Windows
Analysis Report
iepdf32.dll
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 6188 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\iep df32.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 4924 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3548 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\iep df32.dll", #1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 716 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\iepd f32.dll",# 1 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 3648 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_CanRedo MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 1948 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_CanUndo MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6308 cmdline:
rundll32.e xe C:\User s\user\Des ktop\iepdf 32.dll,FOR M_DoDocume ntAAction MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | 1 Credential API Hooking | 1 Security Software Discovery | Remote Services | 1 Credential API Hooking | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win32.Trojan.Generic | ||
17% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579543 |
Start date and time: | 2024-12-22 23:34:07 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | iepdf32.dll |
Detection: | MAL |
Classification: | mal60.evad.winDLL@12/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsp.edge.digicert.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | ScreenConnect Tool | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | LummaC, Stealc | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.994340415940149 |
TrID: |
|
File name: | iepdf32.dll |
File size: | 7'314'944 bytes |
MD5: | 2ae9f27410e7f9ed6dd4fcf511ef4fc7 |
SHA1: | f8a0771d8a729e22ff228353001fef92c37386c2 |
SHA256: | 2e7e4647b012766db1f0fe4e626becfdff223d0eff71b9500d302b37ed939070 |
SHA512: | 57e9caea184c28a0358dbcff27b2dd74b6a7bc8e868fdcd98fd60a2771e7e595025e3720b541088bc52a8cdd0d08270f18138fb3fce856bad53021d1e227bdaa |
SSDEEP: | 98304:8yyQ12Xx5I0yDQwDzfZIN7LfqWiKY69iav180x5Bk2Rf4T/dG2Y1JRgO7Pj5jfTb:xTFDiiej5xgDGJqQjRQPQ |
TLSH: | 1D76332516DB1AD1C467E1B40772FCFE72B22BEA83D18D9A8039B6CBE9977104C77091 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......d.........."!......&.........v...............................................W.p...@A........................(....9...]w.d.. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x107fb376 |
Entrypoint Section: | FRYTYA |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0x64F412D0 [Sun Sep 3 05:00:00 2023 UTC] |
TLS Callbacks: | 0x10e1a096, 0x1023b700, 0x1023b790, 0x10107100 |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | f9615c2b57d66b6881f2a89ec212177c |
Instruction |
---|
call 00007F3269525F62h |
push 05B84FBBh |
mov dword ptr [ebp+00h], edx |
jmp 00007F326964468Eh |
call 00007F326919548Eh |
mov dword ptr [edi], edx |
call 00007F32694C9E52h |
sbb ebp, 00000002h |
push FF111FB0h |
push 283CE28Dh |
call 00007F3269515B1Eh |
sysenter |
call 00007F326917ECFCh |
add ecx, edx |
jmp 00007F326954C227h |
adc esi, 00000005h |
mov byte ptr [ecx], dl |
jmp 00007F3269118024h |
push EB25EA3Ah |
push 17A275B9h |
mov word ptr [esi+04h], ax |
mov dword ptr [esi], edx |
call 00007F32694D9B7Fh |
