Windows
Analysis Report
ffmpeg.exe
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
- System is w10x64
- ffmpeg.exe (PID: 1540 cmdline:
"C:\Users\ user\Deskt op\ffmpeg. exe" MD5: D5DB5991390CC69BAA848B1EE4400DC2) - conhost.exe (PID: 6368 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: | memstr_0a74d6b3-5 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | 11 Input Capture | 1 Security Software Discovery | Remote Services | 11 Input Capture | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 DLL Side-Loading | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431131 |
Start date and time: | 2024-04-24 16:08:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ffmpeg.exe |
Detection: | CLEAN |
Classification: | clean3.winEXE@2/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: ffmpeg.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 6.764265766205517 |
TrID: |
|
File name: | ffmpeg.exe |
File size: | 85'491'712 bytes |
MD5: | d5db5991390cc69baa848b1ee4400dc2 |
SHA1: | c5ee37a55272894be2eaf6ffb7a04221cdfd0548 |
SHA256: | 473a53126b95174d1e3b67017df5383bb13bac9c3dc59011a6274bca840e3845 |
SHA512: | a6f3c7cdfc705b54c2da7f642ffc575816e99fef9ae3a299d7e40c94d7fbf20f41efe674eec803ee3818e0bba023fc7dd3503ade31ee2115d16c19154a7d9d22 |
SSDEEP: | 1572864:PcSbTs6JjTwdcYS/aEHBt6w5Hnflkg+rkVRJsZRw+cJfagAoCFhjR:PcJ |
TLSH: | E2188E9EE2D350DCD12BD4F043AAF773BA34787D11206A7A26D99A306E22F80575EF14 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...{..f...............*..#..|...n.............@.............................p.......a....`... ............................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x1400013f0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x660FA07B [Fri Apr 5 06:55:55 2024 UTC] |
TLS Callbacks: | 0x41a72100, 0x1, 0x410fdd80, 0x1, 0x410fdd50, 0x1, 0x4146f2b0, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3dd39afad8e7fdad8409b8bac985274b |
Instruction |
---|
dec eax |
sub esp, 28h |
dec eax |
mov eax, dword ptr [04E22CE5h] |
mov dword ptr [eax], 00000000h |
call 00007FC45086AD5Fh |
nop |
nop |
dec eax |
add esp, 28h |
ret |
nop dword ptr [eax] |
dec eax |
sub esp, 28h |
call 00007FC454808BD4h |
dec eax |
cmp eax, 01h |
sbb eax, eax |
dec eax |
add esp, 28h |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
dec eax |
lea ecx, dword ptr [00000009h] |
jmp 00007FC45086AFB9h |
nop dword ptr [eax+00h] |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
dec eax |
lea eax, dword ptr [ecx+000000D0h] |
ret |
nop dword ptr [eax+eax+00000000h] |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, edx |
dec eax |
mov ecx, edx |
call 00007FC450D8D325h |
dec eax |
mov ecx, ebx |
dec eax |
add esp, 20h |
pop ebx |
jmp 00007FC4518E0D18h |
nop dword ptr [eax] |
push ebp |
push edi |
push esi |
push ebx |
dec eax |
sub esp, 48h |
dec eax |
mov eax, dword ptr [edx+000000C8h] |
dec eax |
mov ebx, ecx |
dec eax |
mov esi, edx |
dec eax |
mov ecx, dword ptr [eax+08h] |
test byte ptr [ebx+60h], 00000001h |
je 00007FC45086B10Ah |
dec eax |
mov eax, dword ptr [ebx+000000A0h] |
dec eax |
mov eax, dword ptr [eax+000000C8h] |
dec eax |
test eax, eax |
je 00007FC45086B0ACh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x6948000 | 0x1a1f | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x694a000 | 0x7004 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6954000 | 0x730 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x4f07000 | 0xeb6c8 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6955000 | 0x41254 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x4859ca0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x694b9e8 | 0x1858 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4239840 | 0x4239a00 | c1df78e07fc2927ff21d5cd1075ea596 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x423b000 | 0x12bc80 | 0x12be00 | bcb88f576cba66440670e20d51f75367 | False | 0.1502644330971238 | data | 4.841914052442998 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rodata | 0x4367000 | 0x39cc | 0x3a00 | a64f76b5697ad7b396a3eb484e6a487a | False | 0.26589439655172414 | data | 5.855705171693117 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x436b000 | 0xb9b0b0 | 0xb9b200 | 4e786d72ae3db7ce279324c7e5993225 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pdata | 0x4f07000 | 0xeb6c8 | 0xeb800 | 13cef89d5399e8ca1bb07bcb3394fb62 | False | 0.5443475484341825 | data | 7.009454804058532 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xdata | 0x4ff3000 | 0x14d0cc | 0x14d200 | 60c2926626ef4603ce92107b1f3fdf6e | False | 0.17951527321763602 | data | 5.202455756581229 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.bss | 0x5141000 | 0x1806d30 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x6948000 | 0x1a1f | 0x1c00 | 0e3244be59131367da2d90cdb62cfeba | False | 0.43289620535714285 | data | 5.7040782481794485 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.idata | 0x694a000 | 0x7004 | 0x7200 | bc960c95cfede022576dde122e0edc3f | False | 0.2748423793859649 | data | 5.0800551168373485 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0x6952000 | 0x70 | 0x200 | fecbca9ded2667d4ed6b5a35ecaeb4ca | False | 0.091796875 | data | 0.4871042392862215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x6953000 | 0x10 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6954000 | 0x730 | 0x800 | f20b15ac6e455f9f43836e6e9e67e4a1 | False | 0.1474609375 | data | 2.114214149621193 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6955000 | 0x41254 | 0x41400 | d463dc92d7625efcd530e08da6fb395c | False | 0.2149073575191571 | data | 5.485302111253753 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x6954058 | 0x1ef | XML 1.0 document, ASCII text | English | United States | 0.498989898989899 |
DLL | Import |
---|---|
ADVAPI32.dll | CryptAcquireContextW, CryptCreateHash, CryptDecrypt, CryptDestroyHash, CryptGenRandom, CryptGetHashParam, CryptGetProvParam, CryptReleaseContext, CryptSetHashParam, CryptSetProvParam, CryptSignHashA, DeregisterEventSource, GetUserNameA, InitializeSecurityDescriptor, RegCloseKey, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegisterEventSourceW, ReportEventW, SetSecurityDescriptorDacl, SystemFunction036 |
bcrypt.dll | BCryptCloseAlgorithmProvider, BCryptGenRandom, BCryptOpenAlgorithmProvider |
CRYPT32.dll | CertCloseStore, CertDeleteCertificateFromStore, CertEnumCRLsInStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertFreeCertificateContext, CertGetCertificateContextProperty, CertOpenStore, CertOpenSystemStoreW, PFXImportCertStore |
GDI32.dll | BitBlt, ChoosePixelFormat, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCW, CreateDIBSection, CreateFontIndirectW, CreateFontW, CreatePen, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteObject, DescribePixelFormat, EnumFontFamiliesW, ExtTextOutW, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetDeviceGammaRamp, GetICMProfileW, GetObjectA, GetPixelFormat, GetStockObject, GetTextExtentPoint32A, GetTextExtentPoint32W, GetTextFaceW, GetTextMetricsW, Rectangle, SelectObject, SetBkMode, SetDeviceGammaRamp, SetPixelFormat, SetTextColor, SwapBuffers |
IMM32.dll | ImmAssociateContext, ImmGetCandidateListW, ImmGetCompositionStringW, ImmGetContext, ImmGetIMEFileNameA, ImmNotifyIME, ImmReleaseContext, ImmSetCandidateWindow, ImmSetCompositionStringW, ImmSetCompositionWindow |
IPHLPAPI.DLL | GetAdaptersAddresses, if_indextoname, if_nametoindex |
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AreFileApisANSI, CancelIo, CancelIoEx, CloseHandle, CompareStringA, ConvertFiberToThread, ConvertThreadToFiberEx, CreateDirectoryW, CreateEventA, CreateEventW, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileW, CreateMutexA, CreateSemaphoreA, CreateSemaphoreW, CreateThread, DeleteCriticalSection, DeleteFiber, DeviceIoControl, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileExW, FindFirstFileW, FindNextFileW, FormatMessageA, FormatMessageW, FreeLibrary, GetACP, GetCommandLineW, GetComputerNameA, GetConsoleMode, GetConsoleScreenBufferInfo, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeThread, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFinalPathNameByHandleA, GetFullPathNameA, GetFullPathNameW, GetHandleInformation, GetLastError, GetLocaleInfoA, GetLongPathNameA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNumaHighestNodeNumber, GetNumaNodeProcessorMaskEx, GetOverlappedResult, GetProcAddress, GetProcessAffinityMask, GetProcessHeap, GetProcessTimes, GetStdHandle, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetTempPathA, GetThreadContext, GetThreadPriority, GetThreadTimes, GetTickCount, GetTimeZoneInformation, GetVersion, GetWindowsDirectoryA, GlobalAlloc, GlobalLock, GlobalMemoryStatusEx, GlobalUnlock, HeapAlloc, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSRWLock, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, K32GetProcessMemoryInfo, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, MapViewOfFile, MoveFileExA, MoveFileExW, MulDiv, MultiByteToWideChar, OpenFileMappingA, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReadConsoleA, ReadConsoleW, ReadFile, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, RtlVirtualUnwind, SetConsoleCtrlHandler, SetConsoleMode, SetConsoleTextAttribute, SetDllDirectoryA, SetEnvironmentVariableA, SetErrorMode, SetEvent, SetFilePointer, SetFilePointerEx, SetHandleInformation, SetLastError, SetProcessAffinityMask, SetSystemTime, SetThreadContext, SetThreadErrorMode, SetThreadExecutionState, SetThreadGroupAffinity, SetThreadPriority, SetUnhandledExceptionFilter, SignalObjectAndWait, Sleep, SleepConditionVariableCS, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnmapViewOfFile, UnregisterWait, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualLock, VirtualProtect, VirtualQuery, VirtualUnlock, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, __C_specific_handler, lstrcmpiW |
msvcrt.dll | ___lc_codepage_func, ___mb_cur_max_func, __argv, __getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _access, _access, _aligned_free, _aligned_malloc, _aligned_realloc, _amsg_exit, _assert, _beginthreadex, _cexit, _chmod, _close, _commode, _close, _dup, _dup2, _endthreadex, _environ, _errno, _exit, _fdopen, _filelengthi64, _fileno, _findclose, _fileno, _findfirst64, _findnext64, _fmode, _fstat64, _ftime64, _fullpath, _get_osfhandle, _getch, _getcwd, _getmaxstdio, _getpid, _gmtime64, _hypot, _i64toa, _initterm, _isatty, _isctype, _itoa, _kbhit, _localtime64, _lock, _locking, _lseeki64, _ltoa, _mbsrchr, _mkdir, _mkdir, _mktime64, _onexit, _open, _open, _open_osfhandle, _read, _rmdir, _rmdir, _nextafter, _setjmp, _setmaxstdio, _setmode, _setmode, _sopen, _stat64, _strdup, _strdup, _stricmp, _strlwr, _strnicmp, _strrev, _strtoi64, _strtoui64, _strtoui64, _strupr, _time64, _timezone, _ui64toa, _ultoa, _unlink, _unlink, _unlock, _vscprintf, _vsnprintf, _vsnwprintf, _waccess, _wassert, _wcsdup, _wcsicmp, _wcsnicmp, _wfindfirst64, _wfindnext64, _wfopen, _wfullpath, _wgetenv, _wmkdir, _wopen, _wrename, _write, _wrmdir, _wsopen, _wstat64, _wunlink, abort, acos, asin, atan, atof, atoi, bsearch, calloc, clock, cosh, div, exit, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fopen, fopen_s, fprintf, fputc, fputs, fread, free, fsetpos, fseek, ftell, fwrite, getc, getchar, getenv, getwc, isalnum, isalpha, iscntrl, isgraph, islower, isprint, ispunct, isspace, isupper, iswctype, isxdigit, localeconv, log10, longjmp, malloc, mbstowcs, memchr, memcmp, memcpy, memmove, memset, perror, printf, putc, putwc, qsort, raise, rand, realloc, rename, rewind, setlocale, setvbuf, signal, sinh, sprintf, srand, strcat, strchr, strcmp, strcoll, strcpy, strcpy_s, strcspn, strerror, strftime, strlen, strncat, strncmp, strncpy, strncpy_s, strpbrk, strrchr, strspn, strstr, strtok, strtok_s, strtol, strtoul, strxfrm, tan, tanh, tolower, toupper, towlower, towupper, ungetwc, ungetc, vfprintf, wcscat, wcscmp, wcscoll, wcscpy, wcscpy_s, wcsftime, wcslen, wcsncmp, wcsrchr, wcsstr, wcstombs, wcstombs_s, wcstoul, wcsxfrm |
ncrypt.dll | NCryptDecrypt, NCryptDeleteKey, NCryptFreeObject, NCryptGetProperty, NCryptOpenKey, NCryptOpenStorageProvider, NCryptSignHash |
ole32.dll | CLSIDFromString, CoCreateInstance, CoGetMalloc, CoInitialize, CoInitializeEx, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, CreateBindCtx, OleLoadFromStream, OleSaveToStream, PropVariantClear, StringFromGUID2 |
OLEAUT32.dll | OleCreatePropertyFrame, SysFreeString |
SETUPAPI.dll | CM_Get_Device_IDA, CM_Get_Parent, CM_Locate_DevNodeA, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsA, SetupDiGetDeviceInterfaceDetailA, SetupDiGetDeviceRegistryPropertyA |
SHELL32.dll | CommandLineToArgvW, DragAcceptFiles, DragFinish, DragQueryFileW, ExtractIconExW, SHGetFolderPathW, SHGetSpecialFolderPathA, ShellExecuteW |
SHLWAPI.dll | SHCreateStreamOnFileA |
USER32.dll | AdjustWindowRectEx, AttachThreadInput, BeginPaint, CallNextHookEx, CallWindowProcW, ChangeDisplaySettingsExW, ClientToScreen, ClipCursor, CloseClipboard, CopyIcon, CopyImage, CreateIconFromResource, CreateIconIndirect, CreateWindowExA, CreateWindowExW, DefWindowProcA, DefWindowProcW, DestroyCursor, DestroyIcon, DestroyWindow, DialogBoxIndirectParamW, DispatchMessageA, DispatchMessageW, DrawIcon, DrawTextW, EmptyClipboard, EndDialog, EndPaint, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsW, FillRect, FindWindowW, FlashWindowEx, FrameRect, GetAsyncKeyState, GetClassInfoExW, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardSequenceNumber, GetCursorInfo, GetCursorPos, GetDC, GetDesktopWindow, GetDlgItem, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyState, GetKeyboardLayout, GetKeyboardState, GetMenu, GetMessageExtraInfo, GetMessageW, GetMonitorInfoW, GetParent, GetProcessWindowStation, GetPropW, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceList, GetSystemMetrics, GetUpdateRect, GetUserObjectInformationW, GetWindowLongPtrA, GetWindowLongPtrW, GetWindowLongW, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, IntersectRect, InvalidateRect, IsClipboardFormatAvailable, IsIconic, KillTimer, LoadCursorA, LoadCursorW, LoadIconW, MapVirtualKeyW, MessageBoxA, MessageBoxW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageA, PeekMessageW, PostMessageW, PostThreadMessageW, PtInRect, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterDeviceNotificationW, RegisterRawInputDevices, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemovePropW, ScreenToClient, SendMessageA, SendMessageW, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetCursorPos, SetFocus, SetForegroundWindow, SetLayeredWindowAttributes, SetPropW, SetTimer, SetWindowLongPtrA, SetWindowLongPtrW, SetWindowLongW, SetWindowPos, SetWindowRgn, SetWindowTextW, SetWindowsHookExW, ShowWindow, SystemParametersInfoA, SystemParametersInfoW, ToUnicode, TrackMouseEvent, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, ValidateRect |
VERSION.dll | GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA |
AVICAP32.dll | capCreateCaptureWindowA, capGetDriverDescriptionA |
WINMM.dll | timeBeginPeriod, timeEndPeriod, waveInAddBuffer, waveInClose, waveInGetDevCapsW, waveInGetNumDevs, waveInOpen, waveInPrepareHeader, waveInReset, waveInStart, waveInUnprepareHeader, waveOutClose, waveOutGetDevCapsW, waveOutGetErrorTextW, waveOutGetNumDevs, waveOutOpen, waveOutPrepareHeader, waveOutReset, waveOutUnprepareHeader, waveOutWrite |
WS2_32.dll | WSACleanup, WSACloseEvent, WSACreateEvent, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAIoctl, WSARecvFrom, WSAResetEvent, WSASendTo, WSASetLastError, WSASocketA, WSAStartup, WSAStringToAddressA, WSAWaitForMultipleEvents, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, inet_ntop, inet_pton, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket |
Name | Ordinal | Address |
---|---|---|
FT_Activate_Size | 1 | 0x1412b1ac0 |
FT_Add_Default_Modules | 2 | 0x1412ba620 |
FT_Add_Module | 3 | 0x1412b66f0 |
FT_Angle_Diff | 4 | 0x1412b5e50 |
FT_Atan2 | 5 | 0x1412b5940 |
FT_Attach_File | 6 | 0x1412b61c0 |
FT_Attach_Stream | 7 | 0x1412b60d0 |
FT_Bitmap_Blend | 8 | 0x1413185a0 |
FT_Bitmap_Convert | 9 | 0x141317940 |
FT_Bitmap_Copy | 10 | 0x141317750 |
FT_Bitmap_Done | 11 | 0x141318df0 |
FT_Bitmap_Embolden | 12 | 0x141317eb0 |
FT_Bitmap_Init | 13 | 0x141317710 |
FT_Bitmap_New | 14 | 0x141317730 |
FT_CeilFix | 15 | 0x1412ae910 |
FT_Cos | 16 | 0x1412b57c0 |
FT_DivFix | 17 | 0x1412aea50 |
FT_Done_Face | 18 | 0x1412b0230 |
FT_Done_FreeType | 19 | 0x1412ba8b0 |
FT_Done_Glyph | 20 | 0x141319bf0 |
FT_Done_Library | 21 | 0x1412b21a0 |
FT_Done_MM_Var | 22 | 0x141319f60 |
FT_Done_Size | 23 | 0x1412b02f0 |
FT_Error_String | 24 | 0x1412af550 |
FT_Face_GetCharVariantIndex | 25 | 0x1412b1a50 |
FT_Face_GetCharVariantIsDefault | 26 | 0x1412b1a00 |
FT_Face_GetCharsOfVariant | 27 | 0x1412b1910 |
FT_Face_GetVariantSelectors | 28 | 0x1412b19b0 |
FT_Face_GetVariantsOfChar | 29 | 0x1412b1960 |
FT_Face_Properties | 30 | 0x1412b1270 |
FT_FloorFix | 31 | 0x1412ae920 |
FT_Get_Advance | 32 | 0x1412b7920 |
FT_Get_Advances | 33 | 0x1412b76c0 |
FT_Get_BDF_Charset_ID | 34 | 0x1413ee6a0 |
FT_Get_BDF_Property | 35 | 0x1413ee760 |
FT_Get_CMap_Format | 36 | 0x1412b17a0 |
FT_Get_CMap_Language_ID | 37 | 0x1412b1720 |
FT_Get_Char_Index | 38 | 0x1412b1110 |
FT_Get_Charmap_Index | 39 | 0x1412b10d0 |
FT_Get_Color_Glyph_ClipBox | 40 | 0x1412b2490 |
FT_Get_Color_Glyph_Layer | 41 | 0x1412b2400 |
FT_Get_Color_Glyph_Paint | 42 | 0x1412b2450 |
FT_Get_Colorline_Stops | 43 | 0x1412b2560 |
FT_Get_Default_Named_Instance | 44 | 0x14131a8b0 |
FT_Get_First_Char | 45 | 0x1412b11e0 |
FT_Get_Font_Format | 46 | 0x1412af560 |
FT_Get_Glyph | 47 | 0x1413196d0 |
FT_Get_Glyph_Name | 48 | 0x1412b13f0 |
FT_Get_Kerning | 49 | 0x1412b0df0 |
FT_Get_MM_Blend_Coordinates | 50 | 0x14131a5a0 |
FT_Get_MM_Var | 51 | 0x141319e80 |
FT_Get_MM_WeightVector | 52 | 0x14131a110 |
FT_Get_Module | 53 | 0x1412b1cd0 |
FT_Get_Multi_Master | 54 | 0x141319da0 |
FT_Get_Name_Index | 55 | 0x1412b1340 |
FT_Get_Next_Char | 56 | 0x1412b1140 |
FT_Get_PS_Font_Info | 57 | 0x1413ee7e0 |
FT_Get_PS_Font_Private | 58 | 0x1413ee8a0 |
FT_Get_PS_Font_Value | 59 | 0x1413ee910 |
FT_Get_Paint | 60 | 0x1412b2510 |
FT_Get_Paint_Layers | 61 | 0x1412b24d0 |
FT_Get_Postscript_Name | 62 | 0x1412b1500 |
FT_Get_Renderer | 63 | 0x1412b1b60 |
FT_Get_Sfnt_LangTag | 64 | 0x1412b42f0 |
FT_Get_Sfnt_Name | 65 | 0x1412b41d0 |
FT_Get_Sfnt_Name_Count | 66 | 0x1412b3fc0 |
FT_Get_Sfnt_Table | 67 | 0x1412b15a0 |
FT_Get_SubGlyph_Info | 68 | 0x1412b2370 |
FT_Get_Track_Kerning | 69 | 0x1412b0fb0 |
FT_Get_Transform | 70 | 0x1412b01e0 |
FT_Get_TrueType_Engine_Type | 71 | 0x1412b2320 |
FT_Get_Var_Axis_Flags | 72 | 0x14131a760 |
FT_Get_Var_Blend_Coordinates | 73 | 0x14131a680 |
FT_Get_Var_Design_Coordinates | 74 | 0x14131a350 |
FT_Get_X11_Font_Format | 75 | 0x1412af590 |
FT_GlyphSlot_Own_Bitmap | 76 | 0x141318d40 |
FT_Glyph_Copy | 77 | 0x1413194d0 |
FT_Glyph_Get_CBox | 78 | 0x141319840 |
FT_Glyph_Stroke | 79 | 0x14131d270 |
FT_Glyph_StrokeBorder | 80 | 0x14131d3c0 |
FT_Glyph_To_Bitmap | 81 | 0x1413198f0 |
FT_Glyph_Transform | 82 | 0x1413197e0 |
FT_Has_PS_Glyph_Names | 83 | 0x1413ee850 |
FT_Init_FreeType | 84 | 0x1412ba820 |
FT_Library_SetLcdFilter | 85 | 0x1412afc40 |
FT_Library_SetLcdFilterWeights | 86 | 0x1412afc30 |
FT_Library_SetLcdGeometry | 87 | 0x1412afc50 |
FT_Library_Version | 88 | 0x1412b2160 |
FT_List_Add | 89 | 0x1412ba460 |
FT_List_Finalize | 90 | 0x1412ba5b0 |
FT_List_Find | 91 | 0x1412ba430 |
FT_List_Insert | 92 | 0x1412ba4a0 |
FT_List_Iterate | 93 | 0x1412ba560 |
FT_List_Remove | 94 | 0x1412ba4d0 |
FT_List_Up | 95 | 0x1412ba510 |
FT_Load_Char | 96 | 0x1412b7a80 |
FT_Load_Glyph | 97 | 0x1412b6ec0 |
FT_Load_Sfnt_Table | 98 | 0x1412b1600 |
FT_Matrix_Invert | 99 | 0x1412aec00 |
FT_Matrix_Multiply | 100 | 0x1412aeac0 |
FT_MulDiv | 101 | 0x1412ae930 |
FT_MulFix | 102 | 0x1412aea30 |
FT_New_Face | 103 | 0x1412b8600 |
FT_New_Glyph | 104 | 0x1413195e0 |
FT_New_Library | 105 | 0x1412b20c0 |
FT_New_Memory_Face | 106 | 0x1412b94b0 |
FT_New_Size | 107 | 0x1412b6530 |
FT_Open_Face | 108 | 0x1412b9530 |
FT_Outline_Check | 109 | 0x1412b2a30 |
FT_Outline_Copy | 110 | 0x1412b2ab0 |
FT_Outline_Decompose | 111 | 0x1412b25a0 |
FT_Outline_Done | 112 | 0x1412b2b60 |
FT_Outline_Embolden | 113 | 0x1412b3b80 |
FT_Outline_EmboldenXY | 114 | 0x1412b3670 |
FT_Outline_GetInsideBorder | 115 | 0x14131c5a0 |
FT_Outline_GetOutsideBorder | 116 | 0x14131c5c0 |
FT_Outline_Get_Bitmap | 117 | 0x1412b32b0 |
FT_Outline_Get_CBox | 118 | 0x1412b2c20 |
FT_Outline_Get_Orientation | 119 | 0x1412b3490 |
FT_Outline_New | 120 | 0x1412b9fd0 |
FT_Outline_Render | 121 | 0x1412b3130 |
FT_Outline_Reverse | 122 | 0x1412b3080 |
FT_Outline_Transform | 123 | 0x1412b33c0 |
FT_Outline_Translate | 124 | 0x1412b3030 |
FT_Palette_Data_Get | 125 | 0x1412af430 |
FT_Palette_Select | 126 | 0x1412af4b0 |
FT_Palette_Set_Foreground_Color | 127 | 0x1412af520 |
FT_Property_Get | 128 | 0x1412b2060 |
FT_Property_Set | 129 | 0x1412b2040 |
FT_Reference_Face | 130 | 0x1412b0210 |
FT_Reference_Library | 131 | 0x1412b20a0 |
FT_Remove_Module | 132 | 0x1412b1e00 |
FT_Render_Glyph | 133 | 0x1412b6e80 |
FT_Request_Size | 134 | 0x1412b0b70 |
FT_RoundFix | 135 | 0x1412ae8f0 |
FT_Select_Charmap | 136 | 0x1412b1040 |
FT_Select_Size | 137 | 0x1412b0b00 |
FT_Set_Char_Size | 138 | 0x1412b0ca0 |
FT_Set_Charmap | 139 | 0x1412b1820 |
FT_Set_Debug_Hook | 140 | 0x1412b22f0 |
FT_Set_Default_Log_Handler | 141 | 0x14131d9a0 |
FT_Set_Default_Properties | 142 | 0x1412ba660 |
FT_Set_Log_Handler | 143 | 0x14131d990 |
FT_Set_MM_Blend_Coordinates | 144 | 0x14131a430 |
FT_Set_MM_Design_Coordinates | 145 | 0x141319f90 |
FT_Set_MM_WeightVector | 146 | 0x14131a050 |
FT_Set_Named_Instance | 147 | 0x14131a780 |
FT_Set_Pixel_Sizes | 148 | 0x1412b0d50 |
FT_Set_Renderer | 149 | 0x1412b1ba0 |
FT_Set_Transform | 150 | 0x1412b0150 |
FT_Set_Var_Blend_Coordinates | 151 | 0x14131a590 |
FT_Set_Var_Design_Coordinates | 152 | 0x14131a1f0 |
FT_Sfnt_Table_Info | 153 | 0x1412b1690 |
FT_Sin | 154 | 0x1412b5810 |
FT_Stream_OpenLZW | 155 | 0x14130a4a0 |
FT_Stroker_BeginSubPath | 156 | 0x14131c9f0 |
FT_Stroker_ConicTo | 157 | 0x14131c990 |
FT_Stroker_CubicTo | 158 | 0x14131c9c0 |
FT_Stroker_Done | 159 | 0x14131c740 |
FT_Stroker_EndSubPath | 160 | 0x14131ca50 |
FT_Stroker_Export | 161 | 0x14131ce10 |
FT_Stroker_ExportBorder | 162 | 0x14131cde0 |
FT_Stroker_GetBorderCounts | 163 | 0x14131cca0 |
FT_Stroker_GetCounts | 164 | 0x14131cd30 |
FT_Stroker_LineTo | 165 | 0x14131c820 |
FT_Stroker_New | 166 | 0x14131c5e0 |
FT_Stroker_ParseOutline | 167 | 0x14131ce60 |
FT_Stroker_Rewind | 168 | 0x14131c710 |
FT_Stroker_Set | 169 | 0x14131c6c0 |
FT_Tan | 170 | 0x1412b5860 |
FT_Trace_Set_Default_Level | 171 | 0x14131d980 |
FT_Trace_Set_Level | 172 | 0x14131d970 |
FT_Vector_From_Polar | 173 | 0x1412b5e20 |
FT_Vector_Length | 174 | 0x1412b5b90 |
FT_Vector_Polarize | 175 | 0x1412b5d10 |
FT_Vector_Rotate | 176 | 0x1412b5a00 |
FT_Vector_Transform | 177 | 0x1412b3320 |
FT_Vector_Unit | 178 | 0x1412b59c0 |
TT_New_Context | 179 | 0x1412c8fd0 |
TT_RunIns | 180 | 0x1412c5f10 |
gme_ay_type | 181 | 0x144a5afa0 |
gme_clear_playlist | 182 | 0x141694ab0 |
gme_delete | 183 | 0x141694750 |
gme_enable_accuracy | 184 | 0x141694a80 |
gme_equalizer | 185 | 0x141694b50 |
gme_free_info | 186 | 0x141694940 |
gme_gbs_type | 187 | 0x144a5b138 |
gme_gym_type | 188 | 0x144a5b2b0 |
gme_hes_type | 189 | 0x144a5b4e0 |
gme_identify_extension | 190 | 0x1416941e0 |
gme_identify_file | 191 | 0x141694b90 |
gme_identify_header | 192 | 0x1416940e0 |
gme_ignore_silence | 193 | 0x141694a40 |
gme_kss_type | 194 | 0x144a5b658 |
gme_load_custom | 195 | 0x141694720 |
gme_load_data | 196 | 0x141694dc0 |
gme_load_file | 197 | 0x141694710 |
gme_multi_channel | 198 | 0x141694ad0 |
gme_mute_voice | 199 | 0x141694a60 |
gme_mute_voices | 200 | 0x141694a70 |
gme_new_emu | 201 | 0x141694460 |
gme_new_emu_multi_channel | 202 | 0x1416945b0 |
gme_nsf_type | 203 | 0x144a5bae8 |
gme_nsfe_type | 204 | 0x144a5bc00 |
gme_open_data | 205 | 0x141694e10 |
gme_open_file | 206 | 0x141694c60 |
gme_play | 207 | 0x1416949c0 |
gme_sap_type | 208 | 0x144a5bd90 |
gme_seek | 209 | 0x141694a10 |
gme_seek_samples | 210 | 0x141694a20 |
gme_set_autoload_playback_limit | 211 | 0x1416942d0 |
gme_set_equalizer | 212 | 0x141694af0 |
gme_set_fade | 213 | 0x1416949d0 |
gme_set_stereo_depth | 214 | 0x141694960 |
gme_set_tempo | 215 | 0x141694a50 |
gme_set_user_cleanup | 216 | 0x1416949a0 |
gme_set_user_data | 217 | 0x141694990 |
gme_spc_type | 218 | 0x144a5bf60 |
gme_start_track | 219 | 0x1416949b0 |
gme_tell | 220 | 0x1416949f0 |
gme_tell_samples | 221 | 0x141694a00 |
gme_track_count | 222 | 0x141694790 |
gme_track_ended | 223 | 0x1416949e0 |
gme_track_info | 224 | 0x1416947a0 |
gme_type | 225 | 0x141694770 |
gme_type_extension | 226 | 0x1416942b0 |
gme_type_list | 227 | 0x141693fd0 |
gme_type_multitrack | 228 | 0x141694ac0 |
gme_type_system | 229 | 0x141694b80 |
gme_user_data | 230 | 0x141694980 |
gme_vgm_type | 231 | 0x144a5c230 |
gme_vgz_type | 232 | 0x144a5c1e0 |
gme_voice_count | 233 | 0x141694a30 |
gme_voice_name | 234 | 0x141694b70 |
gme_warning | 235 | 0x141694780 |
gme_wrong_file_type | 236 | 0x144a5adf0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 16:09:24.225728989 CEST | 1.1.1.1 | 192.168.2.6 | 0x6577 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 16:09:24.225728989 CEST | 1.1.1.1 | 192.168.2.6 | 0x6577 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 16:09:13 |
Start date: | 24/04/2024 |
Path: | C:\Users\user\Desktop\ffmpeg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff67bb00000 |
File size: | 85'491'712 bytes |
MD5 hash: | D5DB5991390CC69BAA848B1EE4400DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 16:09:13 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |