100f3380
    FPDF_StructElement_Attr_GetBooleanValue3960x100f30a0
    FPDF_StructElement_Attr_GetCount3970x100f2f20
    FPDF_StructElement_Attr_GetName3980x100f2f40
    FPDF_StructElement_Attr_GetNumberValue3990x100f3170
    FPDF_StructElement_Attr_GetStringValue4000x100f3240
    FPDF_StructElement_Attr_GetType4010x100f2ff0
    FPDF_StructElement_CountChildren4020x100f2eb0
    FPDF_StructElement_GetActualText4030x100f2660
    FPDF_StructElement_GetAltText4040x100f2580
    FPDF_StructElement_GetAttributeAtIndex4050x100f28f0
    FPDF_StructElement_GetAttributeCount4060x100f27a0
    FPDF_StructElement_GetChildAtIndex4070x100f2ed0
    FPDF_StructElement_GetID4080x100f26c0
    FPDF_StructElement_GetLang4090x100f2730
    FPDF_StructElement_GetMarkedContentID4100x100f2c70
    FPDF_StructElement_GetMarkedContentIdAtIndex4110x100f3550
    FPDF_StructElement_GetMarkedContentIdCount4120x100f3490
    FPDF_StructElement_GetObjType4130x100f2db0
    FPDF_StructElement_GetParent4140x100f2f00
    FPDF_StructElement_GetStringAttribute4150x100f2a80
    FPDF_StructElement_GetTitle4160x100f2e50
    FPDF_StructElement_GetType4170x100f2d10
    FPDF_StructTree_Close4180x100f24c0
    FPDF_StructTree_CountChildren4190x100f24e0
    FPDF_StructTree_GetChildAtIndex4200x100f2510
    FPDF_StructTree_GetForPage4210x100f2450
    FPDF_VIEWERREF_GetDuplex4220x100f8f80
    FPDF_VIEWERREF_GetName4230x100f9030
    FPDF_VIEWERREF_GetNumCopies4240x100f8e40
    FPDF_VIEWERREF_GetPrintPageRange4250x100f8ea0
    FPDF_VIEWERREF_GetPrintPageRangeCount4260x100f8f30
    FPDF_VIEWERREF_GetPrintPageRangeElement4270x100f8f50
    FPDF_VIEWERREF_GetPrintScaling4280x100f8de0
    FSDK_SetLocaltimeFunction4290x100ea440
    FSDK_SetTimeFunction4300x100ea430
    FSDK_SetUnSpObjProcessHandler4310x100ea410
    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States
    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 22, 2024 23:35:13.931003094 CET1.1.1.1192.168.2.60x819aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Dec 22, 2024 23:35:13.931003094 CET1.1.1.1192.168.2.60x819aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

    Click to jump to process

    Click to jump to process

    Click to jump to process

    Target ID:0
    Start time:17:34:56
    Start date:22/12/2024
    Path:C:\Windows\System32\loaddll32.exe
    Wow64 process (32bit):true
    Commandline:loaddll32.exe "C:\Users\user\Desktop\iepdf32.dll"
    Imagebase:0xb70000
    File size:126'464 bytes
    MD5 hash:51E6071F9CBA48E79F10C84515AAE618
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:1
    Start time:17:34:56
    Start date:22/12/2024
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff66e660000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:2
    Start time:17:34:56
    Start date:22/12/2024
    Path:C:\Windows\SysWOW64\cmd.exe
    Wow64 process (32bit):true
    Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
    Imagebase:0x1c0000
    File size:236'544 bytes
    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:3
    Start time:17:34:56
    Start date:22/12/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanRedo
    Imagebase:0xe0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:5
    Start time:17:34:56
    Start date:22/12/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe "C:\Users\user\Desktop\iepdf32.dll",#1
    Imagebase:0xe0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:6
    Start time:17:34:59
    Start date:22/12/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_CanUndo
    Imagebase:0xe0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:7
    Start time:17:35:02
    Start date:22/12/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe C:\Users\user\Desktop\iepdf32.dll,FORM_DoDocumentAAction
    Imagebase:0xe0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    No disassembly