sbb ebp, 00000001h |
push 921EB63Ah |
jmp 00007F32694C9912h |
jmp 00007F326953C494h |
mov dword ptr [ebp+00h], edx |
call 00007F32695252ADh |
movzx eax, byte ptr [edi] |
call 00007F32691B352Fh |
mov si, word ptr [ebp+00h] |
mov edx, DFA4C991h |
and dx, dx |
mov dx, word ptr [ebp+02h] |
push A51EA935h |
jg 00007F3269116FAFh |
jnc 00007F326917BEF2h |
and byte ptr [edi-72h], FFFFFF93h |
aad F2h |
sbb esi, dword ptr [esi] |
push eax |
aaa |
fsubrp st(3), st(0) |
movsd |
call far 3366h : 9F401663h |
jp 00007F3269175D96h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xe31a28 | 0x398d | FRYTYA |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x775df8 | 0x64 | FRYTYA |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe4b000 | 0x390 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe4c000 | 0x390 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xdfab2c | 0x18 | FRYTYA |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xe47bf0 | 0xbc | FRYTYA |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x751000 | 0x20 | JKOIHB |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26848c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x26a000 | 0x1d45fc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x43f000 | 0xd1dc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
GAUXUD | 0x44d000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
MPOQPS | 0x44e000 | 0xa1 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
YGLGIE | 0x44f000 | 0xf3 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
GTBYPK | 0x450000 | 0x30048a | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
JKOIHB | 0x751000 | 0xd8 | 0x200 | 0b529972333f175e8974657b65829bc0 | False | 0.08203125 | data | 0.3466925539007212 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
FRYTYA | 0x752000 | 0x6f8f30 | 0x6f9000 | 65080542eb6d4dac6dea8e81872f7629 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe4b000 | 0x390 | 0x400 | f2c8ad400cad2e1bd4150389b9863dea | False | 0.412109375 | data | 3.0483535110067215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe4c000 | 0x390 | 0x400 | e30ebd94258f80ba9016888e2ec5aba3 | False | 0.52734375 | data | 3.9768506644114847 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe4b058 | 0x338 | data | English | United States | 0.46359223300970875 |
DLL | Import |
---|---|
KERNEL32.dll | AcquireSRWLockExclusive |
ADVAPI32.dll | CryptAcquireContextW |
GDI32.dll | BeginPath |
USER32.dll | FillRect |
Name | Ordinal | Address |
---|---|---|
FORM_CanRedo | 1 | 0x100ed350 |
FORM_CanUndo | 2 | 0x100ed320 |
FORM_DoDocumentAAction | 3 | 0x100ed950 |
FORM_DoDocumentJSAction | 4 | 0x100ed910 |
FORM_DoDocumentOpenAction | 5 | 0x100ed930 |
FORM_DoPageAAction | 6 | 0x100eda00 |
FORM_ForceToKillFocus | 7 | 0x100ed3e0 |
FORM_GetFocusedAnnot | 8 | 0x100ed400 |
FORM_GetFocusedText | 9 | 0x100ed170 |
FORM_GetSelectedText | 10 | 0x100ed1d0 |
FORM_IsIndexSelected | 11 | 0x100edb70 |
FORM_OnAfterLoadPage | 12 | 0x100ed8b0 |
FORM_OnBeforeClosePage | 13 | 0x100ed8d0 |
FORM_OnChar | 14 | 0x100ed140 |
FORM_OnFocus | 15 | 0x100eced0 |
FORM_OnKeyDown | 16 | 0x100ed110 |
FORM_OnKeyUp | 17 | 0x10006070 |
FORM_OnLButtonDoubleClick | 18 | 0x100ecff0 |
FORM_OnLButtonDown | 19 | 0x100ecf30 |
FORM_OnLButtonUp | 20 | 0x100ecf90 |
FORM_OnMouseMove | 21 | 0x100ecdd0 |
FORM_OnMouseWheel | 22 | 0x100ece60 |
FORM_OnRButtonDown | 23 | 0x100ed050 |
FORM_OnRButtonUp | 24 | 0x100ed0b0 |
FORM_Redo | 25 | 0x100ed3b0 |
FORM_ReplaceAndKeepSelection | 26 | 0x100ed230 |
FORM_ReplaceSelection | 27 | 0x100ed290 |
FORM_SelectAllText | 28 | 0x100ed2f0 |
FORM_SetFocusedAnnot | 29 | 0x100ed4e0 |
FORM_SetIndexSelected | 30 | 0x100edb40 |
FORM_Undo | 31 | 0x100ed380 |
FPDFAction_GetDest | 32 | 0x100e1db0 |
FPDFAction_GetFilePath | 33 | 0x100e1e50 |
FPDFAction_GetType | 34 | 0x100e1d40 |
FPDFAction_GetURIPath | 35 | 0x100e1f00 |
FPDFAnnot_AddInkStroke | 36 | 0x100dbef0 |
FPDFAnnot_AppendAttachmentPoints | 37 | 0x100dd3d0 |
FPDFAnnot_AppendObject | 38 | 0x100dc210 |
FPDFAnnot_CountAttachmentPoints | 39 | 0x100dd760 |
FPDFAnnot_GetAP | 40 | 0x100df040 |
FPDFAnnot_GetAttachmentPoints | 41 | 0x100dd7f0 |
FPDFAnnot_GetBorder | 42 | 0x100de160 |
FPDFAnnot_GetColor | 43 | 0x100dcb60 |
FPDFAnnot_GetFlags | 44 | 0x100df2a0 |
FPDFAnnot_GetFocusableSubtypes | 45 | 0x100dfa80 |
FPDFAnnot_GetFocusableSubtypesCount | 46 | 0x100dfa60 |
FPDFAnnot_GetFontSize | 47 | 0x100df7b0 |
FPDFAnnot_GetFormAdditionalActionJavaScript | 48 | 0x100df550 |
FPDFAnnot_GetFormControlCount | 49 | 0x100dfb20 |
FPDFAnnot_GetFormControlIndex | 50 | 0x100dfb40 |
FPDFAnnot_GetFormFieldAlternateName | 51 | 0x100df5f0 |
FPDFAnnot_GetFormFieldAtPoint | 52 | 0x100df420 |
FPDFAnnot_GetFormFieldExportValue | 53 | 0x100dfb90 |
FPDFAnnot_GetFormFieldFlags | 54 | 0x100df3d0 |
FPDFAnnot_GetFormFieldName | 55 | 0x100df4c0 |
FPDFAnnot_GetFormFieldType | 56 | 0x100df520 |
FPDFAnnot_GetFormFieldValue | 57 | 0x100df650 |
FPDFAnnot_GetInkListCount | 58 | 0x100ddc40 |
FPDFAnnot_GetInkListPath | 59 | 0x100ddd30 |
FPDFAnnot_GetLine | 60 | 0x100dde50 |
FPDFAnnot_GetLink | 61 | 0x100dfad0 |
FPDFAnnot_GetLinkedAnnot | 62 | 0x100df140 |
FPDFAnnot_GetNumberValue | 63 | 0x100de530 |
FPDFAnnot_GetObject | 64 | 0x100dc540 |
FPDFAnnot_GetObjectCount | 65 | 0x100dc410 |
FPDFAnnot_GetOptionCount | 66 | 0x100df6b0 |
FPDFAnnot_GetOptionLabel | 67 | 0x100df6d0 |
FPDFAnnot_GetRect | 68 | 0x100ddaa0 |
FPDFAnnot_GetStringValue | 69 | 0x100de4b0 |
FPDFAnnot_GetSubtype | 70 | 0x100dbc00 |
FPDFAnnot_GetValueType | 71 | 0x100de2e0 |
FPDFAnnot_GetVertices | 72 | 0x100ddb20 |
FPDFAnnot_HasAttachmentPoints | 73 | 0x100dcee0 |
FPDFAnnot_HasKey | 74 | 0x100de280 |
FPDFAnnot_IsChecked | 75 | 0x100df810 |
FPDFAnnot_IsObjectSupportedSubtype | 76 | 0x100dbc70 |
FPDFAnnot_IsOptionSelected | 77 | 0x100df750 |
FPDFAnnot_IsSupportedSubtype | 78 | 0x100db5b0 |
FPDFAnnot_RemoveInkList | 79 | 0x100dc130 |
FPDFAnnot_RemoveObject | 80 | 0x100dc670 |
FPDFAnnot_SetAP | 81 | 0x100de610 |
FPDFAnnot_SetAttachmentPoints | 82 | 0x100dcf20 |
FPDFAnnot_SetBorder | 83 | 0x100ddf70 |
FPDFAnnot_SetColor | 84 | 0x100dc780 |
FPDFAnnot_SetFlags | 85 | 0x100df300 |
FPDFAnnot_SetFocusableSubtypes | 86 | 0x100df890 |
FPDFAnnot_SetRect | 87 | 0x100dd8a0 |
FPDFAnnot_SetStringValue | 88 | 0x100de3a0 |
FPDFAnnot_SetURI | 89 | 0x100dfbf0 |
FPDFAnnot_UpdateObject | 90 | 0x100dbc90 |
FPDFAttachment_GetFile | 91 | 0x100e1030 |
FPDFAttachment_GetName | 92 | 0x100e0460 |
FPDFAttachment_GetStringValue | 93 | 0x100e08d0 |
FPDFAttachment_GetValueType | 94 | 0x100e05b0 |
FPDFAttachment_HasKey | 95 | 0x100e04e0 |
FPDFAttachment_SetFile | 96 | 0x100e0b70 |
FPDFAttachment_SetStringValue | 97 | 0x100e06e0 |
FPDFAvail_Create | 98 | 0x100e11f0 |
FPDFAvail_Destroy | 99 | 0x100e1350 |
FPDFAvail_GetDocument | 100 | 0x100e13e0 |
FPDFAvail_GetFirstPageNum | 101 | 0x100e14c0 |
FPDFAvail_IsDocAvail | 102 | 0x100e1380 |
FPDFAvail_IsFormAvail | 103 | 0x100e1550 |
FPDFAvail_IsLinearized | 104 | 0x100e15b0 |
FPDFAvail_IsPageAvail | 105 | 0x100e14e0 |
FPDFBitmap_Create | 106 | 0x100f8950 |
FPDFBitmap_CreateEx | 107 | 0x100f89f0 |
FPDFBitmap_Destroy | 108 | 0x100e9440 |
FPDFBitmap_FillRect | 109 | 0x100f8ae0 |
FPDFBitmap_GetBuffer | 110 | 0x100f8bd0 |
FPDFBitmap_GetFormat | 111 | 0x100f8a90 |
FPDFBitmap_GetHeight | 112 | 0x100f2f00 |
FPDFBitmap_GetStride | 113 | 0x100f8c40 |
FPDFBitmap_GetWidth | 114 | 0x100f8c20 |
FPDFBookmark_Find | 115 | 0x100e1980 |
FPDFBookmark_GetAction | 116 | 0x100e1cd0 |
FPDFBookmark_GetCount | 117 | 0x100e1920 |
FPDFBookmark_GetDest | 118 | 0x100e1c00 |
FPDFBookmark_GetFirstChild | 119 | 0x100e1770 |
FPDFBookmark_GetNextSibling | 120 | 0x100e1800 |
FPDFBookmark_GetTitle | 121 | 0x100e1890 |
FPDFCatalog_IsTagged | 122 | 0x100e1120 |
FPDFClipPath_CountPathSegments | 123 | 0x100f63a0 |
FPDFClipPath_CountPaths | 124 | 0x100f6370 |
FPDFClipPath_GetPathSegment | 125 | 0x100f6420 |
FPDFDOC_ExitFormFillEnvironment | 126 | 0x100ecdb0 |
FPDFDOC_InitFormFillEnvironment | 127 | 0x100ecd60 |
FPDFDest_GetDestPageIndex | 128 | 0x100e1fd0 |
FPDFDest_GetLocationInPage | 129 | 0x100e20f0 |
FPDFDest_GetView | 130 | 0x100e2050 |
FPDFDoc_AddAttachment | 131 | 0x100dffe0 |
FPDFDoc_CloseJavaScriptAction | 132 | 0x100ede60 |
FPDFDoc_DeleteAttachment | 133 | 0x100e03b0 |
FPDFDoc_GetAttachment | 134 | 0x100e02b0 |
FPDFDoc_GetAttachmentCount | 135 | 0x100dff40 |
FPDFDoc_GetJavaScriptAction | 136 | 0x100edc50 |
FPDFDoc_GetJavaScriptActionCount | 137 | 0x100edba0 |
FPDFDoc_GetPageMode | 138 | 0x100ea450 |
FPDFFont_Close | 139 | 0x100e9440 |
FPDFFont_GetAscent | 140 | 0x100e97a0 |
FPDFFont_GetDescent | 141 | 0x100e97e0 |
FPDFFont_GetFlags | 142 | 0x100e9740 |
FPDFFont_GetFontData | 143 | 0x100e96c0 |
FPDFFont_GetFontName | 144 | 0x100e9640 |
FPDFFont_GetGlyphPath | 145 | 0x100e98c0 |
FPDFFont_GetGlyphWidth | 146 | 0x100e9820 |
FPDFFont_GetIsEmbedded | 147 | 0x100e9700 |
FPDFFont_GetItalicAngle | 148 | 0x100e9780 |
FPDFFont_GetWeight | 149 | 0x100e9760 |
FPDFFormObj_CountObjects | 150 | 0x100e67a0 |
FPDFFormObj_GetObject | 151 | 0x100e67e0 |
FPDFGlyphPath_CountGlyphSegments | 152 | 0x100e99e0 |
FPDFGlyphPath_GetGlyphPathSegment | 153 | 0x100e9a10 |
FPDFImageObj_GetBitmap | 154 | 0x100e3110 |
FPDFImageObj_GetImageDataDecoded | 155 | 0x100e3560 |
FPDFImageObj_GetImageDataRaw | 156 | 0x100e3680 |
FPDFImageObj_GetImageFilter | 157 | 0x100e3930 |
FPDFImageObj_GetImageFilterCount | 158 | 0x100e37a0 |
FPDFImageObj_GetImageMetadata | 159 | 0x100e3ab0 |
FPDFImageObj_GetImagePixelSize | 160 | 0x100e3d90 |
FPDFImageObj_GetRenderedBitmap | 161 | 0x100e32c0 |
FPDFImageObj_LoadJpegFile | 162 | 0x100e2cd0 |
FPDFImageObj_LoadJpegFileInline | 163 | 0x100e2ee0 |
FPDFImageObj_SetBitmap | 164 | 0x100e2fa0 |
FPDFImageObj_SetMatrix | 165 | 0x100e2f00 |
FPDFJavaScriptAction_GetName | 166 | 0x100ede90 |
FPDFJavaScriptAction_GetScript | 167 | 0x100edeb0 |
FPDFLink_CloseWebLinks | 168 | 0x100f4e70 |
FPDFLink_CountQuadPoints | 169 | 0x100e2730 |
FPDFLink_CountRects | 170 | 0x100f4c90 |
FPDFLink_CountWebLinks | 171 | 0x100f4b90 |
FPDFLink_Enumerate | 172 | 0x100e2460 |
FPDFLink_GetAction | 173 | 0x100e23f0 |
FPDFLink_GetAnnot | 174 | 0x100e2620 |
FPDFLink_GetAnnotRect | 175 | 0x100e26b0 |
FPDFLink_GetDest | 176 | 0x100e2330 |
FPDFLink_GetLinkAtPoint | 177 | 0x100e21a0 |
FPDFLink_GetLinkZOrderAtPoint | 178 | 0x100e22a0 |
FPDFLink_GetQuadPoints | 179 | 0x100e27b0 |
FPDFLink_GetRect | 180 | 0x100f4d00 |
FPDFLink_GetTextRange | 181 | 0x100f4df0 |
FPDFLink_GetURL | 182 | 0x100f4bc0 |
FPDFLink_LoadWebLinks | 183 | 0x100f4b50 |
FPDFPageObjMark_CountParams | 184 | 0x100e4a40 |
FPDFPageObjMark_GetName | 185 | 0x100e49b0 |
FPDFPageObjMark_GetParamBlobValue | 186 | 0x100e4f50 |
FPDFPageObjMark_GetParamIntValue | 187 | 0x100e4cf0 |
FPDFPageObjMark_GetParamKey | 188 | 0x100e4ad0 |
FPDFPageObjMark_GetParamStringValue | 189 | 0x100e4df0 |
FPDFPageObjMark_GetParamValueType | 190 | 0x100e4c10 |
FPDFPageObjMark_RemoveParam | 191 | 0x100e55d0 |
FPDFPageObjMark_SetBlobParam | 192 | 0x100e5490 |
FPDFPageObjMark_SetIntParam | 193 | 0x100e51c0 |
FPDFPageObjMark_SetStringParam | 194 | 0x100e5380 |
FPDFPageObj_AddMark | 195 | 0x100e4920 |
FPDFPageObj_CountMarks | 196 | 0x100e48d0 |
FPDFPageObj_CreateNewPath | 197 | 0x100e68a0 |
FPDFPageObj_CreateNewRect | 198 | 0x100e6900 |
FPDFPageObj_CreateTextObj | 199 | 0x100e9480 |
FPDFPageObj_Destroy | 200 | 0x100e48a0 |
FPDFPageObj_GetBounds | 201 | 0x100e6100 |
FPDFPageObj_GetClipPath | 202 | 0x100f6360 |
FPDFPageObj_GetDashArray | 203 | 0x100e6650 |
FPDFPageObj_GetDashCount | 204 | 0x100e6630 |
FPDFPageObj_GetDashPhase | 205 | 0x100e65c0 |
FPDFPageObj_GetFillColor | 206 | 0x100e6040 |
FPDFPageObj_GetLineCap | 207 | 0x100e6570 |
FPDFPageObj_GetLineJoin | 208 | 0x100e6520 |
FPDFPageObj_GetMark | 209 | 0x100e48f0 |
FPDFPageObj_GetMatrix | 210 | 0x100e5800 |
FPDFPageObj_GetRotatedBounds | 211 | 0x100e6150 |
FPDFPageObj_GetStrokeColor | 212 | 0x100e63f0 |
FPDFPageObj_GetStrokeWidth | 213 | 0x100e64f0 |
FPDFPageObj_GetType | 214 | 0x100d5660 |
FPDFPageObj_HasTransparency | 215 | 0x100e50a0 |
FPDFPageObj_NewImageObj | 216 | 0x100e2c30 |
FPDFPageObj_NewTextObj | 217 | 0x100e6d70 |
FPDFPageObj_RemoveMark | 218 | 0x100e4980 |
FPDFPageObj_SetBlendMode | 219 | 0x100e59f0 |
FPDFPageObj_SetDashArray | 220 | 0x100e66e0 |
FPDFPageObj_SetDashPhase | 221 | 0x100e65f0 |
FPDFPageObj_SetFillColor | 222 | 0x100e5f10 |
FPDFPageObj_SetLineCap | 223 | 0x100e6590 |
FPDFPageObj_SetLineJoin | 224 | 0x100e6540 |
FPDFPageObj_SetMatrix | 225 | 0x100e5900 |
FPDFPageObj_SetStrokeColor | 226 | 0x100e62c0 |
FPDFPageObj_SetStrokeWidth | 227 | 0x100e64b0 |
FPDFPageObj_Transform | 228 | 0x100e5770 |
FPDFPageObj_TransformClipPath | 229 | 0x100f62c0 |
FPDFPage_CloseAnnot | 230 | 0x100dbb30 |
FPDFPage_CountObjects | 231 | 0x100e4820 |
FPDFPage_CreateAnnot | 232 | 0x100db5d0 |
FPDFPage_Delete | 233 | 0x100e4150 |
FPDFPage_Flatten | 234 | 0x100ea660 |
FPDFPage_FormFieldZOrderAtPoint | 235 | 0x100ecce0 |
FPDFPage_GenerateContent | 236 | 0x100e56f0 |
FPDFPage_GetAnnot | 237 | 0x100db890 |
FPDFPage_GetAnnotCount | 238 | 0x100db7f0 |
FPDFPage_GetAnnotIndex | 239 | 0x100db9c0 |
FPDFPage_GetArtBox | 240 | 0x100f57b0 |
FPDFPage_GetBleedBox | 241 | 0x100f56f0 |
FPDFPage_GetCropBox | 242 | 0x100f5690 |
FPDFPage_GetDecodedThumbnailData | 243 | 0x100f4e90 |
FPDFPage_GetMediaBox | 244 | 0x100f5500 |
FPDFPage_GetObject | 245 | 0x100e4850 |
FPDFPage_GetRawThumbnailData | 246 | 0x100f5000 |
FPDFPage_GetRotation | 247 | 0x100e4490 |
FPDFPage_GetThumbnailAsBitmap | 248 | 0x100f50b0 |
FPDFPage_GetTrimBox | 249 | 0x100f5750 |
FPDFPage_HasFormFieldAtPoint | 250 | 0x100ecc50 |
FPDFPage_HasTransparency | 251 | 0x100e4880 |
FPDFPage_InsertClipPath | 252 | 0x100f6560 |
FPDFPage_InsertObject | 253 | 0x100e4670 |
FPDFPage_New | 254 | 0x100e4200 |
FPDFPage_RemoveAnnot | 255 | 0x100dbb50 |
FPDFPage_RemoveObject | 256 | 0x100e47b0 |
FPDFPage_SetArtBox | 257 | 0x100f54a0 |
FPDFPage_SetBleedBox | 258 | 0x100f53e0 |
FPDFPage_SetCropBox | 259 | 0x100f5380 |
FPDFPage_SetMediaBox | 260 | 0x100f52b0 |
FPDFPage_SetRotation | 261 | 0x100e5e10 |
FPDFPage_SetTrimBox | 262 | 0x100f5440 |
FPDFPage_TransFormWithClip | 263 | 0x100f5810 |
FPDFPage_TransformAnnots | 264 | 0x100e5a40 |
FPDFPathSegment_GetClose | 265 | 0x100e6d50 |
FPDFPathSegment_GetPoint | 266 | 0x100e6cf0 |
FPDFPathSegment_GetType | 267 | 0x100e6d30 |
FPDFPath_BezierTo | 268 | 0x100e6b30 |
FPDFPath_Close | 269 | 0x100e6be0 |
FPDFPath_CountSegments | 270 | 0x100e6970 |
FPDFPath_GetDrawMode | 271 | 0x100e6c90 |
FPDFPath_GetPathSegment | 272 | 0x100e69c0 |
FPDFPath_LineTo | 273 | 0x100e6ab0 |
FPDFPath_MoveTo | 274 | 0x100e6a30 |
FPDFPath_SetDrawMode | 275 | 0x100e6c30 |
FPDFSignatureObj_GetByteRange | 276 | 0x100f1ce0 |
FPDFSignatureObj_GetContents | 277 | 0x100f1bf0 |
FPDFSignatureObj_GetDocMDPPermission | 278 | 0x100f2180 |
FPDFSignatureObj_GetReason | 279 | 0x100f1f20 |
FPDFSignatureObj_GetSubFilter | 280 | 0x100f1e20 |
FPDFSignatureObj_GetTime | 281 | 0x100f2050 |
FPDFTextObj_GetFont | 282 | 0x100e95c0 |
FPDFTextObj_GetFontSize | 283 | 0x100e8fe0 |
FPDFTextObj_GetRenderedBitmap | 284 | 0x100e90a0 |
FPDFTextObj_GetText | 285 | 0x100e9020 |
FPDFTextObj_GetTextRenderMode | 286 | 0x100e9540 |
FPDFTextObj_SetTextRenderMode | 287 | 0x100e9580 |
FPDFText_ClosePage | 288 | 0x100f3fb0 |
FPDFText_CountChars | 289 | 0x100f3fd0 |
FPDFText_CountRects | 290 | 0x100f4840 |
FPDFText_FindClose | 291 | 0x100f4b30 |
FPDFText_FindNext | 292 | 0x100f4ab0 |
FPDFText_FindPrev | 293 | 0x100f4ad0 |
FPDFText_FindStart | 294 | 0x100f49f0 |
FPDFText_GetBoundedText | 295 | 0x100f48f0 |
FPDFText_GetCharAngle | 296 | 0x100f4490 |
FPDFText_GetCharBox | 297 | 0x100f4510 |
FPDFText_GetCharIndexAtPos | 298 | 0x100f46d0 |
FPDFText_GetCharIndexFromTextIndex | 299 | 0x100f18b0 |
FPDFText_GetCharOrigin | 300 | 0x100f4680 |
FPDFText_GetFillColor | 301 | 0x100f42b0 |
FPDFText_GetFontInfo | 302 | 0x100f40f0 |
FPDFText_GetFontSize | 303 | 0x100f40b0 |
FPDFText_GetFontWeight | 304 | 0x100f41f0 |
FPDFText_GetLooseCharBox | 305 | 0x100f45a0 |
FPDFText_GetMatrix | 306 | 0x100f4610 |
FPDFText_GetRect | 307 | 0x100f4860 |
FPDFText_GetSchCount | 308 | 0x100f4b10 |
FPDFText_GetSchResultIndex | 309 | 0x100f4af0 |
FPDFText_GetStrokeColor | 310 | 0x100f43a0 |
FPDFText_GetText | 311 | 0x100f4740 |
FPDFText_GetTextIndexFromCharIndex | 312 | 0x100f18d0 |
FPDFText_GetTextRenderMode | 313 | 0x100f4280 |
FPDFText_GetUnicode | 314 | 0x100f3ff0 |
FPDFText_HasUnicodeMapError | 315 | 0x100f4080 |
FPDFText_IsGenerated | 316 | 0x100f4020 |
FPDFText_IsHyphen | 317 | 0x100f4050 |
FPDFText_LoadFont | 318 | 0x100e70e0 |
FPDFText_LoadPage | 319 | 0x100f3f20 |
FPDFText_LoadStandardFont | 320 | 0x100e8f70 |
FPDFText_SetCharcodes | 321 | 0x100e6ff0 |
FPDFText_SetText | 322 | 0x100e6e80 |
FPDF_AddInstalledFont | 323 | 0x100f3850 |
FPDF_CloseDocument | 324 | 0x100f8710 |
FPDF_ClosePage | 325 | 0x100f86a0 |
FPDF_CloseXObject | 326 | 0x100ef7c0 |
FPDF_CopyViewerPreferences | 327 | 0x100ef890 |
FPDF_CountNamedDests | 328 | 0x100f90e0 |
FPDF_CreateClipPath | 329 | 0x100f64b0 |
FPDF_CreateNewDocument | 330 | 0x100e3e70 |
FPDF_DestroyClipPath | 331 | 0x100f6540 |
FPDF_DestroyLibrary | 332 | 0x100f6e40 |
FPDF_DeviceToPage | 333 | 0x100f8750 |
FPDF_DocumentHasValidCrossReferenceTable | 334 | 0x100f72c0 |
FPDF_FFLDraw | 335 | 0x100ed5c0 |
FPDF_FreeDefaultSystemFontInfo | 336 | 0x10005860 |
FPDF_GetDefaultSystemFontInfo | 337 | 0x100f3980 |
FPDF_GetDefaultTTFMap | 338 | 0x100f3910 |
FPDF_GetDocPermissions | 339 | 0x100f72e0 |
FPDF_GetDocUserPermissions | 340 | 0x100f7310 |
FPDF_GetFileIdentifier | 341 | 0x100e2990 |
FPDF_GetFileVersion | 342 | 0x100f7280 |
FPDF_GetFormType | 343 | 0x100f7000 |
FPDF_GetLastError | 344 | 0x100f8740 |
FPDF_GetMetaText | 345 | 0x100e2ae0 |
FPDF_GetNamedDest | 346 | 0x100f9290 |
FPDF_GetNamedDestByName | 347 | 0x100f91f0 |
FPDF_GetPageAAction | 348 | 0x100e2860 |
FPDF_GetPageBoundingBox | 349 | 0x100f76e0 |
FPDF_GetPageCount | 350 | 0x100f73f0 |
FPDF_GetPageHeight | 351 | 0x100f7690 |
FPDF_GetPageHeightF | 352 | 0x100f7650 |
FPDF_GetPageLabel | 353 | 0x100e2b90 |
FPDF_GetPageSizeByIndex | 354 | 0x100f8d60 |
FPDF_GetPageSizeByIndexF | 355 | 0x100f8c60 |
FPDF_GetPageWidth | 356 | 0x100f7600 |
FPDF_GetPageWidthF | 357 | 0x100f75c0 |
FPDF_GetSecurityHandlerRevision | 358 | 0x100f7340 |
FPDF_GetSignatureCount | 359 | 0x100f18f0 |
FPDF_GetSignatureObject | 360 | 0x100f1b40 |
FPDF_GetTrailerEnds | 361 | 0x100f9d50 |
FPDF_GetXFAPacketContent | 362 | 0x100f9c80 |
FPDF_GetXFAPacketCount | 363 | 0x100f9720 |
FPDF_GetXFAPacketName | 364 | 0x100f9be0 |
FPDF_ImportNPagesToOne | 365 | 0x100ee7f0 |
FPDF_ImportPages | 366 | 0x100ee5d0 |
FPDF_ImportPagesByIndex | 367 | 0x100edf00 |
FPDF_InitLibrary | 368 | 0x100f6dc0 |
FPDF_InitLibraryWithConfig | 369 | 0x100f6dd0 |
FPDF_LoadCustomDocument | 370 | 0x100f71e0 |
FPDF_LoadDocument | 371 | 0x100f6ea0 |
FPDF_LoadMemDocument | 372 | 0x100f7140 |
FPDF_LoadMemDocument64 | 373 | 0x100f7140 |
FPDF_LoadPage | 374 | 0x100f7440 |
FPDF_LoadXFA | 375 | 0x10006070 |
FPDF_MovePages | 376 | 0x100e4190 |
FPDF_NewFormObjectFromXObject | 377 | 0x100ef7e0 |
FPDF_NewXObjectFromPage | 378 | 0x100ef610 |
FPDF_PageToDevice | 379 | 0x100f8830 |
FPDF_RemoveFormFieldHighlight | 380 | 0x100ed890 |
FPDF_RenderPage | 381 | 0x100f7740 |
FPDF_RenderPageBitmap | 382 | 0x100f8380 |
FPDF_RenderPageBitmapWithColorScheme_Start | 383 | 0x100f1470 |
FPDF_RenderPageBitmapWithMatrix | 384 | 0x100f84b0 |
FPDF_RenderPageBitmap_Start | 385 | 0x100f15d0 |
FPDF_RenderPage_Close | 386 | 0x100f1690 |
FPDF_RenderPage_Continue | 387 | 0x100f1600 |
FPDF_SaveAsCopy | 388 | 0x100f16b0 |
FPDF_SaveWithVersion | 389 | 0x100f1820 |
FPDF_SetFormFieldHighlightAlpha | 390 | 0x100ed870 |
FPDF_SetFormFieldHighlightColor | 391 | 0x100ed7f0 |
FPDF_SetPrintMode | 392 | 0x100f6e80 |
FPDF_SetSandBoxPolicy | 393 | 0x100f6e70 |
FPDF_SetSystemFontInfo | 394 | 0x100f38b0 |
FPDF_StructElement_Attr_GetBlobValue | 395 | 0x100f3380 |
FPDF_StructElement_Attr_GetBooleanValue | 396 | 0x100f30a0 |
FPDF_StructElement_Attr_GetCount | 397 | 0x100f2f20 |
FPDF_StructElement_Attr_GetName | 398 | 0x100f2f40 |
FPDF_StructElement_Attr_GetNumberValue | 399 | 0x100f3170 |
FPDF_StructElement_Attr_GetStringValue | 400 | 0x100f3240 |
FPDF_StructElement_Attr_GetType | 401 | 0x100f2ff0 |
FPDF_StructElement_CountChildren | 402 | 0x100f2eb0 |
FPDF_StructElement_GetActualText | 403 | 0x100f2660 |
FPDF_StructElement_GetAltText | 404 | 0x100f2580 |
FPDF_StructElement_GetAttributeAtIndex | 405 | 0x100f28f0 |
FPDF_StructElement_GetAttributeCount | 406 | 0x100f27a0 |
FPDF_StructElement_GetChildAtIndex | 407 | 0x100f2ed0 |
FPDF_StructElement_GetID | 408 | 0x100f26c0 |
FPDF_StructElement_GetLang | 409 | 0x100f2730 |
FPDF_StructElement_GetMarkedContentID | 410 | 0x100f2c70 |
FPDF_StructElement_GetMarkedContentIdAtIndex | 411 | 0x100f3550 |
FPDF_StructElement_GetMarkedContentIdCount | 412 | 0x100f3490 |
FPDF_StructElement_GetObjType | 413 | 0x100f2db0 |
FPDF_StructElement_GetParent | 414 | 0x100f2f00 |
FPDF_StructElement_GetStringAttribute | 415 | 0x100f2a80 |
FPDF_StructElement_GetTitle | 416 | 0x100f2e50 |
FPDF_StructElement_GetType | 417 | 0x100f2d10 |
FPDF_StructTree_Close | 418 | 0x100f24c0 |
FPDF_StructTree_CountChildren | 419 | 0x100f24e0 |
FPDF_StructTree_GetChildAtIndex | 420 | 0x100f2510 |
FPDF_StructTree_GetForPage | 421 | 0x100f2450 |
FPDF_VIEWERREF_GetDuplex | 422 | 0x100f8f80 |
FPDF_VIEWERREF_GetName | 423 | 0x100f9030 |
FPDF_VIEWERREF_GetNumCopies | 424 | 0x100f8e40 |
FPDF_VIEWERREF_GetPrintPageRange | 425 | 0x100f8ea0 |
FPDF_VIEWERREF_GetPrintPageRangeCount | 426 | 0x100f8f30 |
FPDF_VIEWERREF_GetPrintPageRangeElement | 427 | 0x100f8f50 |
FPDF_VIEWERREF_GetPrintScaling | 428 | 0x100f8de0 |
FSDK_SetLocaltimeFunction | 429 | 0x100ea440 |
FSDK_SetTimeFunction | 430 | 0x100ea430 |
FSDK_SetUnSpObjProcessHandler | 431 | 0x100ea410 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 22, 2024 23:35:13.931003094 CET | 1.1.1.1 | 192.168.2.6 | 0x819a | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 22, 2024 23:35:13.931003094 CET | 1.1.1.1 | 192.168.2.6 | 0x819a | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 17:34:56 |
Start date: | 22/12/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb70000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:34:56 |
Start date: | 22/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:34:56 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:34:56 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 17:34:56 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 17:34:59 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 17:35:02 |
Start date: | 22/12/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |